Environment:
- OS: RHEL 8
- Java: OpenJDK 21
- Metabase: v0.50.17
- Application DB: PostgreSQL 17
- Web access: https://rep.college.edu:8443/metabase
- Reverse proxy: Apache
- Metabase runs behind a path prefix: /metabase
I recently installed the open version of 0.50.17 Metabase for one of my colleges so they could try it out and decide if they want to get the paid version. I got it installed and configured just like my other colleges and I can reach the login interface. Upon first hit of that web interface, I got the nomal set up your admin account prompt. I did and recorded the password in my password manager. I immediately attempted to log in using the stored password and the web interface immediately restores the blank login prompt with no error. On the metabase.log, it provided this error:
2026-04-15 11:24:37,132 ERROR api.session :: Authentication endpoint error
clojure.lang.ExceptionInfo: Password did not match stored password. {:status-code 401, :errors {:password #metabase.util.i18n.UserLocalizedString{:format-string "did not match stored password", :args , :pluralization-opts {}}}}
I logged into the PG database and made sure my account was listed as the superuser and has a password. It was and it did.
I used this command to generate a reset token:
/usr/lib/jvm/java-21-openjdk-21.0.10.0.7-1.el8.x86_64/bin/java
--add-opens java.base/java.nio=ALL-UNNAMED
-jar metabase.jar reset-password [superuser email]
I restarted metabase with a clean log and tried the reset token in the URL bar:
server.college.edu:8443/metabase/auth/password_reset/[token]
It returns me right back to the original login box with no errors on the screen or in the logs.
My /etc/sysconfig/metabase looks like this:
MB_JETTY_HOST=0.0.0.0
MB_JETTY_PORT=3000
MB_DB_TYPE=postgres
MB_DB_HOST=127.0.0.1
MB_DB_PORT=5432
MB_DB_DBNAME=metabase
MB_DB_USER=[redacted]
MB_DB_PASS=[redacted]
MB_SITE_URL=https://[servername].edu:8443/metabase
MB_APPLICATION_BASE_URL=/metabase
MB_JETTY_CONTEXT_PATH=/metabase
My conf.d/metabase-8443.conf looks like this:
Listen 8443
<VirtualHost *:8443>ServerName [server].edu
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/[crt]
SSLCertificateKeyFile /etc/pki/tls/certs/[pem]
SSLCertificateChainFile /etc/pki/tls/certs/[crt]
ProxyPreserveHost On
ProxyRequests Off
# Tell Metabase it is behind HTTPS
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "8443"
# Normalize trailing slash
RedirectMatch 301 ^/metabase$ /metabase/
# Root-Mounted Backend
ProxyPass /metabase/ http://127.0.0.1:3000/metabase/
ProxyPassReverse /metabase/ http://127.0.0.1:3000/metabase/
# FIX SESSION COOKIES
ProxyPassReverseCookiePath / /metabase/
Header always edit Set-Cookie "(?i)Path=/" "Path=/metabase/"
ErrorLog logs/metabase_error.log
CustomLog logs/metabase_access.log combined
</VirtualHost>
Incidentally, this is happening to a colleague of mine who is setting up a free instance at his college for them to test as well. At this point, I don’t know if this is a bug with this version or a configuration issue. I am using Co-Pilot to help me troubleshoot, as I am not very familiar with API’s and web configurations. Has anyone else run into this issue? I don’t see anything in the Discussion Boards quite like this.