GitLab SSO OAuth SSL Client Certificate
On servers where GitLab+Mattermost are hosted and require SSL client certificates for all connections, Mattermost fails to get a token from GitLab OAuth because its request does not include a client certificate. Please add an option within config.json to include an SSL client certificate within "GitLabSettings" for those requests. Optionally add other SSL-related configurable fields just as CA validation, etc.
Besides just OAuth authentication, this should also cover outgoing webhooks and slash commands. These also should be configurable to use a client HTTPS certificate. The referenced documentation (https://docs.mattermost.com/deployment/certificate-based-authentication.html) doesn't refer to configuring the Mattermost server to present a client certificate when initiating HTTPS connections (either to an external OAuth server such as GitLab, or to an external service responding to an outgoing webhook/slash command.)
Hey all - SSL client certificates are expected to be configured at the proxy level.
We just drafted a quick guide on how to do this. It's still in review, but if you're interested trying it out, that would be much appreciated. All feedback is welcome: https://github.com/mattermost/docs/pull/1962
Dan Huantes commented
We would love to abandon Slack in favor of Mattermost but this is preventing us from doing that.