Self-Hosted with Reverse Proxy and SSO?

Hi Guys!

I have a problem with my self hosted server, I have this behind a reverse proxy (Sophos Firewall), I don’t want to make the server directly accessible to the outside and now want to set up SSO here.

The problem:
The Bitwarden server gives me, for setting up SSO on MS Azure, only “Http Links” (SP Entity ID, SAML 2.0 Metadata URL, ACS URL, and Callback Path) for the entries.

The questions:

  1. is it mandatory to set up SSL on the server for SSO?
  2. I read in the SSO FAQ that I should change the pre-configured values in config.yml, but how exactly and does it work without SSL on the server itself but via reverse proxy?


Q: How do I change pre-generated SSO configuration values?
A: Pre-generated SSO configuration values including SP Entity ID, SAML 2.0 Metadata URL, ACS URL, and Callback Path can be changed in self-hosted environments by changing the url: value in .bwdata/config.yml and running the ./ rebuild command to apply your change.

I hope I could make the problem clear and would be very happy about help! :slight_smile:

well never mind, so… since no one is obviously interested in this problem, I’ll write the solution in here anyway!

The tip from the self-host tutorial SSO configuration didn’t work for me, I “accidentally” found in the file

“/opt/bitwarden/env/global.override.env” the variable “globalSettings__baseServiceUri__vault=” and changed the URL to “https”

After restarting the services, the SSO setup in Azure AD and Bitwarden Server worked. Login successful!

have fun!

Hey @LT-Admin thanks for sharing!

There is a lot of forum activity so occasionally a post gets missed, but your answer will be helpful for others experiencing the same issue.

yea…even the business support couldn’t help with this weird issue. They even reproached me and asked questions that did not belong to the topic at all…