Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloudflare SSO Broken #3757

Closed
3 of 4 tasks
ther3zz opened this issue Jul 10, 2024 · 13 comments
Closed
3 of 4 tasks

Cloudflare SSO Broken #3757

ther3zz opened this issue Jul 10, 2024 · 13 comments

Comments

@ther3zz
Copy link

ther3zz commented Jul 10, 2024
edited
Loading

Bug Report

Description

v0.3.8 breaks cloudflare sso.

Bug Summary:
[Provide a brief but clear summary of the bug]

Users unable to log in via cloudflare sso

Steps to Reproduce:
[Outline the steps to reproduce the bug. Be as detailed as possible.]
Set WEBUI_AUTH_TRUSTED_EMAIL_HEADER to Cf-Access-Authenticated-User-Email and enable cloudflare access/tunnels

Expected Behavior:
[Describe what you expected to happen.]
Automatically log in the user

Actual Behavior:
[Describe what actually happened.]

user unable to log in
image

Environment

  • Open WebUI Version: [e.g., 0.1.120] v0.3.8

  • Ollama (if applicable): [e.g., 0.1.30, 0.1.32-rc1]

  • Operating System: [e.g., Windows 10, macOS Big Sur, Ubuntu 20.04]

  • Browser (if applicable): [e.g., Chrome 100.0, Firefox 98.0]

Reproduction Details

Confirmation:

  • I have read and followed all the instructions provided in the README.md.
  • I am on the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.

Logs and Screenshots

Browser Console Logs:
[Include relevant browser console logs, if applicable]
openwebui logs.txt

Docker Container Logs:
[Include relevant Docker container logs, if applicable]

Screenshots (if applicable):
[Attach any relevant screenshots to help illustrate the issue]

Installation Method

[Describe the method you used to install the project, e.g., manual installation, Docker, package manager, etc.]

Additional Information

[Include any additional details that may help in understanding and reproducing the issue. This could include specific configurations, error messages, or anything else relevant to the bug.]

Note

If the bug report is incomplete or does not follow the provided instructions, it may not be addressed. Please ensure that you have followed the steps outlined in the README.md and troubleshooting.md documents, and provide all necessary information for us to reproduce and address the issue. Thank you!
@josh
Copy link

josh commented Jul 10, 2024
edited
Loading

I'm having the same issue after upgrading to 0.3.8 with Tailscale Serve auth. So maybe it's a wider issue with WEBUI_AUTH_TRUSTED_EMAIL_HEADER and the fact that it uses passwordless login. 0.3.7 still works fine.

@tedstriker
Copy link

Same issue with Authentik Traefik and forwarded headers. Version 3.7 works, 3.8 is broken.

@tjbck
Copy link
Contributor

tjbck commented Jul 10, 2024

Relevant logs would be tremendously helpful here.

@ther3zz
Copy link
Author

ther3zz commented Jul 10, 2024

Relevant logs would be tremendously helpful here.

So docker logs don't even show anything for me in regards to cloudflare SSO using that WEBUI_AUTH_TRUSTED_EMAIL_HEADER param (after trying to log in).

I even set GLOBAL_LOG_LEVEL to DEBUG and still nothing useful came up there.

INFO:     Started server process [1]
INFO:     Waiting for application startup.

  ___                    __        __   _     _   _ ___ 
 / _ \ _ __   ___ _ __   \ \      / /__| |__ | | | |_ _|
| | | | '_ \ / _ \ '_ \   \ \ /\ / / _ \ '_ \| | | || | 
| |_| | |_) |  __/ | | |   \ V  V /  __/ |_) | |_| || | 
 \___/| .__/ \___|_| |_|    \_/\_/ \___|_.__/ \___/|___|
      |_|                                               

      
v0.3.8 - building the best open-source AI user interface.

https://github.com/open-webui/open-webui

INFO  [alembic.runtime.migration] Context impl SQLiteImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

@tedstriker
Copy link

Same goes for the Authentik variant.
I'd be happy to provide some. Do you know where to find them @tjbck?

@tjbck
Copy link
Contributor

tjbck commented Jul 10, 2024

Just pushed a fix to main #3773

Let us know if that fixed the issue!

@ther3zz
Copy link
Author

ther3zz commented Jul 10, 2024

Just pushed a fix to main #3773

Let us know if that fixed the issue!

Issue is still persisting for me on v0.3.8 :(

@tjbck
Copy link
Contributor

tjbck commented Jul 10, 2024

Could you verify you're on the latest main, and not just 0.3.8?

@ther3zz
Copy link
Author

ther3zz commented Jul 10, 2024

Could you verify you're on the latest main, and not just 0.3.8?

Correct, I'm using the following repo:
ghcr.io/open-webui/open-webui:latest

@ther3zz
Copy link
Author

ther3zz commented Jul 10, 2024

Here is full docker log:

INFO:     Started server process [1]
INFO:     Waiting for application startup.
INFO  [alembic.runtime.migration] Context impl SQLiteImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
DEBUG:urllib3.connectionpool:https://api.openwebui.com:443 "GET /api/v1/custom/mysite.comAI HTTP/11" 400 57
INFO:config:'ENABLE_OLLAMA_API' loaded from config.json
INFO:config:'OLLAMA_BASE_URLS' loaded from config.json
INFO:config:'ENABLE_OPENAI_API' loaded from config.json
INFO:config:'OPENAI_API_KEYS' loaded from config.json
INFO:config:'OPENAI_API_BASE_URLS' loaded from config.json
INFO:config:'ENABLE_SIGNUP' loaded from config.json
INFO:config:'DEFAULT_MODELS' loaded from config.json
INFO:config:'DEFAULT_PROMPT_SUGGESTIONS' loaded from config.json
INFO:config:'DEFAULT_USER_ROLE' loaded from config.json
INFO:config:'USER_PERMISSIONS' loaded from config.json
INFO:config:'ENABLE_MODEL_FILTER' loaded from config.json
INFO:config:'MODEL_FILTER_LIST' loaded from config.json
INFO:config:'WEBHOOK_URL' loaded from config.json
INFO:config:'ENABLE_COMMUNITY_SHARING' loaded from config.json
INFO:config:'SHOW_ADMIN_DETAILS' loaded from config.json
INFO:config:'RAG_TOP_K' loaded from config.json
INFO:config:'RAG_RELEVANCE_THRESHOLD' loaded from config.json
INFO:config:'ENABLE_RAG_HYBRID_SEARCH' loaded from config.json
INFO:config:'RAG_EMBEDDING_ENGINE' loaded from config.json
INFO:config:'PDF_EXTRACT_IMAGES' loaded from config.json
INFO:config:'RAG_EMBEDDING_MODEL' loaded from config.json
INFO:config:Embedding model set: mixedbread-ai/mxbai-embed-large-v1
DEBUG:chromadb.config:Starting component System
DEBUG:chromadb.config:Starting component Posthog
DEBUG:chromadb.config:Starting component OpenTelemetryClient
DEBUG:chromadb.config:Starting component SqliteDB
DEBUG:chromadb.config:Starting component QuotaEnforcer
DEBUG:chromadb.config:Starting component LocalSegmentManager
DEBUG:chromadb.config:Starting component SegmentAPI
INFO:config:'CHUNK_SIZE' loaded from config.json
INFO:config:'CHUNK_OVERLAP' loaded from config.json
INFO:config:'RAG_TEMPLATE' loaded from config.json
INFO:config:'YOUTUBE_LOADER_LANGUAGE' loaded from config.json
INFO:config:'ENABLE_RAG_WEB_SEARCH' loaded from config.json
INFO:config:'RAG_WEB_SEARCH_ENGINE' loaded from config.json
INFO:config:'SEARXNG_QUERY_URL' loaded from config.json
INFO:config:'GOOGLE_PSE_API_KEY' loaded from config.json
INFO:config:'GOOGLE_PSE_ENGINE_ID' loaded from config.json
INFO:config:'BRAVE_SEARCH_API_KEY' loaded from config.json
INFO:config:'SERPSTACK_API_KEY' loaded from config.json
INFO:config:'SERPSTACK_HTTPS' loaded from config.json
INFO:config:'SERPER_API_KEY' loaded from config.json
INFO:config:'SERPLY_API_KEY' loaded from config.json
INFO:config:'TAVILY_API_KEY' loaded from config.json
INFO:config:'RAG_WEB_SEARCH_RESULT_COUNT' loaded from config.json
INFO:config:'RAG_WEB_SEARCH_CONCURRENT_REQUESTS' loaded from config.json
INFO:config:'IMAGE_SIZE' loaded from config.json
INFO:config:'IMAGE_STEPS' loaded from config.json
INFO:config:'IMAGE_GENERATION_MODEL' loaded from config.json
INFO:config:'AUDIO_STT_OPENAI_API_BASE_URL' loaded from config.json
INFO:config:'AUDIO_STT_OPENAI_API_KEY' loaded from config.json
INFO:config:'AUDIO_STT_ENGINE' loaded from config.json
INFO:config:'AUDIO_STT_MODEL' loaded from config.json
INFO:config:'AUDIO_TTS_OPENAI_API_BASE_URL' loaded from config.json
INFO:config:'AUDIO_TTS_OPENAI_API_KEY' loaded from config.json
INFO:config:'AUDIO_TTS_ENGINE' loaded from config.json
INFO:config:'AUDIO_TTS_MODEL' loaded from config.json
INFO:config:'AUDIO_TTS_VOICE' loaded from config.json
INFO:apps.webui.internal.wrappers:Connected to SQLite database
INFO:apps.webui.internal.db:Starting migrations
DEBUG:peewee:('CREATE TABLE IF NOT EXISTS "migratehistory" ("id" INTEGER NOT NULL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "migrated_at" DATETIME NOT NULL)', [])
DEBUG:peewee:('SELECT "t1"."id", "t1"."name", "t1"."migrated_at" FROM "migratehistory" AS "t1" ORDER BY "t1"."id"', [])
INFO:apps.webui.internal.db:There is nothing to migrate
DEBUG:passlib.utils.compat:loaded lazy attr 'SafeConfigParser': <class 'configparser.ConfigParser'>
DEBUG:passlib.utils.compat:loaded lazy attr 'NativeStringIO': <class '_io.StringIO'>
DEBUG:passlib.utils.compat:loaded lazy attr 'BytesIO': <class '_io.BytesIO'>
INFO:apps.audio.main:whisper_device_type: cpu
WARNING:langchain_community.utils.user_agent:USER_AGENT environment variable not set, consider setting it to identify your requests.
DEBUG:apps.rag.utils:model: mixedbread-ai/mxbai-embed-large-v1
DEBUG:apps.rag.utils:snapshot_kwargs: {'cache_dir': '/app/backend/data/cache/embedding/models', 'local_files_only': True}
DEBUG:apps.rag.utils:model_repo_path: /app/backend/data/cache/embedding/models/models--mixedbread-ai--mxbai-embed-large-v1/snapshots/990580e27d329c7408b3741ecff85876e128e203
INFO:sentence_transformers.SentenceTransformer:Load pretrained SentenceTransformer: /app/backend/data/cache/embedding/models/models--mixedbread-ai--mxbai-embed-large-v1/snapshots/990580e27d329c7408b3741ecff85876e128e203

  ___                    __        __   _     _   _ ___ 
 / _ \ _ __   ___ _ __   \ \      / /__| |__ | | | |_ _|
| | | | '_ \ / _ \ '_ \   \ \ /\ / / _ \ '_ \| | | || | 
| |_| | |_) |  __/ | | |   \ V  V /  __/ |_) | |_| || | 
 \___/| .__/ \___|_| |_|    \_/\_/ \___|_.__/ \___/|___|
      |_|                                               

      
v0.3.8 - building the best open-source AI user interface.

https://github.com/open-webui/open-webui

@tjbck
Copy link
Contributor

tjbck commented Jul 10, 2024

Seems like the image build process has failed for some reason, I'll let you know when the newer build gets pushed!

@tjbck
Copy link
Contributor

tjbck commented Jul 10, 2024

@ther3zz latest image should be available now!

@ther3zz
Copy link
Author

ther3zz commented Jul 10, 2024

@ther3zz latest image should be available now!

its fixed, thank you!

@ther3zz ther3zz closed this as completed Jul 10, 2024
This was referenced Jul 11, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@josh @tedstriker @tjbck @ther3zz