mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 17:02:14 -05:00
[GH-ISSUE #7416] 2FA "Remember Me" option ignored when logging in via SSO identifier URL (/sso?identifier=...) #35653
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @netzdvt on GitHub (Jul 13, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7416
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, INVITATIONS_ALLOWED, ADMIN_TOKEN, IP_HEADER, SSO_ENABLED, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_CLIENT_ID, SSO_CLIENT_SECRET, SSO_AUTHORITY, SSO_SCOPES, SSO_MASTER_PASSWORD_POLICY, SSO_AUTH_ONLY_NOT_SESSION, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM
Config:
Screenshots or Videos
No response
Additional Context
We have configured Vaultwarden with SSO_ONLY=true and DISABLE_2FA_REMEMBER=false (allowing users to remember 2FA on their devices).
We allow our users to log in directly via the SSO URL by providing the identifier, bypassing the email input step:
https://our-vault/#/sso?identifier=00000000-01DC-01DC-01DC-00000000000
The Issue:
Even if users check the "Don't ask again on this device for 30 days" checkbox during the 2FA prompt, the setting is completely ignored. Users are forced to provide their 2FA token on every single login attempt via this URL.
It seems that during this specific direct SSO routing, Vaultwarden bypasses checking the "remember me" device cookie/token and immediately expects the 2FA token.
@stefan0xC commented on GitHub (Jul 13, 2026):
That is a client-side issue / known limitiation because you don't enter a email address as discussed here https://github.com/dani-garcia/vaultwarden/issues/6191#issuecomment-3721330934