Cloudron documentation outdated? Bitwarden now supports SSO
-
Hello!
I believe the Cloudron documentation may be outdated:
Bitwarden now supports SSO: https://bitwarden.com/help/about-sso/
Can we expect SSO to be added to Vaultwarden?
@marylou said in Cloudron documentation outdated? Bitwarden now supports SSO:
Can we expect SSO to be added to Vaultwarden?
I wonder if it could too. But I'm guessing perhaps not given SSO on Bitwarden is an enterprise-only feature.
-
I've been watching this for a while. This has been a longstanding feature request #3899 is the merged one from the seemingly hundreds of requests lol. But it does seem to be close to being finalized and merged.
-
@andreasdueren cool! I'm intrigued as to how exactly this will work in practice... will have to have a play around once we've got it in the Cloudron package...
-
https://github.com/dani-garcia/vaultwarden/pull/3899#event-19062298364
Finally merged. Didn’t believe in it anymore lol
-
Can we have this preconfigured on install, now that this is supported?
##################################### ### SSO settings (OpenID Connect) ### ##################################### ## Controls whether users can login using an OpenID Connect identity provider # SSO_ENABLED=false ## Prevent users from logging in directly without going through SSO # SSO_ONLY=false ## On SSO Signup if a user with a matching email already exists make the association # SSO_SIGNUPS_MATCH_EMAIL=true ## Allow unknown email verification status. Allowing this with `SSO_SIGNUPS_MATCH_EMAIL=true` open potential account takeover. # SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION=false ## Base URL of the OIDC server (auto-discovery is used) ## - Should not include the `/.well-known/openid-configuration` part and no trailing `/` ## - ${SSO_AUTHORITY}/.well-known/openid-configuration should return a json document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse # SSO_AUTHORITY=https://auth.example.com ## Authorization request scopes. Optional SSO scopes, override if email and profile are not enough (`openid` is implicit). # SSO_SCOPES="email profile" ## Additional authorization url parameters (ex: to obtain a `refresh_token` with Google Auth). # SSO_AUTHORIZE_EXTRA_PARAMS="access_type=offline&prompt=consent" ## Activate PKCE for the Auth Code flow. # SSO_PKCE=true ## Regex for additional trusted Id token audience (by default only the client_id is trusted). # SSO_AUDIENCE_TRUSTED='^$' ## Set your Client ID and Client Key # SSO_CLIENT_ID=11111 # SSO_CLIENT_SECRET=AAAAAAAAAAAAAAAAAAAAAAAA ## Optional Master password policy (minComplexity=[0-4]), `enforceOnLogin` is not supported at the moment. # SSO_MASTER_PASSWORD_POLICY='{"enforceOnLogin":false,"minComplexity":3,"minLength":12,"requireLower":false,"requireNumbers":false,"requireSpecial":false,"requireUpper":false}' ## Use sso only for authentication not the session lifecycle # SSO_AUTH_ONLY_NOT_SESSION=false ## Client cache for discovery endpoint. Duration in seconds (0 to disable). # SSO_CLIENT_CACHE_EXPIRATION=0 ## Log all the tokens, LOG_LEVEL=debug is required # SSO_DEBUG_TOKENS=false -
@andreasdueren thanks, I have created a task internally for @vladimir.d .
edit: er, @andreasdueren looks like this is not released yet right ? https://github.com/dani-garcia/vaultwarden/releases has no releases saying so.
-
@andreasdueren thanks, I have created a task internally for @vladimir.d .
edit: er, @andreasdueren looks like this is not released yet right ? https://github.com/dani-garcia/vaultwarden/releases has no releases saying so.
@girish said in Cloudron documentation outdated? Bitwarden now supports SSO:
looks like this is not released yet right
I guess you're right, merge happened after the last release.
