[GH-ISSUE #2872] rootUri + OIDC single sign-on #998

New issue

Closed

opened 2026-03-07 20:57:55 +03:00 by kerem · 0 comments

kerem commented

2026-03-07 20:57:55 +03:00

Owner

Originally created by @antdbv on GitHub (Aug 22, 2024).
Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/2872

Describe the bug
We are running CloudBeaver EE under a rootURI subpath (/cloudbeaver) and have configured CloudBeaver EE to use OIDC single-sign-on.

We are having an issue where, if we set the rootURI to /cloudbeaver and the server URL to my.domain.com/cloudbeaver, the resulting OIDC signon URL duplicates the rootURI. (/cloudbeaver/cloudbeaver/api/openid/provider/signon)

If I set rootURI to /cloudbeaver and the server URL to just the domain (my.domain.com), the SSO flow works, but the redirect URL to sso.html does not contain the rootURI. (my.domain.com/sso.html versus my.domain.com/cloudbeaver/sso.html). So, after a successful login, the login window remains open and redirects to another site at the root of our domain.

AS #371793
conf.txt
runtime.txt
error screenshot
logs
slack thread

possible solution from @alexander-skoblikov
add this to plugins section of runtime

{
....
"app": {
....
"plugins": {
.....
"openid": {
"signon-finish-uri": "/cloudbeaver/sso.html",
"signout-finish-uri": "/cloudbeaver/sso.html"
}
}
}

Originally created by @antdbv on GitHub (Aug 22, 2024). Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/2872 **Describe the bug** We are running CloudBeaver EE under a rootURI subpath (/cloudbeaver) and have configured CloudBeaver EE to use OIDC single-sign-on. We are having an issue where, if we set the rootURI to /cloudbeaver and the server URL to [my.domain.com/cloudbeaver](https://my.domain.com/cloudbeaver), the resulting OIDC signon URL duplicates the rootURI. (/cloudbeaver/cloudbeaver/api/openid/provider/signon) If I set rootURI to /cloudbeaver and the server URL to just the domain ([my.domain.com](https://my.domain.com/)), the SSO flow works, but the redirect URL to sso.html does not contain the rootURI. ([my.domain.com/sso.html](https://my.domain.com/sso.html) versus [my.domain.com/cloudbeaver/sso.html](https://my.domain.com/cloudbeaver/sso.html)). So, after a successful login, the login window remains open and redirects to another site at the root of our domain. [AS #371793](https://dbeaver.com/wp-admin/post.php?post=371793&action=edit) [conf.txt](https://dbeaver.com/?wpas-attachment=371795) [runtime.txt](https://dbeaver.com/?wpas-attachment=371796) [error screenshot](https://dbeaver.com/?wpas-attachment=371794) [logs](https://dbeaver.com/?wpas-attachment=372296) [slack thread](https://dbeaver.slack.com/archives/G01279ZD2S0/p1724267226101779) possible solution from @alexander-skoblikov add this to plugins section of runtime { .... "app": { .... "plugins": { ..... "openid": { "signon-finish-uri": "/cloudbeaver/sso.html", "signout-finish-uri": "/cloudbeaver/sso.html" } } }