ttk Posted January 31, 2023 Report Share Posted January 31, 2023 I have a setup where i am securing some applications with an Authentik SSO server. It does not work very well with Enpass. This is my problem: 1. I open the URL to the application. It is forwarded to the SSO login form. The form has the callback URL to the application as HTTP GET parameters in the address bar, e.g. "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2Fapplication%2Fo%2Fauthorize%2F%3Fclient_id%3DSCEmh1dhqxFlmPM30asa7dPqxs3dMBskX87Kx8DE%26redirect_uri%3Dhttps%3A%2F%2Fcomics.simonszu.de%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue%26response_type%3Dcode%26scope%3Demail%2Bprofile%2Bak_proxy%2Bopenid%26state%3D1qTRKfZVO07F-Hh7I44_8vaurt9GzaNTETUy1igmH08" 2. I select the Authentik Login item in Enpass via the Chrome extension. The item has "https://authentik.simonszu.de" as the saved URL, since that is the most common denominator between all SSO-secured applications as well as the admin interface of the SSO server. 3. As a result, the Enpass extension causes Chrome to open a new tab, with the address bar containing only "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2F", so, no reference to the callback URL to the actual application any more. 4. If i try to do step 2 again in the new tab, Enpass does not fill the credentials, but rather opens a third tab, containing the same address in the address bar as in step 3. 5. I can repeat step 3 and for for infinite time, causing Enpass and Chrome to open more and more tabs, and not logging in properly. Is there a flag where i can tell Enpass to simply fill in the credentials, and not trying to open the URL it has defined in the login item in a new tab? That would be nice. Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted January 31, 2023 Report Share Posted January 31, 2023 Hi @ttk Kindly share the version of the Enpass app, OS, Enpass Extension and Chrome browser you are using and I'll have this checked for you. Link to comment Share on other sites More sharing options...
ttk Posted January 31, 2023 Author Report Share Posted January 31, 2023 Sure. It is on Windows 10 Pro, Patchlevel 19044.2486. However, i think this also happens on a Mac with OS X Ventura. Does not happen on iOS. Enpass is version 6.8.4. Chrome is version 109.0.5414.120 - but this issue occurs on Firefox as well. Enpass Extension is 6.8.0. Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted February 1, 2023 Report Share Posted February 1, 2023 Hi @ttk Thank you for sharing the requested details. I'm discussing this case with my dedicated team and will get back to you soon with an update. Your patience in the interim is appreciated. #SI-3263 1 Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted February 3, 2023 Report Share Posted February 3, 2023 Hi @ttk We were able to reproduce the bug on our end, due to which this issue is occurring. Our development team is working on a fix which will be available for future Enpass versions. We appreciate your cooperation and support in the interim. Link to comment Share on other sites More sharing options...
ttk Posted February 3, 2023 Author Report Share Posted February 3, 2023 Hi, that are good news. I will have an eye on new enpass versions and try it out subsequentially. Link to comment Share on other sites More sharing options...
ttk Posted February 27, 2023 Author Report Share Posted February 27, 2023 @Abhishek Dewan Do you already have some updates? This issue is quite annoying and keeps me from fully rolling out Authentik in my environment. Should i keep an eye on Enpass releases or on Extension releases? Link to comment Share on other sites More sharing options...
Abhishek Dewan Posted February 28, 2023 Report Share Posted February 28, 2023 Hi @ttk Our development team is already aware of this concern and are working on a fix. I will be unable to share any ETA right now but I will be sure to update this forum once this issue is fixed. Your kind understanding in this matter is appreciated and any inconvenience caused is deeply regretted. Link to comment Share on other sites More sharing options...
ttk Posted April 17, 2023 Author Report Share Posted April 17, 2023 @Abhishek Dewan it has been several weeks now...how hard can it be? Link to comment Share on other sites More sharing options...
nicoduck Posted March 29 Report Share Posted March 29 Hi, any update on this? This is getting a bit frustrating Link to comment Share on other sites More sharing options...
Amandeep Kumar Posted April 2 Report Share Posted April 2 Hi @nicoduck, I'm sorry to inform you that our technical team faced challenges while trying to resolve the issue reported by @ttk. Actually, as stated previously, we were able to reproduce it, but while working on it, the URL shared by the user has unfortunately stopped working/responding. This has hindered our team's efforts to fix the problem, and consequently, we have been unable to address this issue effectively. Link to comment Share on other sites More sharing options...
ttk Posted April 2 Author Report Share Posted April 2 @Amandeep Kumar Are you serious? I have switched from Authentik to Keycloak because of the lack of updates in this thread for several weeks. I wasn't aware that you completeley stopped working on this issue, because the availability of my Authentik instance is crucial for your development work - but good to know that you planned with testing against my instance without ever notifying me. I would have assumed that a serious development company would be able to quickly deploy their own Authentik instance to be not depending on other instances they have no control over. Besides that, you would have landed in my fail2ban filters nevertheless, since it is rather unusual for requests with IPs originating from india to access the landing page but not try any login attempts, or try them and fail because you would not have any valid passwords. But yeah, i switched my SSO provider because of this issue, maybe i should look into switching my password manager as well, since this is not the trustworthy behaviour i would expect. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now