Bitwarden SSO with key connector
Hello.
We are currently in the process of selecting a login manager for our company. SSO and integration in RDM are conditions, among other things. SSO meets almost all solutions, but integration in RDM together with SSO works flawlessly so far only in beta RDM together with Keeper.
We mainly wanted to test the integration with Bitwarden. In the beta version RDM there is a new option to use API key, but when we use onpremise Bitwarden deployment with Key connector, the data is not loaded. I assume this is due to the missing master password, but when using Key connector the master passrod is not set.
If I use APi together with the cloud version and the master password set, everything works fine.
All Comments (6)
Hello,
Are you using Vaultwarden, since you mention your Bitwarden being on-premise? If that's the case, it doesn't support the API key login method yet: https://vaultwarden.discourse.group/t/personal-api-key-cli/1190
The API key login method should work for the official Bitwarden product, which is what we're focused on supporting.
Regards,
Hubert Mireault
We are running a PoC together with Bitwarden company. I don't really know Vaultwarden :)
Hello,
I didn't know that Bitwarden offered an official on-premise version of their product, but maybe there is something different with it compared to the cloud version.
Do you have any logs located in Help > Application Logs? Perhaps it could pinpoint what isn't working.
Regards,
Hubert Mireault
Hey. Hey.
Yes, Bitwarden allows you to run an instance on your own hardware. https://bitwarden.com/help/install-on-premise-linux/
And in the case of such a deployment, the so-called Key connector can be used in the case of SSO, where the user does not have a Master password.
https://bitwarden.com/help/about-key-connector/
This is exactly the configuration under consideration (but not yet decided) for our deployment.
Application log:
PasswordManagerAccess.Common.CryptoException: MAC doesn't match. The vault is most likely corrupted.
at PasswordManagerAccess.Bitwarden.CipherString.DecryptAes256CbcHmacSha256(Byte[] key)
at PasswordManagerAccess.Bitwarden.CipherString.Decrypt(Byte[] key)
at PasswordManagerAccess.Bitwarden.Client.DecryptVault(Vault vault, Byte[] key)
at PasswordManagerAccess.Bitwarden.Client.OpenVaultCliApi(String clientId, String clientSecret, String password, String deviceId, String baseUrl, IRestTransport transport)
at PasswordManagerAccess.Bitwarden.Vault.Open(ClientInfoCliApi clientInfo, String baseUrl)
at Devolutions.RemoteDesktopManager.Managers.BitwardenManager.InitializeAPIKey(String clientId, String clientSecret, String password, String customUrl)
Thanks a lot for the information, we will investigate to figure out what we can do.
Regards,
Hubert Mireault
Hello,
After investigating, I wanted to confirm that at the moment, SSO with Bitwarden is not supported, but it is on our task list. It's not a small change but it's something that has been asked by a few of our users already.
What confused me was the term "Key connector" compared to our "API key" authentication method, but they aren't compatible. The API key method is different than SSO. This is the API key method we implement: https://bitwarden.com/help/personal-api-key/
I hope this clarifies the situation. We will be updating this thread once we have news on the SSO support for Bitwarden.
Regards,
Hubert Mireault