Existing users are unable to accept invitation to new organization #2224
-
Subject of the issueI created a new organization and was joined to it as an owner, however, inviting other users that exist on our server fails with an error: Deployment environment
Steps to reproduceExpected behaviourLink to join org should work Actual behaviourPresented with JWT error Troubleshooting dataServer logs: |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 2 replies
-
Please post the |
Beta Was this translation helpful? Give feedback.
-
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)Show Running ConfigEnvironment settings which are overridden: {
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_ip_header_enabled": true,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_max_conns": 10,
"database_url": "**********://***********:************************@***********.********************.*********.***.*********.***/***********",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://*****.*********.***",
"domain_origin": "*****://*****.*********.***",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 5 * * * *",
"emergency_request_timeout_schedule": "0 5 * * * *",
"enable_db_wal": true,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"invitation_org_name": "Hillman RDS",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"org_attachment_limit": null,
"org_creation_users": "",
"password_iterations": 100000,
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": true,
"signups_domains_whitelist": "************.***",
"signups_verify": true,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_explicit_tls": false,
"smtp_from": "***********@************.***",
"smtp_from_name": "Vaultwarden",
"smtp_host": "****.********.***",
"smtp_password": "***",
"smtp_port": 587,
"smtp_ssl": true,
"smtp_timeout": 15,
"smtp_username": "******",
"templates_folder": "data/templates",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
} |
Beta Was this translation helpful? Give feedback.
-
It seems to work for me. Could you check if the mail was expired? The expire time is 5 day's. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the reply. The mail had been sent moments before the link was clicked so I'm sure it wasn't expired. The only thing I could think with the rsa generated keys is that we are running two instances of the container in AWS ECS in a fault-tolerant configuration. Would it be possible that the containers have their own keys? If so is there a way to inject/store the key outside of the container? |
Beta Was this translation helpful? Give feedback.
-
Those keys are stored on the volume and if the files do not exists they are generated. So, if you store the same files for both instances it should work.
The first two could be solved with sharing that via a S3 bucket maybe, that would also solve the storage of the rsa keys. |
Beta Was this translation helpful? Give feedback.
Those keys are stored on the volume and if the files do not exists they are generated. So, if you store the same files for both instances it should work.
Though Vaultwarden isn't really HA capable. Some items will not work correctly.
The first two could be solved with sharing that via a S3 bucket maybe, that would also solve the storage of the rsa keys.