issue: Using ADFS and OIDC breaks the OIDC flow #4320

New Issue

Closed

opened 2025-11-11 15:51:28 -06:00 by GiteaMirror · 2 comments

GiteaMirror commented 2025-11-11 15:51:28 -06:00

Owner

Copy Link

Originally created by @icsy7867 on GitHub (Mar 8, 2025).

Check Existing Issues

• I have searched the existing issues and discussions.

Installation Method

Docker

Open WebUI Version

v0.5.20

Ollama Version (if applicable)

No response

Operating System

Container in kubernetes

Browser (if applicable)

N.A

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have checked the browser console logs.
• I have checked the Docker container logs.
• I have listed steps to reproduce the bug in detail.

Expected Behavior

This isnt really an issue with open-webui, but I wanted to make a note of it. I didnt realize you were using oauth2-proxy on the backend (I love this container BTW...)

https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/adfs

Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the [redis session storage](https://oauth2-proxy.github.io/oauth2-proxy/configuration/session_storage#redis-storage) should resolve this.

I ultimately just added redis, which was pretty easy to do. However, without redis, I just get failed OAUTH attempts in my console, 403 issues, and other oddities. The proxy buffer is basically getting cut off so oauth2-proxy is only receiving part of the response.

SO if you are coming from the magical land of ADFS, make sure to increase your proxy buffer size if using nginx (Either via and ingress annotation in kubernetes, or via and nginx config) or implement redis!

I am working now with a seperate oauth2-proxy and redis container, and it is working quite well. The only thing I might suggest is to add ENV variables for connecting to a redis backend or something.

Actual Behavior

N/A

Steps to Reproduce

Run ADFS, create an OIDC integration, watch it fail repeatedly.

Logs & Screenshots

Not really applicable. I just wanted to share the information :D

Feel free to close.

Additional Information

No response

Originally created by @icsy7867 on GitHub (Mar 8, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Installation Method Docker ### Open WebUI Version v0.5.20 ### Ollama Version (if applicable) _No response_ ### Operating System Container in kubernetes ### Browser (if applicable) N.A ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have checked the browser console logs. - [x] I have checked the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior This isnt really an issue with open-webui, but I wanted to make a note of it. I didnt realize you were using oauth2-proxy on the backend (I love this container BTW...) https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/adfs ``` Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the [redis session storage](https://oauth2-proxy.github.io/oauth2-proxy/configuration/session_storage#redis-storage) should resolve this. ``` I ultimately just added redis, which was pretty easy to do. However, without redis, I just get failed OAUTH attempts in my console, 403 issues, and other oddities. The proxy buffer is basically getting cut off so oauth2-proxy is only receiving part of the response. SO if you are coming from the magical land of ADFS, make sure to increase your proxy buffer size if using nginx (Either via and ingress annotation in kubernetes, or via and nginx config) or implement redis! I am working now with a seperate oauth2-proxy and redis container, and it is working quite well. The only thing I might suggest is to add ENV variables for connecting to a redis backend or something. ### Actual Behavior N/A ### Steps to Reproduce Run ADFS, create an OIDC integration, watch it fail repeatedly. ### Logs & Screenshots Not really applicable. I just wanted to share the information :D Feel free to close. ### Additional Information _No response_

GiteaMirror added the bug label 2025-11-11 15:51:28 -06:00

GiteaMirror closed this issue 2025-11-11 15:51:29 -06:00

GiteaMirror commented 2025-11-11 15:51:29 -06:00

Author

Owner

Copy Link

@rgaricano commented on GitHub (Mar 9, 2025):

https://docs.openwebui.com/tutorials/integrations/redis#setting-up-redis
https://docs.openwebui.com/getting-started/env-configuration#redis

@rgaricano commented on GitHub (Mar 9, 2025): https://docs.openwebui.com/tutorials/integrations/redis#setting-up-redis https://docs.openwebui.com/getting-started/env-configuration#redis

GiteaMirror commented 2025-11-11 15:51:29 -06:00

Author

Owner

Copy Link

@icsy7867 commented on GitHub (Mar 9, 2025):

Good information. But that sounds like it's used for managing websockets, I don't think the oauth2- proxy integration knows to use that as well?

@icsy7867 commented on GitHub (Mar 9, 2025): Good information. But that sounds like it's used for managing websockets, I don't think the oauth2- proxy integration knows to use that as well?

GiteaMirror referenced this issue 2026-04-19 20:15:53 -05:00

[GH-ISSUE #4320] In Hybrid Search, the file summary query does not work #13566

GiteaMirror referenced this issue 2026-04-25 03:32:41 -05:00

[GH-ISSUE #4320] In Hybrid Search, the file summary query does not work #29094

GiteaMirror referenced this issue 2026-05-05 13:23:04 -05:00

[GH-ISSUE #4320] In Hybrid Search, the file summary query does not work #52232

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#4320