-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO login returns token missing in keyring error #2911
Comments
Hey there, There may be a small possibility of a misconfiguration of your SSO configuration as I am unable to reproduce this issue, but it has been escalated for further investigation. If you have more information that can help us, please add it below. As we use GitHub issues as a place to track bugs and other development related issues. I would also suggest reaching out to our support for additional troubleshooting here to confirm any misconfiguration in settings aren't present. Thanks! |
We were finally able to pinpoint how to recreate this issue:
It seems the user's session token is persisting when the tab is closed instead of terminating it on the bitwarden side and allowing a new session to be authenticated. There could be a setting we're missing? It appears the logout url field isnt yet supported. |
Final Update: It seems we solved the problem. We're currently utilizing two geographically distinct instances of Bitwarden Unified in Kubernetes with a SQL backend. In order to achieve a highly available setup, we had to manually replicate the /etc/bitwarden/data-protection directory to the persistent volumes at both locations. This allowed users who had accounts on one instance to login to the other instance without recreating their account. Questions we have for the BW team really are: |
Im facing the same problem. User not able to login into Bitwarden via SSO. Error :
|
Not sure what steps were taken previously, however, if you lost the keys in the directory I mentioned above, I believe we had to wipe our database to fix it. Those keys seem to be very important for users. Would like for the bitwarden team to explain what these keys are for to help understand the best way to securely store them. |
@djchateau or any BW dev/engineer types here: just wondering if you had any insight on my last comment? We have been able to replicate the keys into the directory but it would be really valuable to understand what the keys are used for specifically and what triggers the keys to be created. We've noticed that keys have been created in August and November randomly. We originally deployed this in May. |
Steps To Reproduce
Expected Result
SSO logs in user and requests master password
Actual Result
Error
There was an unexpected error during single sign-on.
The key {4991ac6e-606d-451d-ae14-72ddb5ddbc48} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning
Screenshots or Videos
No response
Additional Context
Works for most users, specific to a handful with no discernable similarities.
Users that fail SSO are still able to login with regular username/password.
Githash Version
{"version":"2023.4.3","gitHash":"8d9ca424-dirty","server":null,"environment":
Environment Details
Kubernetes deployment with BW_ENABLE_SSO set to True
Database Image
No response
Issue-Link
#2480
Issue Tracking Info
The text was updated successfully, but these errors were encountered: