Self-Hosted with Reverse Proxy and SSO?

Hi Guys!

I have a problem with my self hosted server, I have this behind a reverse proxy (Sophos Firewall), I don’t want to make the server directly accessible to the outside and now want to set up SSO here.

The problem:
The Bitwarden server gives me, for setting up SSO on MS Azure, only “Http Links” (SP Entity ID, SAML 2.0 Metadata URL, ACS URL, and Callback Path) for the entries.

The questions:

  1. is it mandatory to set up SSL on the server for SSO?
  2. I read in the SSO FAQ that I should change the pre-configured values in config.yml, but how exactly and does it work without SSL on the server itself but via reverse proxy?

SSO FAQ:

Q: How do I change pre-generated SSO configuration values?
A: Pre-generated SSO configuration values including SP Entity ID, SAML 2.0 Metadata URL, ACS URL, and Callback Path can be changed in self-hosted environments by changing the url: value in .bwdata/config.yml and running the ./bitwarden.sh rebuild command to apply your change.

I hope I could make the problem clear and would be very happy about help! :slight_smile: