[GH-ISSUE #2944] pangolin ce v1.18.1 impossible to access /admin /admin/idp pages #19362

Closed
opened 2026-05-21 20:16:18 -05:00 by GiteaMirror · 6 comments
Owner

Originally created by @Kisaragi-ng on GitHub (Apr 30, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2944

Describe the Bug

when visiting /myorgname/settings/idp in a self-hosted version there's an instruction as follows:

Identity providers (IdPs) per organization are disabled on this server. It is using global IdPs (shared across all organizations). Manage global IdPs in the admin panel. To use identity providers per organization, you must upgrade to the Enterprise edition.

however, the link in admin panel when clicked just redirect back to /myorgname/settings/sites

everything under /admin such as /admin/license also seems to be inaccessible without any notice / warnings.

Environment

  • OS Type & Version: (e.g., Ubuntu 22.04) Docker 29.4.1
  • Pangolin Version: v1.18.1
  • Traefik Version: v3.6.15

To Reproduce

  1. Log in as pangolin instance administrator
  2. navigate to Access Control -> Identity Providers
  3. receive information in Identity Providers page
  4. click [admin panel] hyperlink
  5. gets redirected to Network -> Sites

Expected Behavior

  1. /admin/idp can be accessed normally to edit my generic OIDC provider
Originally created by @Kisaragi-ng on GitHub (Apr 30, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2944 ### Describe the Bug when visiting `/myorgname/settings/idp` in a self-hosted version there's an instruction as follows: > Identity providers (IdPs) per organization are disabled on this server. It is using global IdPs (shared across all organizations). Manage global IdPs in the [admin panel]( ). To use identity providers per organization, you must upgrade to the Enterprise edition. however, the link in admin panel when clicked just redirect back to `/myorgname/settings/sites` everything under /admin such as /admin/license also seems to be inaccessible without any notice / warnings. ### Environment - OS Type & Version: ~~(e.g., Ubuntu 22.04)~~ Docker 29.4.1 - Pangolin Version: v1.18.1 - Traefik Version: v3.6.15 ### To Reproduce 1. Log in as pangolin instance administrator 2. navigate to Access Control -> Identity Providers 3. receive information in Identity Providers page 4. click [admin panel] hyperlink 5. gets redirected to Network -> Sites ### Expected Behavior 1. `/admin/idp` can be accessed normally to edit my generic OIDC provider
Author
Owner

@LaurenceJJones commented on GitHub (Apr 30, 2026):

Can you confirm when you are logged in a your instance administrator on the left hand panel just under organizations you can see "Sever admin"?

<!-- gh-comment-id:4351586373 --> @LaurenceJJones commented on GitHub (Apr 30, 2026): Can you confirm when you are logged in a your instance administrator on the left hand panel just under organizations you can see "Sever admin"?
Author
Owner

@Kisaragi-ng commented on GitHub (May 1, 2026):

This is how it looks yesterday,

Image

This was logged in into user with "Admin" role using OIDC Provider.

Today, my pangolin session seems to be expired, so I have to re-login. this time I don't use my OIDC since I know it won't work yet until I change my oidc secret keys inside pangolin.

Image

This login is using the default user, with "Owner" Role. I can access /admin/idp properly.

Does this means the /admin page is accessible using local user only?. if this isn't intent then it could be a bug

<!-- gh-comment-id:4357515343 --> @Kisaragi-ng commented on GitHub (May 1, 2026): This is how it looks yesterday, <img width="1093" height="653" alt="Image" src="https://github.com/user-attachments/assets/298f42dc-8a1f-4241-86f6-e122e28e507f" /> This was logged in into user with "Admin" role using OIDC Provider. Today, my pangolin session seems to be expired, so I have to re-login. this time I don't use my OIDC since I know it won't work yet until I change my oidc secret keys inside pangolin. <img width="1093" height="653" alt="Image" src="https://github.com/user-attachments/assets/13dba83c-2038-4e9e-b29b-683baabcc283" /> This login is using the default user, with "Owner" Role. I can access `/admin/idp` properly. Does this means the `/admin` page is accessible using local user only?. if this isn't intent then it could be a bug
Author
Owner

@AstralDestiny commented on GitHub (May 1, 2026):

When logged in as the non serveradmin user I can't reach or see anything relate to the /admin nor can I navigate directly to /admin/idp it just pushes me back to the root / where the org is which I had selected. As you can't assign any user to have the serveradmin at all.
(Highest permissiable user role (aka admin)
Image

And if logged in with server admin

Image

Not sure what you mean by "Owner" role?

Image

Only the top one is an role with actual permissions the other roles like Member and such are purely to assign to resources they don't nor can they do anything else. As we don't have any ACL stuff to define what a role can and can't do minus the admin one has everything minus being able to touch orgs it's not part of and to touch the server admin area.

<!-- gh-comment-id:4357815772 --> @AstralDestiny commented on GitHub (May 1, 2026): When logged in as the non serveradmin user I can't reach or see anything relate to the /admin nor can I navigate directly to /admin/idp it just pushes me back to the root / where the org is which I had selected. As you can't assign any user to have the serveradmin at all. (Highest permissiable user role (aka admin) <img width="246" height="756" alt="Image" src="https://github.com/user-attachments/assets/b8061584-1508-4988-92b7-4d922c97dba5" /> And if logged in with server admin <img width="237" height="745" alt="Image" src="https://github.com/user-attachments/assets/44dae1c4-ef39-4e6a-bd61-cfc6c5a20d45" /> Not sure what you mean by "Owner" role? <img width="1505" height="293" alt="Image" src="https://github.com/user-attachments/assets/26fa306b-5914-4f8c-8ec6-ef9f9de6d1b4" /> Only the top one is an role with actual permissions the other roles like Member and such are purely to assign to resources they don't nor can they do anything else. As we don't have any ACL stuff to define what a role can and can't do minus the admin one has everything minus being able to touch orgs it's not part of and to touch the server admin area.
Author
Owner

@Kisaragi-ng commented on GitHub (May 1, 2026):

This one?

Image
<!-- gh-comment-id:4357836024 --> @Kisaragi-ng commented on GitHub (May 1, 2026): This one? <img width="1559" height="441" alt="Image" src="https://github.com/user-attachments/assets/c5e3bdfc-1b3e-4d4b-accc-4140b8741326" />
Author
Owner

@LaurenceJJones commented on GitHub (May 1, 2026):

Does this means the /admin page is accessible using local user only?

Yes currently only the internal user with the role "owner" can access those settings.

<!-- gh-comment-id:4358312186 --> @LaurenceJJones commented on GitHub (May 1, 2026): > Does this means the /admin page is accessible using local user only? Yes currently only the internal user with the role "owner" can access those settings.
Author
Owner

@Kisaragi-ng commented on GitHub (May 1, 2026):

thank you that clean things up. thank you for the help

<!-- gh-comment-id:4358318996 --> @Kisaragi-ng commented on GitHub (May 1, 2026): thank you that clean things up. thank you for the help
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#19362