search

Timshel / vaultwarden

Fork from dani-garcia/vaultwarden to add OpendID support.
GNU Affero General Public License v3.0
87 stars 12 forks source link

SSO only and Sign with device button #11

Closed rizlas closed 10 months ago

rizlas commented 10 months ago

Running vaultwarden with:

SSO_ENABLED=true
SSO_ONLY=true
SSO_MASTER_PASSWORD_POLICY='{"enforceOnLogin":false,"minComplexity":3,"minLength":12,"requireLower":false,"requireNumbers":false,"requireSpecial":false,"requireUpper":false}'

Keep asking for a master password to login. Tested with an empty instance and with an user already registered.

Another issue is that after a successful login with SSO and after a logout, a button saying "Login with device" appears just above SSO one. I haven't set up any device with 2FA or something like that.

Tested with docker image build from sso-support branch (latest commit 94402f782175c9b9a65fb361a31b73715cc0ae03).

Thank you

Just for cross reference: https://github.com/dani-garcia/vaultwarden/pull/3899

Timshel commented 10 months ago

Keep asking for a master password to login.

As mentioned in the PR :

A master password is still required and not controlled by the SSO (depending of your point of view this might be a feature ;). A key connector to remove this could be added but is not planned in this PR.

Another issue is that after a successful login with SSO and after a logout, a button saying "Login with device" appears just above SSO one. I haven't set up any device with 2FA or something like that.

This is not a feature introduced by this PR and is available in Bitwardem / VaultWarden; I have never used it.

rizlas commented 10 months ago

I thought once I enabled SSO_ONLY, the input asking for the master password would go away. I misinterpreted the comment in .env.template file.

Thank you.