Login via Helmholtz AAI not working with GitLab 13.1
With the upgrade to GitLab 13.1 the login via Helmholt AAI was failing. In order to create a useful issue in the respective projects this issue needs some further investigation.
Corresponding Sentry Error
https://vlsstack1.fz-rossendorf.de/fwcc/gitlab/issues/2320/ (with login) https://vlsstack1.fz-rossendorf.de/share/issue/5346cec47ab944818aab786f15204d38/ (HZDR internal)
Current workaround
Manually downgrading the Ruby Gem omniauth_openid_connect
from 0.3.5
to 0.3.3
in /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/omniauth_openid_connect-0.3.5/
fixes the issue temporarily.
Places to dig deeper
- https://github.com/m0n9oose/omniauth_openid_connect, especially https://github.com/m0n9oose/omniauth_openid_connect/blob/ef2942047c866993d8323115c419371d75f05a60/lib/omniauth/strategies/openid_connect.rb#L229
- https://github.com/nov/openid_connect/blob/a76c9c84458a0d8c3ec3783ec6c815c285c05d91/lib/openid_connect/response_object/id_token.rb#L70
- https://github.com/nov/json-jwt