Issues on Single Sign-On feature


We are trying to implement SSO feature recently released to authenticate all VPN connection but we are facing to some issue:

  • The link to perform authentication is built based on the “public addres” field defined on the server and not the “sync address” which from my point of view should more correspond to the public facing address for API ?
  • Also, when using a custom port for API (not 443), the port is not included in the URL

Moreover, the browser does not always open for authentication, which could be a real issue to globally deploy the feature. Could you share with us how to debug this issue ? We have just tested on 2 clients, both have default browser defined on Windows, one is properly opening the browser, and not the second…

Thanks for you help!

The sync addresses and remotes are added to a list and tried in a random order. The newer clients that are still in testing in the GitHub releases will prioritize the sync address for WireGuard connections. I have updated the code on the repository to also do this for OpenVPN connections using single sign-on authentication. This will get included in the next release.

The function is used to open links on Windows and macOS. On Linux xdg-open is attempted if an error occurs is tried. If these aren’t working a dialog is shown on the client that the user can click to copy the link. It may be an issue with the operating system default browser or application defaults preventing the browser from opening.

There isn’t any way of debugging it because only the elevated background service can initiate the URL open event which is then processed by the Electron main process. There was an issue with some releases where the event handlers were being registered multiple times causing issues. That may only be fixed in the newer releases on GitHub not the stable release on the homepage.