Hello, I'm trying to setup SAML authentication for our GitLab CE instance (GitLab CE 10.5.6 Omnibus installation on Ubuntu 16.04.4 LTS). When I try to add the relying party trust on the ADFS-Host (ADFS 4.0 on Windows Server 2016) with `Add-AdfsRelyingPartyTrust -Name "GitLab" -MetadataUrl "https://gitlab.[redacted]/users/auth/saml/metadata"` I get the error message `Add-AdfsRelyingPartyTrust : The underlying connection was closed: An unexpected error occurred on a send.` Full Message: ``` Add-AdfsRelyingPartyTrust : The underlying connection was closed: An unexpected error occurred on a send. At line:1 char:26 + ... sion $ENUS; Add-AdfsRelyingPartyTrust -Name "GitLab" -MetadataUrl "ht ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Add-AdfsRelyingPartyTrust], WebException + FullyQualifiedErrorId : The underlying connection was closed: An unexpected error occurred on a send.,Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand PSMessageDetails : Exception : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. ---> System.Net.Sockets.SocketException: Eine vorhandene Verbindung wurde vom Remotehost geschlossen bei System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) bei System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- Ende der internen Ausnahmestapelüberwachung --- bei System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) bei System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) bei System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) bei System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) bei System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) bei System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) bei System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) bei System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) bei System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) bei System.Net.ConnectStream.WriteHeaders(Boolean async) --- Ende der internen Ausnahmestapelüberwachung --- bei System.Net.HttpWebRequest.GetResponse() bei Microsoft.IdentityServer.Protocols.WSFederation.Metadata.MetadataReaderUtilities.ReadFromMetadataUrl(Uri metadataUrl, ICollection`1 errors) bei Microsoft.IdentityServer.Management.Resources.Managers.RelyingPartyTrustManager.ApplyMetadataFromUrl(RelyingPartyTrust party, Uri metadataUrl, String& warnings) bei Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand.GetPropertiesFromMetadataUrl(RelyingPartyTrust party, String& warnings) bei Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand.AddRelyingParty() bei Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand.EndProcessingOverride() TargetObject : CategoryInfo : InvalidData: (:) [Add-AdfsRelyingPartyTrust], WebException FullyQualifiedErrorId : The underlying connection was closed: An unexpected error occurred on a send.,Microsoft.IdentityServer.Management.Commands.AddRelyingPartyTrustCommand ErrorDetails : The underlying connection was closed: An unexpected error occurred on a send. InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at <ScriptBlock>, <No file>: line 1 PipelineIterationInfo : {} ``` Because of the message _Eine vorhandene Verbindung wurde vom Remotehost geschlossen_ (the english error message is _An existing connection was forcibly closed by the remote host_) I think that something on the GitLab-Server side is wrong but I don't really have a clue where to look. I can see the incoming connection on the GitLab host with `tcpdump port 443` but nothing in `/var/log/gitlab/gitlab-rails/production.log` or `/var/log/gitlab/unicorn/unicorn_stderr.log` (which are the places I'd expect something after reading https://docs.gitlab.com/ce/administration/logs.html). *Edit:* forgot to add: I can access the metadata URL (https://gitlab.[redacted]/users/auth/saml/metadata) in a browser on the ADFS host and see the metadata xml file. What could be wrong here?