github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #14380] bug: redirects to localhost:3000 on 0.6.11 azure ad sso #55895

New Issue
Closed
opened 2026-05-05 18:14:34 -05:00 by GiteaMirror · 17 comments
GiteaMirror commented 2026-05-05 18:14:34 -05:00
Owner
Copy Link

Originally created by @fanuelsen on GitHub (May 27, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/14380

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

After updating the docker container to the latest version login with azure got broken for me, i get this error in the logs on the client: "localhost:3000/auth#token=eyJhbGciOiJIUzl1NilsInR5cCI6IkpXVCJ9.eyJpZCI6ImFmZD
RhMzg5LTg0YjAtNDgxNi1iY2MyLWM4Y2RIZGNIOTEyNiJ9.7qaZ7WXrfd2LG8GbMcZLrxy
ZRUxZ1PwQ7tqwaynOtFQ" because Safari can't connect to the server "localhost".

the open-webui
2025-05-27 06:53:27.959 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - - "GET /oauth/microsoft/callback?code=redacted &session_state=redacted HTTP/1.1" 307 - {}

Desired Solution you'd like

to logon as i used to do in version 0.6.10

Alternatives Considered

No response

Additional Context

This happend after pulling the new image. 0.6.11

Originally created by @fanuelsen on GitHub (May 27, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/14380 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description After updating the docker container to the latest version login with azure got broken for me, i get this error in the logs on the client: "localhost:3000/auth#token=eyJhbGciOiJIUzl1NilsInR5cCI6IkpXVCJ9.eyJpZCI6ImFmZD RhMzg5LTg0YjAtNDgxNi1iY2MyLWM4Y2RIZGNIOTEyNiJ9.7qaZ7WXrfd2LG8GbMcZLrxy ZRUxZ1PwQ7tqwaynOtFQ" because Safari can't connect to the server "localhost". the open-webui 2025-05-27 06:53:27.959 | INFO | uvicorn.protocols.http.httptools_impl:send:476 - - "GET /oauth/microsoft/callback?code=redacted &session_state=redacted HTTP/1.1" 307 - {} ### Desired Solution you'd like to logon as i used to do in version 0.6.10 ### Alternatives Considered _No response_ ### Additional Context This happend after pulling the new image. 0.6.11
GiteaMirror commented 2026-05-05 18:14:36 -05:00
Author
Owner
Copy Link

@tsueri commented on GitHub (May 27, 2025):

I use it with zitadel and got the same problem.

<!-- gh-comment-id:2911421544 --> @tsueri commented on GitHub (May 27, 2025): I use it with zitadel and got the same problem.
GiteaMirror commented 2026-05-05 18:14:38 -05:00
Author
Owner
Copy Link

@Breidenbach-Murach commented on GitHub (May 27, 2025):

We have the same issue after the update to 0.6.11.
A simple rollback of the container using the "0.6.10" tag did not fix it, as the login prompt seemingly gets stuck after the redirect.

<!-- gh-comment-id:2911493104 --> @Breidenbach-Murach commented on GitHub (May 27, 2025): We have the same issue after the update to 0.6.11. A simple rollback of the container using the "0.6.10" tag did not fix it, as the login prompt seemingly gets stuck after the redirect.
GiteaMirror commented 2026-05-05 18:14:39 -05:00
Author
Owner
Copy Link

@tsueri commented on GitHub (May 27, 2025):

I "fixed" it by manually rolling back the Commit d4c3cfb

<!-- gh-comment-id:2911561680 --> @tsueri commented on GitHub (May 27, 2025): I "fixed" it by manually rolling back the Commit d4c3cfb
GiteaMirror commented 2026-05-05 18:14:41 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (May 27, 2025):

PLEASE READ THE CHANGELOGS BEFORE UPDATING

Image

<!-- gh-comment-id:2911727527 --> @tjbck commented on GitHub (May 27, 2025): PLEASE READ THE CHANGELOGS BEFORE UPDATING ![Image](https://github.com/user-attachments/assets/584b9d73-89fa-4e93-9360-08d30d41abf9)
GiteaMirror commented 2026-05-05 18:14:42 -05:00
Author
Owner
Copy Link

@tsueri commented on GitHub (May 27, 2025):

I have read the changelog. My problem persists even with the environment variable.

This is my compose.yml:

services:
    open-webui:
        ports:
            - 3000:8080
        environment:
            - OLLAMA_BASE_URL=redacted
            - OLLAMA_AUTH_TRUSTED_HEADER=X-Remote-User
            - OAUTH_CLIENT_ID=redacted
            - OAUTH_CLIENT_SECRET=redacted
            - OPENID_PROVIDER_URL=redacted
            - OAUTH_PROVIDER_NAME=SSO
            - OAUTH_SCOPES=openid email profile
            - ENABLE_OAUTH_ROLE_MANAGEMENT=true
            - ENABLE_OAUTH_SIGNUP=true
            - OAUTH_ROLES_CLAIM=user.roles
            - OAUTH_ALLOWED_ROLES=user
            - OAUTH_ADMIN_ROLES=admin
            - WEBUI_URL=https://redacted
        volumes:
            - ./data:/app/backend/data
        container_name: open-webui
        restart: always
        image: ghcr.io/open-webui/open-webui:main
    watchtower:
        image: containrrr/watchtower
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        command: --interval 300 open-webui
        depends_on:
          - open-webui
<!-- gh-comment-id:2911904822 --> @tsueri commented on GitHub (May 27, 2025): I have read the changelog. My problem persists even with the environment variable. This is my compose.yml: ``` services: open-webui: ports: - 3000:8080 environment: - OLLAMA_BASE_URL=redacted - OLLAMA_AUTH_TRUSTED_HEADER=X-Remote-User - OAUTH_CLIENT_ID=redacted - OAUTH_CLIENT_SECRET=redacted - OPENID_PROVIDER_URL=redacted - OAUTH_PROVIDER_NAME=SSO - OAUTH_SCOPES=openid email profile - ENABLE_OAUTH_ROLE_MANAGEMENT=true - ENABLE_OAUTH_SIGNUP=true - OAUTH_ROLES_CLAIM=user.roles - OAUTH_ALLOWED_ROLES=user - OAUTH_ADMIN_ROLES=admin - WEBUI_URL=https://redacted volumes: - ./data:/app/backend/data container_name: open-webui restart: always image: ghcr.io/open-webui/open-webui:main watchtower: image: containrrr/watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock command: --interval 300 open-webui depends_on: - open-webui ```
GiteaMirror commented 2026-05-05 18:14:43 -05:00
Author
Owner
Copy Link

@fanuelsen commented on GitHub (May 27, 2025):

I see you expose a host port, do you add the port in the webui_url? It worked for me when adding the env var, but i'm running it behind a reverse proxy.

here are the docs:
https://docs.openwebui.com/tutorials/integrations/browser-search-engine#step-1-set-the-webui_url-environment-variable

<!-- gh-comment-id:2911916393 --> @fanuelsen commented on GitHub (May 27, 2025): I see you expose a host port, do you add the port in the webui_url? It worked for me when adding the env var, but i'm running it behind a reverse proxy. here are the docs: https://docs.openwebui.com/tutorials/integrations/browser-search-engine#step-1-set-the-webui_url-environment-variable
GiteaMirror commented 2026-05-05 18:14:43 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (May 27, 2025):

@tsueri do not set the environment variable. It is a persistent config.

Instead set the WEB UI URL in the admin panel and try again.

<!-- gh-comment-id:2911942311 --> @Classic298 commented on GitHub (May 27, 2025): @tsueri do not set the environment variable. It is a persistent config. Instead set the WEB UI URL in the admin panel and try again.
GiteaMirror commented 2026-05-05 18:14:44 -05:00
Author
Owner
Copy Link

@tsueri commented on GitHub (May 27, 2025):

@tsueri do not set the environment variable. It is a persistent config.

Instead set the WEB UI URL in the admin panel and try again.

That worked! Thank you!

<!-- gh-comment-id:2911948879 --> @tsueri commented on GitHub (May 27, 2025): > [@tsueri](https://github.com/tsueri) do not set the environment variable. It is a persistent config. > > Instead set the WEB UI URL in the admin panel and try again. That worked! Thank you!
GiteaMirror commented 2026-05-05 18:14:44 -05:00
Author
Owner
Copy Link

@ArcCal commented on GitHub (May 28, 2025):

Encountered the exact same problem

<!-- gh-comment-id:2914747463 --> @ArcCal commented on GitHub (May 28, 2025): Encountered the exact same problem
GiteaMirror commented 2026-05-05 18:14:45 -05:00
Author
Owner
Copy Link

@cwittenberg commented on GitHub (Jun 2, 2025):

@tsueri do not set the environment variable. It is a persistent config.

Instead set the WEB UI URL in the admin panel and try again.

This worked. Would suggest documentation or perhaps an additional envvar on this - that overrides the UI?

<!-- gh-comment-id:2930262462 --> @cwittenberg commented on GitHub (Jun 2, 2025): > [@tsueri](https://github.com/tsueri) do not set the environment variable. It is a persistent config. > > Instead set the WEB UI URL in the admin panel and try again. This worked. Would suggest documentation or perhaps an additional envvar on this - that overrides the UI?
GiteaMirror commented 2026-05-05 18:14:45 -05:00
Author
Owner
Copy Link

@aleprj commented on GitHub (Jun 2, 2025):

@tsueri do not set the environment variable. It is a persistent config.
Instead set the WEB UI URL in the admin panel and try again.

This worked. Would suggest documentation or perhaps an additional envvar on this - that overrides the UI?

I think it should be an additional var for this redirect. It's a change intented for a very specific corner case and probably broke things for more people than the ones that will actually benefit from it.

Anyway, if we are going to keep things this way, some documentation needs updating:

  • env-configuration says WEBUI_URL is used for search engine support.
  • features/sso has no reference for WEBUI_URL at all

Someone starting a clean install will be lost right now.

<!-- gh-comment-id:2930417507 --> @aleprj commented on GitHub (Jun 2, 2025): > > [@tsueri](https://github.com/tsueri) do not set the environment variable. It is a persistent config. > > Instead set the WEB UI URL in the admin panel and try again. > > This worked. Would suggest documentation or perhaps an additional envvar on this - that overrides the UI? I think it should be an additional var for this redirect. It's a change intented for a very specific corner case and probably broke things for more people than the ones that will actually benefit from it. Anyway, if we are going to keep things this way, some documentation needs updating: - env-configuration says WEBUI_URL is used for search engine support. - features/sso has no reference for WEBUI_URL at all Someone starting a clean install will be lost right now.
GiteaMirror commented 2026-05-05 18:14:46 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jun 2, 2025):

Feel free to update the docs

<!-- gh-comment-id:2930642619 --> @Classic298 commented on GitHub (Jun 2, 2025): Feel free to update the docs
GiteaMirror commented 2026-05-05 18:14:46 -05:00
Author
Owner
Copy Link

@avmturo commented on GitHub (Jun 5, 2025):

Does this not mean, that if you are deploying a new instance, with a new database, the first user, if using oidc, will not be able to log in? If there is no user yet to access the admin panel, how can someone update the WEBUI_URL?

<!-- gh-comment-id:2944582642 --> @avmturo commented on GitHub (Jun 5, 2025): Does this not mean, that if you are deploying a new instance, with a new database, the first user, if using oidc, will not be able to log in? If there is no user yet to access the admin panel, how can someone update the WEBUI_URL?
GiteaMirror commented 2026-05-05 18:14:46 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Jun 5, 2025):

@avmturo use DISABLE_PERSISTENT_CONFIG and use that to then set the WEBUI_URL (check docs for exact env var names, this is from the top of my head)

but to answer your question: there's a way for everything

<!-- gh-comment-id:2944643685 --> @Classic298 commented on GitHub (Jun 5, 2025): @avmturo use DISABLE_PERSISTENT_CONFIG and use that to then set the WEBUI_URL (check docs for exact env var names, this is from the top of my head) but to answer your question: there's a way for everything
GiteaMirror commented 2026-05-05 18:14:47 -05:00
Author
Owner
Copy Link

@avmturo commented on GitHub (Jun 5, 2025):

@tsueri do not set the environment variable. It is a persistent config.

Instead set the WEB UI URL in the admin panel and try again.

Ahh okay, I was confused by this one. Checked the doc and it iis an environment variable. So if you are deploying a new isntance, even with persistant config, it should work with using the env var. If I'm not mistaken

<!-- gh-comment-id:2944682677 --> @avmturo commented on GitHub (Jun 5, 2025): > [@tsueri](https://github.com/tsueri) do not set the environment variable. It is a persistent config. > > Instead set the WEB UI URL in the admin panel and try again. Ahh okay, I was confused by this one. Checked the doc and it iis an environment variable. So if you are deploying a new isntance, even with persistant config, it should work with using the env var. If I'm not mistaken
GiteaMirror commented 2026-05-05 18:14:47 -05:00
Author
Owner
Copy Link

@aleprj commented on GitHub (Jun 5, 2025):

@tsueri do not set the environment variable. It is a persistent config.
Instead set the WEB UI URL in the admin panel and try again.

Ahh okay, I was confused by this one. Checked the doc and it iis an environment variable. So if you are deploying a new isntance, even with persistant config, it should work with using the env var. If I'm not mistaken

Unless you already started it before and the database was generated. This env var has a default value, so if the system was already started I would just delete the database, since it's a new setup anyway. I usually start my aplications before configuring SSO, so it would probably happen.

<!-- gh-comment-id:2944904595 --> @aleprj commented on GitHub (Jun 5, 2025): > > [@tsueri](https://github.com/tsueri) do not set the environment variable. It is a persistent config. > > Instead set the WEB UI URL in the admin panel and try again. > > Ahh okay, I was confused by this one. Checked the doc and it iis an environment variable. So if you are deploying a new isntance, even with persistant config, it should work with using the env var. If I'm not mistaken Unless you already started it before and the database was generated. This env var has a default value, so if the system was already started I would just delete the database, since it's a new setup anyway. I usually start my aplications before configuring SSO, so it would probably happen.
GiteaMirror commented 2026-05-05 18:14:48 -05:00
Author
Owner
Copy Link

@aleprj commented on GitHub (Jun 5, 2025):

@avmturo use DISABLE_PERSISTENT_CONFIG and use that to then set the WEBUI_URL (check docs for exact env var names, this is from the top of my head)

but to answer your question: there's a way for everything

The var is ENABLE_PERSISTENT_CONFIG (need to set to false). But how does it work? If I set it to false it will use the env var only for this specific run or will it save the new value as well (ie. it disables only loading of the variables, or does not touch them at all)?

<!-- gh-comment-id:2944911274 --> @aleprj commented on GitHub (Jun 5, 2025): > [@avmturo](https://github.com/avmturo) use DISABLE_PERSISTENT_CONFIG and use that to then set the WEBUI_URL (check docs for exact env var names, this is from the top of my head) > > but to answer your question: there's a way for everything The var is ENABLE_PERSISTENT_CONFIG (need to set to false). But how does it work? If I set it to false it will use the env var only for this specific run or will it save the new value as well (ie. it disables only loading of the variables, or does not touch them at all)?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#55895
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?