Jump to content
Enpass Discussion Forum

Filling passwords in Authentik SSO login forms not working as it should.


Recommended Posts

I have a setup where i am securing some applications with an Authentik SSO server. It does not work very well with Enpass. This is my problem: 

1. I open the URL to the application. It is forwarded to the SSO login form. The form has the callback URL to the application as HTTP GET parameters in the address bar, e.g. "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2Fapplication%2Fo%2Fauthorize%2F%3Fclient_id%3DSCEmh1dhqxFlmPM30asa7dPqxs3dMBskX87Kx8DE%26redirect_uri%3Dhttps%3A%2F%2Fcomics.simonszu.de%2Foutpost.goauthentik.io%2Fcallback%3FX-authentik-auth-callback%3Dtrue%26response_type%3Dcode%26scope%3Demail%2Bprofile%2Bak_proxy%2Bopenid%26state%3D1qTRKfZVO07F-Hh7I44_8vaurt9GzaNTETUy1igmH08"

2. I select the Authentik Login item in Enpass via the Chrome extension. The item has "https://authentik.simonszu.de" as the saved URL, since that is the most common denominator between all SSO-secured applications as well as the admin interface of the SSO server. 

3. As a result, the Enpass extension causes Chrome to open a new tab, with the address bar containing only "https://authentik.simonszu.de/if/flow/default-authentication-flow/?next=%2F", so, no reference to the callback URL to the actual application any more. 

4. If i try to do step 2 again in the new tab, Enpass does not fill the credentials, but rather opens a third tab, containing the same address in the address bar as in step 3. 

5. I can repeat step 3 and for for infinite time, causing Enpass and Chrome to open more and more tabs, and not logging in properly. 

Is there a flag where i can tell Enpass to simply fill in the credentials, and not trying to open the URL it has defined in the login item in a new tab? That would be nice. 

Link to comment
Share on other sites

Sure. 

It is on Windows 10 Pro, Patchlevel 19044.2486. However, i think this also happens on a Mac with OS X Ventura. Does not happen on iOS. 

Enpass is version 6.8.4. 

Chrome is version 109.0.5414.120 - but this issue occurs on Firefox as well. 

Enpass Extension is 6.8.0. 

 

Link to comment
Share on other sites

  • 4 weeks later...
  • 1 month later...
  • 11 months later...

Hi @nicoduck,

I'm sorry to inform you that our technical team faced challenges while trying to resolve the issue reported by @ttk. Actually, as stated previously, we were able to reproduce it, but while working on it, the URL shared by the user has unfortunately stopped working/responding. This has hindered our team's efforts to fix the problem, and consequently, we have been unable to address this issue effectively.

Screenshot_2.png

Link to comment
Share on other sites

@Amandeep Kumar Are you serious?

 

I have switched from Authentik to Keycloak because of the lack of updates in this thread for several weeks. I wasn't aware that you completeley stopped working on this issue, because the availability of my Authentik instance is crucial for your development work - but good to know that you planned with testing against my instance without ever notifying me. I would have assumed that a serious development company would be able to quickly deploy their own Authentik instance to be not depending on other instances they have no control over. Besides that, you would have landed in my fail2ban filters nevertheless, since it is rather unusual for requests with IPs originating from india to access the landing page but not try any login attempts, or try them and fail because you would not have any valid passwords.

But yeah, i switched my SSO provider because of this issue, maybe i should look into switching my password manager as well, since this is not the trustworthy behaviour i would expect.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...