Troubleshooting

Fixing "Invalid state" after OIDC redirect in Redmine SSO

RRedmineShop
Troubleshooting Redmine SSO invalid state error

Symptom

User clicks Sign in with SSO, authenticates at the identity provider, then Redmine shows SSO login failed (invalid state) instead of logging in.

Cause 1: Session cookie not persisted

OIDC state is stored in the Rails session. If cookies are blocked, the session store is misconfigured, or HTTPS termination strips Secure flags, the callback cannot match state.

  • Ensure Redmine host_name matches the URL users visit
  • Behind a reverse proxy, set RAILS_RELATIVE_URL_ROOT and trusted proxy headers correctly
  • Test in a normal browser window (not embedded webviews that block third-party cookies)

Cause 2: Multiple hostnames

Users open http://redmine.internal but the OAuth redirect uses https://redmine.company.com. Sessions do not cross hostnames.

Pick one canonical URL and redirect all others. Register the same host in your IdP redirect URI.

Cause 3: Stale login tab

Starting SSO from a tab open for days can expire the session. Retry from a fresh incognito window.

Still stuck?

Community support: GitHub Issues. Optional Install Assist for production cutover help.