After login via SAML, Bookstack redirects to home page instead of original URL #2091

New Issue

Closed

opened 2026-02-05 02:52:03 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2026-02-05 02:52:03 +03:00

Owner

Copy Link

Originally created by @tmrhymer on GitHub (Feb 11, 2021).

Describe the bug
We recently implemented SAML/SSO for our Bookstack environment and authentication works great except for one issue. If an unauthenticated user tries to navigate directly to an inner Bookstack page, they get redirected to the login page. They click Login With SSO. After authenticating, they are redirected to our Bookstack home page instead of the originally requested URL. Users than have to go back click/type in their original URL.

Steps To Reproduce
In an environment using SAML/SSO for authentication:

1. Go to an inner page that requires authentication
2. Click Login with SSO
3. You get redirected to the home page instead of the originally requested inner page.

Expected behavior
We would expect to be redirected to the originally requested page after authenticating with SAML/SSO

Your Configuration (please complete the following information):

• Exact BookStack Version (Found in settings): 31.4
• PHP Version: PHP 7.3.26
• Hosting Method (Nginx/Apache/Docker): Apache 2.4.6

Additional context
IDP is Azure AD

SAML2_NAME=SSO
SAML2_EMAIL_ATTRIBUTE=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
SAML2_EXTERNAL_ID_ATTRIBUTE=uid
SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/identity/claims/displayname
SAML2_IDP_ENTITYID=https://sts.windows.net/<redacted>/
SAML2_AUTOLOAD_METADATA=false
SAML2_IDP_SSO=https://login.microsoftonline.com/<redacted>/saml2
SAML2_IDP_SLO=https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
SAML2_IDP_x509=<redacted>

Originally created by @tmrhymer on GitHub (Feb 11, 2021). **Describe the bug** We recently implemented SAML/SSO for our Bookstack environment and authentication works great except for one issue. If an unauthenticated user tries to navigate directly to an inner Bookstack page, they get redirected to the login page. They click Login With SSO. After authenticating, they are redirected to our Bookstack home page instead of the originally requested URL. Users than have to go back click/type in their original URL. **Steps To Reproduce** In an environment using SAML/SSO for authentication: 1. Go to an inner page that requires authentication 2. Click Login with SSO 3. You get redirected to the home page instead of the originally requested inner page. **Expected behavior** We would expect to be redirected to the originally requested page after authenticating with SAML/SSO **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): 31.4 - PHP Version: PHP 7.3.26 - Hosting Method (Nginx/Apache/Docker): Apache 2.4.6 **Additional context** IDP is Azure AD  ``` SAML2_NAME=SSO SAML2_EMAIL_ATTRIBUTE=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress SAML2_EXTERNAL_ID_ATTRIBUTE=uid SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/identity/claims/displayname SAML2_IDP_ENTITYID=https://sts.windows.net/<redacted>/ SAML2_AUTOLOAD_METADATA=false SAML2_IDP_SSO=https://login.microsoftonline.com/<redacted>/saml2 SAML2_IDP_SLO=https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 SAML2_IDP_x509=<redacted> ```

OVERLORD added the 🐛 Bug🚪 Authentication🏭 Back-End labels 2026-02-05 02:52:03 +03:00

OVERLORD closed this issue 2026-02-05 02:52:08 +03:00

OVERLORD commented 2026-02-05 02:52:13 +03:00

Author

Owner

Copy Link

@WarriorXK commented on GitHub (Feb 12, 2021):

Same issues here on 31.6, its a minor issue but would be great to see this fixed.

@WarriorXK commented on GitHub (Feb 12, 2021): Same issues here on 31.6, its a minor issue but would be great to see this fixed.

OVERLORD commented 2026-02-05 02:52:18 +03:00

Author

Owner

Copy Link

@kendraspock commented on GitHub (Jun 30, 2021):

We are having this issue as well and it's quite an inefficient process. Would love to see this get resolved ASAP!

@kendraspock commented on GitHub (Jun 30, 2021): We are having this issue as well and it's quite an inefficient process. Would love to see this get resolved ASAP!

OVERLORD commented 2026-02-05 02:52:23 +03:00

Author

Owner

Copy Link

@zimbeo commented on GitHub (Jun 30, 2021):

Please fix! It's a minor issue but greatly affects user experience and usability for things like bookmarks.

@zimbeo commented on GitHub (Jun 30, 2021): Please fix! It's a minor issue but greatly affects user experience and usability for things like bookmarks.

OVERLORD commented 2026-02-05 02:52:29 +03:00

Author

Owner

Copy Link

@tmrhymer commented on GitHub (Jun 30, 2021):

After reading up a bit on this, it looks like most implementations make use of the RelayState mechanism to redirect back to the originally requested URL. Is this something that could be added to Bookstacks implementation?

@tmrhymer commented on GitHub (Jun 30, 2021): After reading up a bit on this, it looks like most implementations make use of the RelayState mechanism to redirect back to the originally requested URL. Is this something that could be added to Bookstacks implementation?

OVERLORD commented 2026-02-05 02:52:37 +03:00

Author

Owner

Copy Link

@benyoung-iw commented on GitHub (Jul 6, 2021):

Running into this as well. Definitely a minor issue, but one that causes friction and hurts adoption for our users.

@benyoung-iw commented on GitHub (Jul 6, 2021): Running into this as well. Definitely a minor issue, but one that causes friction and hurts adoption for our users.

OVERLORD commented 2026-02-05 02:52:42 +03:00

Author

Owner

Copy Link

@pandoraslunchbox commented on GitHub (Aug 10, 2021):

Our business has users request this to support about monthly, it's definitely becoming a headache for people as we get more using this wonderful tool!

@pandoraslunchbox commented on GitHub (Aug 10, 2021): Our business has users request this to support about monthly, it's definitely becoming a headache for people as we get more using this wonderful tool!

OVERLORD commented 2026-02-05 02:52:44 +03:00

Author

Owner

Copy Link

@artschwagerb commented on GitHub (Sep 17, 2021):

Bump, not a php developer but this could be solved with a "next" url parameter.

Users who are not logged in are redirected to the login page with the previous page's relative url set in the "next" url parameter.

After login, if the "next" url parameter exists the user is redirected there. If it does not, the user is sent to the "home" page.

@artschwagerb commented on GitHub (Sep 17, 2021): Bump, not a php developer but this could be solved with a "next" url parameter. Users who are not logged in are redirected to the login page with the previous page's relative url set in the "next" url parameter. After login, if the "next" url parameter exists the user is redirected there. If it does not, the user is sent to the "home" page.

OVERLORD commented 2026-02-05 02:52:47 +03:00

Author

Owner

Copy Link

@ghost commented on GitHub (Sep 22, 2021):

I'm having the same problem, can someone provide a workaround?

@ghost commented on GitHub (Sep 22, 2021): I'm having the same problem, can someone provide a workaround?

OVERLORD commented 2026-02-05 02:52:52 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 19, 2021):

This is due to the session being lost upon redirection from the idp due to it being a POST request while BookStack session cookies are samesite=lax by default. Also affects SAML request verification.

Maybe we need to introduce a level of redirect loop via get request but the SAML toolkit does run against the current request which can complicate things. Assigned to be looked into for the next release.

@ssddanbrown commented on GitHub (Oct 19, 2021): This is due to the session being lost upon redirection from the idp due to it being a POST request while BookStack session cookies are `samesite=lax` by default. Also affects SAML request verification. Maybe we need to introduce a level of redirect loop via get request but the SAML toolkit does run against the current request which can complicate things. Assigned to be looked into for the next release.

OVERLORD commented 2026-02-05 02:52:55 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 20, 2021):

Addressed within #2996. Will be part of the next feature release.

@ssddanbrown commented on GitHub (Oct 20, 2021): Addressed within #2996. Will be part of the next feature release.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug 🚪 Authentication 🏭 Back-End

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2091