Subdomain URI Matching

This feature request is for an additional URI matching type: subdomain matching.

A case is where an application has a number of servers, so the user gets redirected to login at a random server:

• wwerpo23.appname.company.com
• w23rxpi34.appname.company.com
• wcpoiud83.appname.company.com
• wpicuek92.appname.company.com
• some unknown number of other servers, which could change at any time

but it should not match other company domains, such as:

• otherapp.company.com

In this situation, the existing options for URI matching do not work:

Base domain would match every URI for company.com
Host doesn’t work because you’d have to enter every possible server, which the user wouldn’t know
Starts with and Exact don’t work because each server starts with a different value

Which means, the only solution is Regular expression, but as the help warns “Regular expressions are an advanced option and can be quite dangerous if used incorrectly. You should not use this option if you do not know exactly what you’re doing.” Regular expressions are not user firiendly.

The simplest solution is for Subdomain URI Matching to match on exactly the last 3 nodes of the host name – just like Base domain except for one more node.

A more complicated solution would be to match on whatever is entered in the host part of the URI, as long as it is matching complete nodes. For example, if the URI is entered as:

• https://alice.bob.charlie.domain.com/stuff

then it would match on any host that is exactly alice.bob.charlie.domain.com or ends with .alice.bob.charlie.domain.com.

Note: I would think this has been suggested already but I can’t find it.

Hey Michael - welcome! I like your suggestion and I can see how it would be helpful to you. I hope the Bitwarden devs can incorporate this at some point.

In the meantime, and for the sake of anyone faced with the same issue, you can safely add this regex rule to your URI match scheme to achieve your match:

^https://[a-zA-Z0-9]+\.appname\.company\.com

Also, if you need to exclude a URI like http://otherapp.company.com, you can add that to another URI rule and set the match to NEVER (I find this quite handy when dealing with many subdomain URIs). Cheers!

This is the clearest of the “Subdomain Matching” posts and requests.

One thing I see that may be keeping this feature from being prioritized is that the example domains in every post about make it look like the problem is limited to the poster’s own company or use case.

Especially as more users migrate to Bitwarden from other platforms (cough, cough, Lastpass), I think it is important to offer a simple Subdomain matching option for those who do not have proficiency in regular expressions. For myself, I don’t want to manage URI matching for my family or company just because I’m the one with expertise in regex

To help with this, simple Subdomain matching should match on the final three nodes of the host name, just as @mschmitt described—and it would address 90% of the use cases (even where it overlaps with Host matching).

Here’s some real examples using California government websites that I, my family, or my company have to use, each of which requires separate login credentials. With a simple matching option of Subdomain:

• https://dmv.ca.gov (DMV) would also match
  → https://www.dmv.ca.gov
  → https://my.dmv.ca.gov
• https://ftb.ca.gov (Franchise Tax Board) would also match
  → https://www.ftb.ca.gov
  → https://webapp.ftb.ca.gov
• https://sos.ca.gov (Secretary of State) would also match
  → https://www.sos.ca.gov
  → https://idm.sos.ca.gov
  → https://bizfileonline.sos.ca.gov
• https://edd.ca.gov (Employment Development Department) would also match
  → https://portal.edd.ca.gov
  → https://myedd.edd.ca.gov
  → https://uio.edd.ca.gov

… and there’s more.

Without an option for simple Subdomain matching, non-regex users either have to enter multiple Host entries or come ask me to help with the Regular Expression matching.

TL;DR: Important feature. Please implement.

Thanks!

It probably isn’t prioritized because it only has 1 vote.