mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[GH-ISSUE #7767] SSO Issue when embedded Open WebUI in webpage or microsoft teams #14882
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @julienlebutte on GitHub (Dec 11, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/7767
Installation Method
Kubernetees or Docker (Same issue)
Environment
Open WebUI Version: v0.4.8
Ollama (if applicable): 0.5.1
Operating System: Windows 10
Browser (if applicable): Chrome or Teams
Confirmation:
Expected Behavior:
Open WebUI is installed on a specific container with Ollama.
Microsoft SSO is configured and working well on browser.
Open WebUI is behind a F5 with only one node.
Actual Behavior:
When i access the Open WebUI website, SSO authentication is working well.
When i access the Open WebUI website include in an iframe website, SSO is not working.
When i access the Open WebUI website include in a Microsoft Teams application, SSO is not working.
Description
Bug Summary:
Based on the SSO scheme, call to EntraID is working, i see the authentication on the identity provider.
On the network trace, the callback url give an error : 400 bad request
Reproduction Details
Steps to Reproduce:
Configure Microsoft authetication on Open WEbUi
Integrate Open WebUI site on any other site with an iframe (SharePoint, Wordpress, Microsoft Teams, ....)
Try to log in
Logs and Screenshots
Browser Console Logs:
Docker Container Logs:
WARNI [open_webui.utils.oauth] OAuth callback error: mismatching_state: CSRF Warning! State not equal in request and response.
INFO: 10.42.0.1:0 - "GET /oauth/microsoft/callback?code=1.ASEAUm_EtlxiS0GsosSk8Oe9IGApLSeqYV5Ms0Et-YbXf8AYAS0hAA.AgABBAIAAADW6jl31mB3T7ugrWTT8pFeAwDs_wUA9P_jcxwySU6P0fMNbIPV7-jSPhpvX1VFR2DE5mK2bfGQKeN34e1z8tDf-ayN10--5cBq3ER77v7uaFsR9xdIEdcHd7YB0hZMUejCIQgEXOtiBlQkAtXZf0k0irIJL-w2zP_rhgVbISeOnqC6YQuUeYrqLoAAksnYgeSSc4JO4NmRU9Hy6OVjqFAArNfEL2ll-9svMpY7PcvpMVp1UdVTiMVfWT1pooaKPoe3qxR0bDzoJN_2XHHXoO-pdtOcGdY6RMyeQQattrDSZ_vbZo70t33R7uY2uUGyapKQBk7hlDDUPa-NfD_cbo5IGhkXdeaa4fjgyEpighFmQFThBm6csJ7i7fnvSPi_aKPnstGgCOaNEiK3OVnhq8qqBiAMEaT5-LtMB2qP20NdIKrzhuwpnX392YCl3SDjvIBLCzlenbzY0IoqMUdX6njzeUsvbYNKrfhGZ0iCLFyLx1bwiL8qhKSDtgA-XXXXXXXXX-9hSFHdKa7bJ8_YxCMvrPXpLSLEwNNsXfmSdRk4hI7S5JISyiDNMPst8jq7cZO3SeNmhDqF8Uh0JP-Ty7l50iw64dk-ypnLzpQUqmR0cAY0O3u62EwnvzZOt6CSErP_H7Q-r2mcwl_ObE5tL2x44WiQhttP-sJ6bFJrnw05yTIvJnJ01YFa-ERvg-XXXXXXX-tinUzQb2Q3eAbHn4gBkMMHIgRoZ5IBYCvkHnVfGeFY1u0BqW6d_NkFZmVZ78XDgMbjGw8&state=xb57MICcVFdlOjqJyD9lyb2t8Uq3MX&session_state=XXXXXXXXXXX HTTP/1.1" 400 Bad Request
INFO: connection closed