GitLab EE cannot login with OAuth2 Generic provider

Summary

Our company has a Single Sign On server which support OAuth2.0. And currently it could be working fine with some other products like Grafana, MediaWiki, etc,.

But I cannot get login in with OAuth2 Generic provider in Gitlab EE. Please check the image attached.gitlabee-loginfail

Steps to reproduce

Following is our configuration of gitlab.rb

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_providers'] = [
  {
    'name' => 'oauth2_generic',
    'app_id' => 'git',
    'app_secret' => '',
    'args' => {
      'client_options' => {
        'site' => 'http://company.com', # including port if necessary
        'user_info_url' => '/path/to/userinfo.htm',
        'authorize_url' => '/path/to/authorize.htm',
        'token_url' => '/path/to/token.htm'
      },
      'user_response_structure' => {
        'id_path' => 'sub',
        'root_path' => [],
       'attributes' => {
          'name' => 'username',
          'nickname' => 'name',
          'email' => 'email'
        }
      },
      'name' => 'OAuth', # display name for this strategy
      'strategy_class' => "OmniAuth::Strategies::OAuth2Generic" # Devise-specific config option Gitlab uses to find renamed strategy
    }
  }
]

After the configuration, I reconfigure the gitlab and restart it. There is a Button under the login form named 'OAuth'.

When I click the button, there is an error pop up.

What is the current bug behavior?

Cannot get login into the Gitlab

What is the expected correct behavior?

Should get login.

Relevant logs and/or screenshots

production.log

Started POST "/users/auth/OAuth" for 121.69.29.10 at 2017-12-06 10:14:15 +0800
Processing by Gitlab::RequestForgeryProtection::Controller#index as HTML
  Parameters: {"authenticity_token"=>"[FILTERED]"}
Completed 200 OK in 1ms (ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/users/auth/OAuth/callback?code=[FILTERED]&state=cef51d8e12029adbe1c0d3df10a4131a18b5779806539075" for 121.69.29.10 at 2017-12-06 10:14:15 +0800
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"code"=>"[FILTERED]", "state"=>"cef51d8e12029adbe1c0d3df10a4131a18b5779806539075"}
Redirected to http://gitlab.mucang.cn/users/sign_in
Completed 302 Found in 6ms (ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET "/users/sign_in" for 121.69.29.10 at 2017-12-06 10:14:15 +0800
Processing by SessionsController#new as HTML
Completed 200 OK in 706ms (Views: 582.0ms | ActiveRecord: 5.5ms | Elasticsearch: 0.0ms)

Results of GitLab environment info

System information
System:		CentOS 6.5
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	2.3.5p376
Gem Version:	2.6.13
Bundler Version:1.13.7
Rake Version:	12.1.0
Redis Version:	3.2.5
Git Version:	2.13.6
Sidekiq Version:5.0.4
Go Version:	unknown

GitLab information
Version:	10.1.4-ee
Revision:	a512054
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	postgresql
DB Version:	9.6.5
URL:		http://gitlab.mucang.cn
HTTP Clone URL:	http://gitlab.mucang.cn/some-group/some-project.git
SSH Clone URL:	git@gitlab.mucang.cn:some-group/some-project.git
Elasticsearch:	yes
Geo:		no
Using LDAP:	yes
Using Omniauth:	yes
Omniauth Providers: oauth2_generic

GitLab Shell
Version:	5.9.3
Repository storage paths:
- default: 	/data/git/git-data/repositories
Hooks:		/opt/gitlab/embedded/service/gitlab-shell/hooks
Git:		/opt/gitlab/embedded/bin/git
gitlabee-loginfail
Edited by 🤖 GitLab Bot 🤖