Fresh installed "Bitwarden" "An unexpected error occurred" while login

Apps & App Center
10

Hello @Corin,

yesterday I had a closer look at Bitwarden installation on a UCS memberserver.

In general, for the Bitwarden installation to work correctly, some parameters need to be provided. A command-line based installation does not ask for those settings. I therefore recommend to install Bitwarden via the App Center module in the UCS management system. The following parameters are needed:

  • Installation ID and Installation Key. They need to be obtained from Bitwarden at https://bitwarden.com/host. No account at the Bitwarden website is needed for that, as far as I can remember.
  • Email settings. The Bitwarden app needs to be able to send emails and checks for a working SMTP connection.

Now, on to the memberserver problem. Users reported that the identity and sso remained in a restart loop. The reason was a problem during app initialization. Those two containers need a dedicated identity certificate (see Bitwarden documentation). During app installation it used the password from the UCS system for the SSL certificates. This password is stored in a file at /etc/univention/ssl/password, but it does not exist in a UCS member server. The needed certificate is satisfied with any password and it just needs to be made known to Bitwarden via a defined environment variable.

An app update is on the way. If you can wait for it, please wait!!

Here are the steps that worked for me. Please be aware to only apply them on a UCS system in the memberserver role.

# Create a random password and store it in the file expected by the app
pwgen -s 64 1 | tr -d '\n' > /etc/univention/ssl/password

export hostname=$(ucr get hostname)
export IDENTITY_PFX_FILE=/var/lib/univention-appcenter/apps/bitwarden/config/identity/identity.pfx

# Create a new certificate file for the identity service
openssl pkcs12 -export -out "$IDENTITY_PFX_FILE" -inkey
/etc/univention/ssl/$hostname/private.key -in
/etc/univention/ssl/$hostname/cert.pem  -certfile
/etc/univention/ssl/$hostname/cert.pem -passout pass:$(cat
/etc/univention/ssl/password)

# Reinitialize the bitwarden app in order to apply the changes
univention-app reinitialize bitwarden

Best regards,
Nico