Problems with SSO "Unknown userid"

Hey,

at the moment I am Testing Bitwarden for my organization.
Therefore, I set up a Self-Hosted Bitwarden server with an Enterprise Free Trial License.

The Server is running without any Problems, all things I tested are working except of SSO.

What I’ve done so far:

  • I synced one LDAP user (for testing purposes) with the help of “Bitwarden directory connector”.
  • I enabled SSO (SAML 2.0) and connected it to UCS (Univention Corporate Server)
  • I enabled “Allow Unsolicited Authentication Response” to minimize failure risks

When I want to log in with SSO I get redirected to UCS and can log in, after this I get the following error:

  • There was an unexpected error during single sign-on. Please close this page and try again. Unknown userid

Docker logs with “docker logs -f bitwarden-sso”:
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Exception: Unknown userid
at Bit.Sso.Controllers.AccountController.FindUserFromExternalProviderAsync(AuthenticateResult result) in /home/runner/work/server/server/bitwarden_license/src/Sso/Controllers/AccountController.cs:line 323
at Bit.Sso.Controllers.AccountController.ExternalCallback() in /home/runner/work/server/server/bitwarden_license/src/Sso/Controllers/AccountController.cs:line 218
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
— End of stack trace from previous location where exception was thrown —
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
— End of stack trace from previous location where exception was thrown —
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)
at IdentityServer4.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes)
at Bit.Sso.Utilities.SsoAuthenticationMiddleware.Invoke(HttpContext context) in /home/runner/work/server/server/bitwarden_license/src/Sso/Utilities/SsoAuthenticationMiddleware.cs:line 80
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)
at Bit.Core.Utilities.CurrentContextMiddleware.Invoke(HttpContext httpContext, CurrentContext currentContext, GlobalSettings globalSettings) in /home/runner/work/server/server/src/Core/Utilities/CurrentContextMiddleware.cs:line 19
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

Can someone help me out, why I get this error or what is this error meaning.

Thanks

Haven’t had much time lately but today I watched over it again.

It was my fault, the Exception “Unknown userid” gets triggered from UCS and not Bitwarden.
My “NameIDFormat” was wrong, so it couldn’t find the right userid.

So this issue can be closed.