mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-19 02:13:17 -05:00
[GH-ISSUE #7372] Blank Screen on SSO Login #35642
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @lucasdina on GitHub (Jun 24, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7372
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Config:
Vaultwarden Build Version
1.36.0
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
nginxproxymanager 2.15.1
Host/Server Operating System
Linux
Operating System Version
Linux Mint 22.3
Clients
Android
Client Version
2026.5.1
Steps To Reproduce
Open Bitwarden Android app
Select Log in with SSO / OIDC
Enter self-hosted Vaultwarden server URL
Redirect to Authelia login page
Observe black screen where login UI should be rendered
Expected Result
User should see the authelia log in page.
Actual Result
The URL is correct but the page renders nothing.
Logs
Screenshots or Videos
No response
Additional Context
When using bitwarden mobile (android), I enter the url for my vaultwarden then select the sso login. Im taken to a blank screen. If I plug my phone into my computer and view the browser tab via the debugger, it renders properly. sso isnt an issue in the browser or the plugin, only mobile. via debug mode, im able to log into authelia and am prompted to enter my master password, then I have access. Ive tried adding "proxy_hide_header X-Frame-Options;" to nginx in case the issue was that the authelia page was embedded but I get the same result. Ill include the rest of my nginx config below.
`location / {
set $upstream_authelia http://x.x.x.y:9091; # This example assumes a Docker deployment
proxy_pass $upstream_authelia;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
set_real_ip_from x.x.x.x/16;
real_ip_header CF-Connecting-IP;
real_ip_recursive on;
proxy_hide_header X-Frame-Options;
}`
@stefan0xC commented on GitHub (Jun 24, 2026):
Why do you think that this is a bug in Vaultwarden?
@lucasdina commented on GitHub (Jun 24, 2026):
@stefan0xC I don't think its 100% vaultwarden but the bitwarden guys sent me here. Apparently they wont touch the bug because my back end is vault warden. Here's the bug I opened on their side:
https://github.com/bitwarden/android/issues/7094
@stefan0xC commented on GitHub (Jun 24, 2026):
Why do you think that it is a bug at all? I see a
Domain Configuration Check: falsefor example, which hints to me that you did not configure your instance correctly. Now I am not sure if that is responsible for the black screen on your Android but if the redirect works it seems more likely to be an issue with your Android? Can you try to enable the flight recorder as described in the Android troubleshooting guide?@lucasdina commented on GitHub (Jun 24, 2026):
I think its a bug because I haven't changed my config in about a year now. Its been very stable and I've been happy with it. I need to log off for the night but I'll try the domain config check property tomorrow as well as the android flight recorder. Just a note, on my android, if i try to log in via web, sso works perfectly. The issue is only via the mobile app plus sso. Thank you for the responses as well.
@stefan0xC commented on GitHub (Jun 24, 2026):
Well, given your description and that it works for other clients I think the same argument would apply for Vaultwarden and it would have to be a bug in either the Bitwarden Android app or the WebView (your Android version, default browser, something else the Flight Recorder or an adb session might give more clues) or your configuration.
@BlackDex commented on GitHub (Jun 24, 2026):
I also see that the diagnostics doesn't see the IP header. So either something is wrong with your reverse proxy, or you accessed the admin backend via a different route, like direct IP or something.