Disable token authentication

Sephrost · November 26, 2024, 1:56pm

Hello there, i’d like to delegate the authentication method of the admin interface to my idp instance by using reverse proxy request forwarding, but i found no option in the wiki or the config to straight up disable token authentication(meaning no security) without disabling the interface in the process. Can someone pinpoint me in the right direction? Or do i have to open a feature request about this?

BlackDex · November 26, 2024, 2:30pm

See

github.com

dani-garcia/vaultwarden/blob/da3701c0cfa5fb0fe505c18c5f210edb2a71aaf9/.env.template#L394...L396


      
          ## Vaultwarden has a built-in generator by calling `vaultwarden hash`
          ## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
          ## If not set, the admin panel is disabled
          ## New Argon2 PHC string
          ## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
          ## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
          # ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
          ## Old plain text string (Will generate warnings in favor of Argon2)
          # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
          
          ## Enable this to bypass the admin panel security. This option is only
          ## meant to be used with the use of a separate auth layer in front
          # DISABLE_ADMIN_TOKEN=false
          
          ## Number of seconds, on average, between admin login requests from the same IP address before rate limiting kicks in.
          # ADMIN_RATELIMIT_SECONDS=300
          ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
          # ADMIN_RATELIMIT_MAX_BURST=3
          
          ## Set the lifetime of admin sessions to this value (in minutes).
          # ADMIN_SESSION_LIFETIME=20

Topic		Replies	Views
Can't disable admin page Help	4	1378	May 22, 2022
Admin token does not work, even with correct argon2 token Help	2	1151	March 11, 2023
Enabling admin page Help	2	46244	June 2, 2022
Admin Token invalid - cant access admin page Help	4	880	April 26, 2024
Need to secure the admin page	10	5013	December 10, 2024

Disable token authentication

Related topics