self-hosted
self-hosted copied to clipboard
getsentry
SSO (ADFS) with 2FA broken
Environment
self-hosted (https://develop.sentry.dev/self-hosted/)
Steps to Reproduce
- install self-hosted sentry
- add ADFS SSO
- add 2FA to user accounts
Expected Result
after login write totp key & work
Actual Result
2FA works for some users, for others it doesn’t (it asks for a key, but regardless of its correctness, it simply doesn’t login into sentry)
Product Area
Sign In
Link
No response
DSN
No response
Version
23.6.1
![getsantry[bot] avatar](https://avatars.githubusercontent.com/in/66573?v=4 "Published by a pub.dev verified publisher"){kind=small}
Do you have any server logs (from the web container) when these log ins fail? Generally, you'll be looking for a 400 or 403 error.
This issue has gone three weeks without activity. In another week, I will close it.
But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!
"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀
Do you have any server logs (from the
webcontainer) when these log ins fail? Generally, you'll be looking for a 400 or 403 error.
I apologize for the long wait. I was sure I had already answered.
so, at the time of the problem I don’t see errors 40* in the logs
Do you see anything suspicious in the web logs at all? It's odd that it would fail to log users in without leaving any breadcrumbs.
Do you see anything suspicious in the
weblogs at all? It's odd that it would fail to log users in without leaving any breadcrumbs.
We will try to repeat the problem on a test bench so as not to experiment on a production instance. I'll come back later with an example log.
This issue has gone three weeks without activity. In another week, I will close it.
But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!
"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀