[GH-ISSUE #7215] SSO (oauth2proxy) only a single user can sign in #14661

New Issue

Closed

opened 2026-04-19 20:58:21 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-19 20:58:21 -05:00

Owner

Copy Link

Originally created by @simonfrey on GitHub (Nov 22, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/7215

Bug Report

Installation Method

docker-compose.yml with oauth2proxy

services:
  openwebui:
    image: ghcr.io/open-webui/open-webui:v0.4.2
    volumes:
      - ./owebvolume:/app/backend/data
    environment:
      - 'HOST=0.0.0.0'
      - 'WEBUI_URL=https://chat.XXX.de'
      - 'ENABLE_OLLAMA_API=False'
      - 'OPENAI_API_KEY=sk-proj-XXX'
      - 'OPENAI_API_BASE_URL=http://llm-proxy-api:8080/llm/v1'
      - 'ENABLE_COMMUNITY_SHARING=False'
      - 'ENABLE_SIGNUP=True'
      - 'DEFAULT_USER_ROLE=user'
      - 'ENABLE_OAUTH_SIGNUP=True'
      - 'WEBUI_AUTH_TRUSTED_NAME_HEADER=X-Forwarded-Email'
      - 'WEBUI_AUTH_TRUSTED_EMAIL_HEADER=X-Forwarded-Email'
    restart: unless-stopped
  oauth2proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
    environment:
      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
      OAUTH2_PROXY_UPSTREAMS: http://openwebui:8080/
      OAUTH2_PROXY_PROVIDER: google
      OAUTH2_PROXY_CLIENT_ID: "XXX.apps.googleusercontent.com"
      OAUTH2_PROXY_CLIENT_SECRET: "GOCSPX-YYY"
      OAUTH2_PROXY_EMAIL_DOMAINS: "XXX.de"
      OAUTH2_PROXY_COOKIE_SECRET: "XXX="
      OAUTH2_PROXY_COOKIE_SECURE: "false"
      OAUTH2_PROXY_REDIRECT_URL: "https://chat.XXX.de/oauth2/callback"
      OAUTH2_PROXY_GCP_HEALTHCHECKS: "true"
      OAUTH2_PROXY_SKIP_AUTH_ROUTES: "GET=^/opensearch.xml"
    restart: unless-stopped
    entrypoint: "/bin/oauth2-proxy --custom-templates-dir=/oauth2proxy_template"
    volumes:
      - ./oauth2proxy_template:/oauth2proxy_template
    ports:
      - 4180:4180/tcp

Environment

• Open WebUI Version: v0.4.2

• Operating System: Ubuntu Linux

• Browser (if applicable): Firefox

Confirmation:

• I have read and followed all the instructions provided in the README.md.
• I am on the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

Every user can sign in. First one becomes admin, all other ones become users (directly activated)

Actual Behavior:

Only first user can log in. Everyone else becomes the following error:

You do not have permission to access this resource. Please contact your administrator for assistance.

Description

Bug Summary:

I want to sign in

Reproduction Details

Steps to Reproduce:

Have two different users sign in. First one becomes admin, second one can't log in at all.

Logs and Screenshots

Browser Console Logs:

Screenshots/Screen Recordings (if applicable):

Originally created by @simonfrey on GitHub (Nov 22, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/7215 # Bug Report ## Installation Method docker-compose.yml with oauth2proxy ```yml services: openwebui: image: ghcr.io/open-webui/open-webui:v0.4.2 volumes: - ./owebvolume:/app/backend/data environment: - 'HOST=0.0.0.0' - 'WEBUI_URL=https://chat.XXX.de' - 'ENABLE_OLLAMA_API=False' - 'OPENAI_API_KEY=sk-proj-XXX' - 'OPENAI_API_BASE_URL=http://llm-proxy-api:8080/llm/v1' - 'ENABLE_COMMUNITY_SHARING=False' - 'ENABLE_SIGNUP=True' - 'DEFAULT_USER_ROLE=user' - 'ENABLE_OAUTH_SIGNUP=True' - 'WEBUI_AUTH_TRUSTED_NAME_HEADER=X-Forwarded-Email' - 'WEBUI_AUTH_TRUSTED_EMAIL_HEADER=X-Forwarded-Email' restart: unless-stopped oauth2proxy: image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 environment: OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180 OAUTH2_PROXY_UPSTREAMS: http://openwebui:8080/ OAUTH2_PROXY_PROVIDER: google OAUTH2_PROXY_CLIENT_ID: "XXX.apps.googleusercontent.com" OAUTH2_PROXY_CLIENT_SECRET: "GOCSPX-YYY" OAUTH2_PROXY_EMAIL_DOMAINS: "XXX.de" OAUTH2_PROXY_COOKIE_SECRET: "XXX=" OAUTH2_PROXY_COOKIE_SECURE: "false" OAUTH2_PROXY_REDIRECT_URL: "https://chat.XXX.de/oauth2/callback" OAUTH2_PROXY_GCP_HEALTHCHECKS: "true" OAUTH2_PROXY_SKIP_AUTH_ROUTES: "GET=^/opensearch.xml" restart: unless-stopped entrypoint: "/bin/oauth2-proxy --custom-templates-dir=/oauth2proxy_template" volumes: - ./oauth2proxy_template:/oauth2proxy_template ports: - 4180:4180/tcp ``` ## Environment - **Open WebUI Version:** v0.4.2 - **Operating System:** Ubuntu Linux - **Browser (if applicable):** Firefox **Confirmation:** - [x] I have read and followed all the instructions provided in the README.md. - [x] I am on the latest version of both Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: Every user can sign in. First one becomes admin, all other ones become users (directly activated) ## Actual Behavior: Only first user can log in. Everyone else becomes the following error: ``` You do not have permission to access this resource. Please contact your administrator for assistance. ``` ## Description **Bug Summary:** I want to sign in ## Reproduction Details **Steps to Reproduce:** Have two different users sign in. First one becomes admin, second one can't log in at all. ## Logs and Screenshots **Browser Console Logs:**  **Screenshots/Screen Recordings (if applicable):** 

GiteaMirror closed this issue 2026-04-19 20:58:21 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#14661