From 3052d488de0e108c71ee5e3148aadca46d3ac424 Mon Sep 17 00:00:00 2001 From: Xavier Morel Date: Tue, 9 Jun 2026 13:07:51 +0200 Subject: [PATCH] feat(vault): update vault SSO config --- config/vault-vaultwarden.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/vault-vaultwarden.nix b/config/vault-vaultwarden.nix index ee300e7..38ed641 100644 --- a/config/vault-vaultwarden.nix +++ b/config/vault-vaultwarden.nix @@ -27,14 +27,14 @@ in ORG_CREATION_USERS = config.globals.master.email; SSO_ENABLED = true; - SSO_AUTH_ONLY_NOT_SESSION = true; + # SSO_AUTH_ONLY_NOT_SESSION = true; SSO_AUTHORITY = "https://${auth_host}/application/o/vaultwarden/"; SSO_CLIENT_ID = oidc.oidc_client_id; SSO_CLIENT_SECRET = oidc.oidc_secret_id; SSO_SCOPES = "openid profile email offline_access"; SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION = false; SSO_CLIENT_CACHE_EXPIRATION = 0; - SSO_ONLY = false; # Set to true to disable email and master password login and require SSO + SSO_ONLY = true; # Set to true to disable email and master password login and require SSO SSO_SIGNUPS_MATCH_EMAIL = true; # Match first SSO login to an existing account by email }; dbBackend = "postgresql";