github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #2375] Federated logins not working #12860

New Issue
Closed
opened 2026-04-19 19:42:58 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-19 19:42:58 -05:00
Owner
Copy Link

Originally created by @andyp-79 on GitHub (May 18, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/2375

Bug Report

Description

Configured Traefik with Oauth2-Proxy and X-Forwarded-Email headers by middleware. I have verified that the header is always forwarded to open-webui through tcpdump and by the presence of the relevant info log entry:

INFO:apps.web.models.auths:authenticate_user_by_trusted_header: redacted@redacted.com
INFO:     10.42.9.0:0 - "POST /api/v1/auths/signin HTTP/1.1" 200 OK
INFO:     10.42.9.0:0 - "GET /static/favicon.png HTTP/1.1" 304 Not Modified
INFO:     10.42.9.0:0 - "GET /api/changelog HTTP/1.1" 200 OK

As seen above a first few calls succeed and the UI is partially loaded. However, subsequent requests fail and the UI faults from fully loading:

INFO:apps.ollama.main:get_all_models()
INFO:     10.42.9.0:0 - "GET /ollama/api/tags HTTP/1.1" 403 Forbidden
INFO:apps.openai.main:get_all_models()
INFO:     10.42.9.0:0 - "GET /openai/api/models HTTP/1.1" 403 Forbidden
INFO:     10.42.9.0:0 - "GET /litellm/api/v1/models HTTP/1.1" 403 Forbidden
INFO:     10.42.9.0:0 - "GET /api/v1/modelfiles/ HTTP/1.1" 403 Forbidden

As seen above, some of the ensuing API calls fail with 403. An ollama instance is running on the cluster and accepting requests, not showing any 403s.

Steps to Reproduce:

Enable federation with WEBUI_AUTH_TRUSTED_EMAIL_HEADER=X-Forwarded-Email .

Expected Behavior:

UI fully loads

Actual Behavior:

Environment

  • Open WebUI Version: v0.1.124

  • Ollama (if applicable): 0.1.34

  • Operating System: Kubernetes Linux

  • Browser (if applicable): Safari & Chrome

Reproduction Details

Confirmation:

  • I have read and followed all the instructions provided in the README.md.
  • I am on the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.

Logs and Screenshots

Browser Console Logs:

[Log] {status: true, name: "Open WebUI", version: "0.1.124", auth: false, default_locale: "en-US", …} (0.e26cb850.js, line 1)
[Error] Failed to load resource: the server responded with a status of 403 () (auths, line 0)
[Log] {detail: "Not authenticated"} (index.eb461bd3.js, line 1)
[Log] {id: "053069ac-0973-42f1-8a16-63eaed437f33", email: "redacted@redacted.com", name: "redacted@redacted.com", role: "admin", profile_image_url: "/user.png", …} (14.1f86cabd.js, line 23)
[Error] Failed to load resource: the server responded with a status of 403 () (tags, line 0)
[Log] {detail: "Not authenticated"} (index.dff570f5.js, line 8)
[Log] Not authenticated (index.0a369829.js, line 1)
[Error] Failed to load resource: the server responded with a status of 403 () (models, line 0)
[Log] OpenAI: Network Problem (index.0a369829.js, line 1)
[Error] Failed to load resource: the server responded with a status of 403 () (models, line 0)
[Log] {detail: "Not authenticated"} (index.0a369829.js, line 1)
[Log] LiteLLM: Network Problem (index.0a369829.js, line 1)
[Error] Failed to load resource: the server responded with a status of 403 () (modelfiles, line 0)
[Log] {detail: "Not authenticated"} (index.ea3708ab.js, line 1)
[Error] Unhandled Promise Rejection: [object Object]
	(anonymous function) (2.481a1650.js:48:4399)

Docker Container Logs:
[Include relevant Docker container logs, if applicable]

Screenshots (if applicable):

image

Installation Method

Helm chart

Originally created by @andyp-79 on GitHub (May 18, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/2375 # Bug Report ## Description Configured Traefik with Oauth2-Proxy and X-Forwarded-Email headers by middleware. I have verified that the header is always forwarded to open-webui through tcpdump and by the presence of the relevant info log entry: ``` INFO:apps.web.models.auths:authenticate_user_by_trusted_header: redacted@redacted.com INFO: 10.42.9.0:0 - "POST /api/v1/auths/signin HTTP/1.1" 200 OK INFO: 10.42.9.0:0 - "GET /static/favicon.png HTTP/1.1" 304 Not Modified INFO: 10.42.9.0:0 - "GET /api/changelog HTTP/1.1" 200 OK ``` As seen above a first few calls succeed and the UI is partially loaded. However, subsequent requests fail and the UI faults from fully loading: ``` INFO:apps.ollama.main:get_all_models() INFO: 10.42.9.0:0 - "GET /ollama/api/tags HTTP/1.1" 403 Forbidden INFO:apps.openai.main:get_all_models() INFO: 10.42.9.0:0 - "GET /openai/api/models HTTP/1.1" 403 Forbidden INFO: 10.42.9.0:0 - "GET /litellm/api/v1/models HTTP/1.1" 403 Forbidden INFO: 10.42.9.0:0 - "GET /api/v1/modelfiles/ HTTP/1.1" 403 Forbidden ``` As seen above, some of the ensuing API calls fail with 403. An ollama instance is running on the cluster and accepting requests, not showing any 403s. **Steps to Reproduce:** Enable federation with `WEBUI_AUTH_TRUSTED_EMAIL_HEADER=X-Forwarded-Email` . **Expected Behavior:** UI fully loads **Actual Behavior:** ## Environment - **Open WebUI Version:** v0.1.124 - **Ollama (if applicable):** 0.1.34 - **Operating System:** Kubernetes Linux - **Browser (if applicable):** Safari & Chrome ## Reproduction Details **Confirmation:** - [X] I have read and followed all the instructions provided in the README.md. - [X] I am on the latest version of both Open WebUI and Ollama. - [X] I have included the browser console logs. - [X] I have included the Docker container logs. ## Logs and Screenshots **Browser Console Logs:** ``` [Log] {status: true, name: "Open WebUI", version: "0.1.124", auth: false, default_locale: "en-US", …} (0.e26cb850.js, line 1) [Error] Failed to load resource: the server responded with a status of 403 () (auths, line 0) [Log] {detail: "Not authenticated"} (index.eb461bd3.js, line 1) [Log] {id: "053069ac-0973-42f1-8a16-63eaed437f33", email: "redacted@redacted.com", name: "redacted@redacted.com", role: "admin", profile_image_url: "/user.png", …} (14.1f86cabd.js, line 23) [Error] Failed to load resource: the server responded with a status of 403 () (tags, line 0) [Log] {detail: "Not authenticated"} (index.dff570f5.js, line 8) [Log] Not authenticated (index.0a369829.js, line 1) [Error] Failed to load resource: the server responded with a status of 403 () (models, line 0) [Log] OpenAI: Network Problem (index.0a369829.js, line 1) [Error] Failed to load resource: the server responded with a status of 403 () (models, line 0) [Log] {detail: "Not authenticated"} (index.0a369829.js, line 1) [Log] LiteLLM: Network Problem (index.0a369829.js, line 1) [Error] Failed to load resource: the server responded with a status of 403 () (modelfiles, line 0) [Log] {detail: "Not authenticated"} (index.ea3708ab.js, line 1) [Error] Unhandled Promise Rejection: [object Object] (anonymous function) (2.481a1650.js:48:4399) ``` **Docker Container Logs:** [Include relevant Docker container logs, if applicable] **Screenshots (if applicable):** ![image](https://github.com/open-webui/open-webui/assets/6251451/c5b5803b-0628-4aea-a331-7c0b0aa4394b) ## Installation Method Helm chart
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#12860
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?