Jump to content
Enpass Discussion Forum

Recommended Posts

Posted

I have a setup where i am securing some applications with an Authentik SSO server. It does not work very well with Enpass. This is my problem: 

1. I open the URL to the application. It is forwarded to the SSO login form. The form has the callback URL to the application as HTTP GET parameters in the address bar, e.g. "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2Fapplication%2Fo%2Fauthorize%2F%3Fclient_id%3DSCEmh1dhqxFlmPM30asa7dPqxs3dMBskX87Kx8DE%26redirect_uri%3Dhttps%3A%2F%2Fcomics.simonszu.de%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue%26response_type%3Dcode%26scope%3Demail%2Bprofile%2Bak_proxy%2Bopenid%26state%3D1qTRKfZVO07F-Hh7I44_8vaurt9GzaNTETUy1igmH08"

2. I select the Authentik Login item in Enpass via the Chrome extension. The item has "https://authentik.simonszu.de" as the saved URL, since that is the most common denominator between all SSO-secured applications as well as the admin interface of the SSO server. 

3. As a result, the Enpass extension causes Chrome to open a new tab, with the address bar containing only "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2F", so, no reference to the callback URL to the actual application any more. 

4. If i try to do step 2 again in the new tab, Enpass does not fill the credentials, but rather opens a third tab, containing the same address in the address bar as in step 3. 

5. I can repeat step 3 and for for infinite time, causing Enpass and Chrome to open more and more tabs, and not logging in properly. 

Is there a flag where i can tell Enpass to simply fill in the credentials, and not trying to open the URL it has defined in the login item in a new tab? That would be nice. 

Posted

Sure. 

It is on Windows 10 Pro, Patchlevel 19044.2486. However, i think this also happens on a Mac with OS X Ventura. Does not happen on iOS. 

Enpass is version 6.8.4. 

Chrome is version 109.0.5414.120 - but this issue occurs on Firefox as well. 

Enpass Extension is 6.8.0. 

 

Posted

Hi @ttk

We were able to reproduce the bug on our end, due to which this issue is occurring. Our development team is working on a fix which will be available for future Enpass versions. We appreciate your cooperation and support in the interim.

  • 4 weeks later...
Posted

@Abhishek Dewan Do you already have some updates? This issue is quite annoying and keeps me from fully rolling out Authentik in my environment. Should i keep an eye on Enpass releases or on Extension releases? 

Posted

Hi @ttk

Our development team is already aware of this concern and are working on a fix. I will be unable to share any ETA right now but I will be sure to update this forum once this issue is fixed. Your kind understanding in this matter is appreciated and any inconvenience caused is deeply regretted.

  • 1 month later...
  • 11 months later...
Posted

Hi @nicoduck,

I'm sorry to inform you that our technical team faced challenges while trying to resolve the issue reported by @ttk. Actually, as stated previously, we were able to reproduce it, but while working on it, the URL shared by the user has unfortunately stopped working/responding. This has hindered our team's efforts to fix the problem, and consequently, we have been unable to address this issue effectively.

Screenshot_2.png

Posted

@Amandeep Kumar Are you serious?

 

I have switched from Authentik to Keycloak because of the lack of updates in this thread for several weeks. I wasn't aware that you completeley stopped working on this issue, because the availability of my Authentik instance is crucial for your development work - but good to know that you planned with testing against my instance without ever notifying me. I would have assumed that a serious development company would be able to quickly deploy their own Authentik instance to be not depending on other instances they have no control over. Besides that, you would have landed in my fail2ban filters nevertheless, since it is rather unusual for requests with IPs originating from india to access the landing page but not try any login attempts, or try them and fail because you would not have any valid passwords.

But yeah, i switched my SSO provider because of this issue, maybe i should look into switching my password manager as well, since this is not the trustworthy behaviour i would expect.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...