khanh.pndc/open-webui-docs
1
0
Fork 0
mirror of https://github.com/open-webui/docs.git synced 2025-12-12 07:29:49 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update env-configuration.mdx

Browse Source
This commit is contained in:
Classic298
2025-11-11 09:21:56 +01:00
committed by GitHub
parent 1db46642cd
commit 2a81659dda
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/getting-started/env-configuration.mdx
View File

@@ -82,11 +82,11 @@ Failure to set WEBUI_URL before using OAuth/SSO will result in failure to log in
- Description: Toggles email, password, sign-in and "or" (only when `ENABLE_OAUTH_SIGNUP` is set to True) elements.
- Persistence: This environment variable is a `PersistentConfig` variable.
#### `ENABLE_PASSWORD_BASED_LOGIN`
#### `ENABLE_PASSWORD_AUTH`
- Type: `bool`
- Default: `True`
- Description: Allows both password and SSO authentication methods to coexist when set to True. When set to False, **while SSO is enabled (`ENABLE_OAUTH_SIGNUP`=True)**, it disables all password-based login attempts on the /signin and /ldap endpoints, enforcing strict SSO-only authentication. Disable this setting in production environments with fully configured SSO to prevent credential-based account takeover attacks; keep it enabled if you require password authentication as a backup or have not yet completed SSO configuration. Should never be disabled if OAUTH/SSO is not being used.
- Description: Allows both password and SSO authentication methods to coexist when set to True. When set to False, it disables all password-based login attempts on the /signin and /ldap endpoints, enforcing strict SSO-only authentication. Disable this setting in production environments with fully configured SSO to prevent credential-based account takeover attacks; keep it enabled if you require password authentication as a backup or have not yet completed SSO configuration. Should never be disabled if OAUTH/SSO is not being used.
:::danger