-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Testing SSO
docgalaxyblock edited this page Mar 10, 2024
·
4 revisions
SSO support for Vaultwarden is currently in development. The following describes a docker-compose based setup for locally testing these changes.
Warning
ONLY USE FOR TESTING SSO, SETUP IS INSECURE
- Checkout the SSO branch
- Create
docker-compose.yml
with the following contents:
services:
vaultwarden:
build: .
environment:
DOMAIN: "http://localhost:8000"
I_REALLY_WANT_VOLATILE_STORAGE: "true"
SSO_ENABLED: "true"
SSO_CLIENT_ID: "client"
SSO_CLIENT_SECRET: "clientsecret"
SSO_AUTHORITY: "http://auth.test:8080/mock"
ports:
- 127.0.0.1:8000:80
mock-oauth2:
image: ghcr.io/navikt/mock-oauth2-server:0.5.10
hostname: "auth.test"
ports:
- 127.0.0.1:8080:8080
- Add
auth.test
to your systems host file:echo "127.0.0.1 auth.test" | sudo tee -a /etc/hosts
- Build vaultwarden:
docker compose build
- Start the services:
docker compose up
- Go to http://localhost:8000/#/sso, enter any string as identifier, click "Log in".
- On the Mock Auth2 Server Sign-in-Page, enter any string for user/subject and add the email you want to test in the claims field like so:
{"email": "user@example.com"}
- If everything went according to plan, you will be asked for a master password.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration