SAML2 Authentication #2125

New Issue

OVERLORD · 2026-02-05T03:01:21+03:00

OVERLORD commented

2026-02-05 03:01:21 +03:00

Originally created by @pmbmarques on GitHub (Feb 26, 2021).

I'm trying to authenticate users using saml2 with simplesaml, and i can not get the attributes from simplesaml processed on bookstack. Here is the json response:

id_from_idp	"521ab6a8feaca115560bdefa98806e103bb0f739"
attrs_from_idp	[]
attrs_after_parsing:
external_id	"521ab6a8feaca115560bdefa98806e103bb0f739"
name	"521ab6a8feaca115560bdefa98806e103bb0f739"
email	null
saml_id	"521ab6a8feaca115560bdefa98806e103bb0f739"

The result for email is always null.

I can confirm that the simplesaml is correctly releasing the attibutes (mail and username).

Someone went through the same problem?

thanks

Originally created by @pmbmarques on GitHub (Feb 26, 2021). I'm trying to authenticate users using saml2 with simplesaml, and i can not get the attributes from simplesaml processed on bookstack. Here is the json response: id_from_idp | "521ab6a8feaca115560bdefa98806e103bb0f739" -- | -- attrs_from_idp | [] attrs_after_parsing: external_id | "521ab6a8feaca115560bdefa98806e103bb0f739" name | "521ab6a8feaca115560bdefa98806e103bb0f739" email | null saml_id | "521ab6a8feaca115560bdefa98806e103bb0f739" The result for email is always null. I can confirm that the simplesaml is correctly releasing the attibutes (mail and username). Someone went through the same problem? thanks

OVERLORD added the 🐕 Support label 2026-02-05 03:01:21 +03:00

OVERLORD closed this issue

2026-02-05 03:01:26 +03:00

OVERLORD commented

2026-02-05 03:01:32 +03:00

@ssddanbrown commented on GitHub (Feb 26, 2021):

Hi @pmbmarques,

I tested the SAML2 implementation with simplesamlphp during development so it should be possible to get something working.
Can you provide any details regarding the configuration used for the bookstack .env or used within simplesamlphp at all?

The empty attrs_from_idp property generally indicates no attributes are being provided to BookStack from the SAML system.

@ssddanbrown commented on GitHub (Feb 26, 2021): Hi @pmbmarques, I tested the SAML2 implementation with simplesamlphp during development so it should be possible to get something working. Can you provide any details regarding the configuration used for the bookstack `.env` or used within simplesamlphp at all? The empty `attrs_from_idp` property generally indicates no attributes are being provided to BookStack from the SAML system.

OVERLORD commented

2026-02-05 03:01:39 +03:00

@pmbmarques commented on GitHub (Feb 26, 2021):

Hi,
There is my config for bookstack, I try different combinations on
SAML2_EMAIL_ATTRIBUTE and SAML2_EXTERNAL_ID_ATTRIBUTE like mail and uid
instead of the ones in the config.

When the login is successfully processed on simplesaml, i can see the core
attributes being released on the consent page.
[image: InkedScreenshot 2021-02-26 14.07.58_LI (2).jpg]

.env
AUTH_METHOD=saml2
SAML2_NAME=SSO
SAML2_EMAIL_ATTRIBUTE=email
SAML2_DISPLAY_NAME_ATTRIBUTES=FirstName|LastName
SAML2_EXTERNAL_ID_ATTRIBUTE=username
SAML2_IDP_ENTITYID=https://*/simplesaml/saml2/idp/metadata.php
SAML2_AUTOLOAD_METADATA=false
SAML2_IDP_SSO=https:// * /simplesaml/saml2/idp/SSOService.php
SAML2_IDP_SLO=https:/ *
/simplesamlserver/simplesaml/saml2/idp/SingleLogoutService.php
SAML2_IDP_x509="-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----"
SAML2_ONELOGIN_OVERRIDES=null
SAML2_DUMP_USER_DETAILS=true

my simplesamlconfig
$metadata['https://bookstack.xxxx.xxx/saml2/metadata'] = array(
'AssertionConsumerService' => 'https://bookstack.xxxx.xxx/saml2/acs',
'SingleLogoutService' => 'https://bookstack.xxxx.xxx/saml2/sls
https://bookstack.testes.fct.unl.pt/saml2/sls',
'acs.Bindings' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'NameIDFormat' =>
'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
'authproc' => array(
10 => array (
'class' => 'core:AttributeMap',
'uid' => 'username',
'givenName' => 'FirstName',
'sn' => 'LastName',
'mail' => 'email',
),
),
);

Thanks

Best
Dan Brown notifications@github.com escreveu no dia sexta, 26/02/2021 à(s)
18:09:

Hi @pmbmarques https://github.com/pmbmarques,

I tested the SAML2 implementation with simplesamlphp during development so
it should be possible to get something working.
Can you provide any details regarding the configuration used for the
bookstack .env or used within simplesamlphp at all?

The empty attrs_from_idp property generally indicates no attributes are
being provided to BookStack from the SAML system.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/2595#issuecomment-786807912,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AMG3EKOIFWMQIPOEXGXBQUTTA7PWXANCNFSM4YIVO7XQ
.

@pmbmarques commented on GitHub (Feb 26, 2021): Hi, There is my config for bookstack, I try different combinations on SAML2_EMAIL_ATTRIBUTE and SAML2_EXTERNAL_ID_ATTRIBUTE like mail and uid instead of the ones in the config. When the login is successfully processed on simplesaml, i can see the core attributes being released on the consent page. [image: InkedScreenshot 2021-02-26 14.07.58_LI (2).jpg] *.env* AUTH_METHOD=saml2 SAML2_NAME=SSO SAML2_EMAIL_ATTRIBUTE=email SAML2_DISPLAY_NAME_ATTRIBUTES=FirstName|LastName SAML2_EXTERNAL_ID_ATTRIBUTE=username SAML2_IDP_ENTITYID=https://*/simplesaml/saml2/idp/metadata.php SAML2_AUTOLOAD_METADATA=false SAML2_IDP_SSO=https:// * /simplesaml/saml2/idp/SSOService.php SAML2_IDP_SLO=https:/ * /simplesamlserver/simplesaml/saml2/idp/SingleLogoutService.php SAML2_IDP_x509="-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----" SAML2_ONELOGIN_OVERRIDES=null SAML2_DUMP_USER_DETAILS=true *my simplesamlconfig* $metadata['https://bookstack.xxxx.xxx/saml2/metadata'] = array( 'AssertionConsumerService' => 'https://bookstack.xxxx.xxx/saml2/acs', 'SingleLogoutService' => 'https://bookstack.xxxx.xxx/saml2/sls <https://bookstack.testes.fct.unl.pt/saml2/sls>', 'acs.Bindings' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 'authproc' => array( 10 => array ( 'class' => 'core:AttributeMap', 'uid' => 'username', 'givenName' => 'FirstName', 'sn' => 'LastName', 'mail' => 'email', ), ), ); Thanks Best Dan Brown <notifications@github.com> escreveu no dia sexta, 26/02/2021 à(s) 18:09: > Hi @pmbmarques <https://github.com/pmbmarques>, > > I tested the SAML2 implementation with simplesamlphp during development so > it should be possible to get something working. > Can you provide any details regarding the configuration used for the > bookstack .env or used within simplesamlphp at all? > > The empty attrs_from_idp property generally indicates no attributes are > being provided to BookStack from the SAML system. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/2595#issuecomment-786807912>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AMG3EKOIFWMQIPOEXGXBQUTTA7PWXANCNFSM4YIVO7XQ> > . >

OVERLORD commented

2026-02-05 03:01:44 +03:00

@ssddanbrown commented on GitHub (Oct 25, 2021):

Since the last comment on this issue is relatively old I'm going to close this. If the issue remains and is something you still require to be fixed please open a new issue, referencing this one.

@ssddanbrown commented on GitHub (Oct 25, 2021): Since the last comment on this issue is relatively old I'm going to close this. If the issue remains and is something you still require to be fixed please open a new issue, referencing this one.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2125