SAML Login via iFrame fails with "OneLogin\Saml2\Error Invalid ACS Response: invalid_response" #2857

New Issue

Closed

opened 2026-02-05 05:28:49 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 05:28:49 +03:00

Owner

Copy Link

Originally created by @add-n2x on GitHub (Jun 18, 2022).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

I've configured BookStack with an external SimpleSAML idP at sso.domain.com. This is working fine in an individual browser tab.

Then there is also a Nextcloud menu integration at cloud.domain.com. I'm explicitly allowing BookStack to be embedded into iFrames by having these set:

ALLOWED_IFRAME_HOSTS="https://cloud.domain.com https://sso.domain.com"
ALLOWED_IFRAME_SOURCES="https://cloud.domain.com https://sso.domain.com"

So far so good. But when I click on the Bockstack Login button in the iFrame I get:

OneLogin\Saml2\Error
Invalid ACS Response: invalid_response

No InResponseTo at the Response, but it was provided the requestId related to the AuthNRequest sent by the SP: ONELOGIN_de3e4f6fd111dabe7794c431f9fc050c0160a0e6

Exact BookStack Version

v22.04.2

Log Content

Server Log

bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:23 +0000] "POST /saml2/login HTTP/1.1" 302 5497 "https://book.mybookstackdomain.com/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"
bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:24 +0000] "POST /saml2/acs HTTP/1.1" 302 1041 "https://sso.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"
bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:24 +0000] "GET /saml2/acs?id=7Ferbvo63jReGbQx HTTP/1.1" 200 2816 "https://sso.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"

Browser Log

Failed to load resource: the server responded with a status of 500 ()
DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/styles.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/app.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/print-styles.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE

Stacktrace

#0 /var/www/bookstack/app/Http/Controllers/Auth/Saml2Controller.php(119): BookStack\Auth\Access\Saml2Service->processAcsResponse('ONELOGIN_de354f...', 'PHNhbWxwOlJlc3B...')
#1 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\Saml2Controller->processAcs(Object(BookStack\Http\Request))
#2 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction('processAcs', Array)
#3 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(BookStack\Http\Controllers\Auth\Saml2Controller), 'processAcs')
#4 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#5 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run()
#6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(BookStack\Http\Request))
#7 /var/www/bookstack/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#8 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle(Object(BookStack\Http\Request), Object(Closure), 'saml2')
#9 /var/www/bookstack/app/Http/Middleware/Localization.php(84): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle(Object(BookStack\Http\Request), Object(Closure))
#11 /var/www/bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle(Object(BookStack\Http\Request), Object(Closure))
#13 /var/www/bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle(Object(BookStack\Http\Request), Object(Closure))
#15 /var/www/bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#16 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle(Object(BookStack\Http\Request), Object(Closure))
#17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#18 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(BookStack\Http\Request), Object(Closure))
#19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#20 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(BookStack\Http\Request), Object(Closure))
#21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#22 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest(Object(BookStack\Http\Request), Object(Illuminate\Session\Store), Object(Closure))
#23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle(Object(BookStack\Http\Request), Object(Closure))
#24 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(BookStack\Http\Request), Object(Closure))
#26 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(BookStack\Http\Request), Object(Closure))
#28 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle(Object(BookStack\Http\Request), Object(Closure))
#30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(BookStack\Http\Request))
#33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute(Object(BookStack\Http\Request), Object(Illuminate\Routing\Route))
#34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute(Object(BookStack\Http\Request))
#35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch(Object(BookStack\Http\Request))
#36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(BookStack\Http\Request))
#37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#38 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure))
#39 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure))
#40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(BookStack\Http\Request), Object(Closure))
#42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(BookStack\Http\Request), Object(Closure))
#43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(BookStack\Http\Request), Object(Closure))
#45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(BookStack\Http\Request), Object(Closure))
#47 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#48 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#49 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(BookStack\Http\Request))
#50 /var/www/bookstack/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(BookStack\Http\Request))
#51 {main}

PHP Version

8.1.6

Hosting Environment

Ubuntu VPS, Caddy, BookStack & DB in Docker Compose

PHP Version: 8.1.6
BookStack Version: v22.04.2

Originally created by @add-n2x on GitHub (Jun 18, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I've configured BookStack with an external SimpleSAML idP at sso.domain.com. This is working fine in an individual browser tab. Then there is also a Nextcloud menu integration at cloud.domain.com. I'm explicitly allowing BookStack to be embedded into iFrames by having these set: ``` ALLOWED_IFRAME_HOSTS="https://cloud.domain.com https://sso.domain.com" ALLOWED_IFRAME_SOURCES="https://cloud.domain.com https://sso.domain.com" ``` So far so good. But when I click on the Bockstack Login button in the iFrame I get: > OneLogin\Saml2\Error > Invalid ACS Response: invalid_response `No InResponseTo at the Response, but it was provided the requestId related to the AuthNRequest sent by the SP: ONELOGIN_de3e4f6fd111dabe7794c431f9fc050c0160a0e6` ### Exact BookStack Version v22.04.2 ### Log Content #### Server Log ``` bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:23 +0000] "POST /saml2/login HTTP/1.1" 302 5497 "https://book.mybookstackdomain.com/login" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:24 +0000] "POST /saml2/acs HTTP/1.1" 302 1041 "https://sso.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" bookstack:80 172.21.0.1 - - [18/Jun/2022:10:46:24 +0000] "GET /saml2/acs?id=7Ferbvo63jReGbQx HTTP/1.1" 200 2816 "https://sso.domain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" ``` #### Browser Log ``` Failed to load resource: the server responded with a status of 500 () DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/styles.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/app.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE DevTools failed to load source map: Could not load content for https://book.mybookstackdomain.com/dist/print-styles.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE ``` #### Stacktrace ``` #0 /var/www/bookstack/app/Http/Controllers/Auth/Saml2Controller.php(119): BookStack\Auth\Access\Saml2Service->processAcsResponse('ONELOGIN_de354f...', 'PHNhbWxwOlJlc3B...') #1 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\Saml2Controller->processAcs(Object(BookStack\Http\Request)) #2 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction('processAcs', Array) #3 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(BookStack\Http\Controllers\Auth\Saml2Controller), 'processAcs') #4 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController() #5 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run() #6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(BookStack\Http\Request)) #7 /var/www/bookstack/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #8 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle(Object(BookStack\Http\Request), Object(Closure), 'saml2') #9 /var/www/bookstack/app/Http/Middleware/Localization.php(84): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle(Object(BookStack\Http\Request), Object(Closure)) #11 /var/www/bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle(Object(BookStack\Http\Request), Object(Closure)) #13 /var/www/bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle(Object(BookStack\Http\Request), Object(Closure)) #15 /var/www/bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #16 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle(Object(BookStack\Http\Request), Object(Closure)) #17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #18 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(BookStack\Http\Request), Object(Closure)) #19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #20 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(BookStack\Http\Request), Object(Closure)) #21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #22 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest(Object(BookStack\Http\Request), Object(Illuminate\Session\Store), Object(Closure)) #23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle(Object(BookStack\Http\Request), Object(Closure)) #24 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(BookStack\Http\Request), Object(Closure)) #26 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(BookStack\Http\Request), Object(Closure)) #28 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle(Object(BookStack\Http\Request), Object(Closure)) #30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(BookStack\Http\Request)) #33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute(Object(BookStack\Http\Request), Object(Illuminate\Routing\Route)) #34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute(Object(BookStack\Http\Request)) #35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch(Object(BookStack\Http\Request)) #36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(BookStack\Http\Request)) #37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #38 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure)) #39 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure)) #40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(BookStack\Http\Request), Object(Closure)) #42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(BookStack\Http\Request), Object(Closure)) #43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(BookStack\Http\Request), Object(Closure)) #45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(BookStack\Http\Request), Object(Closure)) #47 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request)) #48 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #49 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(BookStack\Http\Request)) #50 /var/www/bookstack/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(BookStack\Http\Request)) #51 {main} ``` ### PHP Version 8.1.6 ### Hosting Environment Ubuntu VPS, Caddy, BookStack & DB in Docker Compose PHP Version: 8.1.6 BookStack Version: v22.04.2

OVERLORD added the 🐕 Support label 2026-02-05 05:28:49 +03:00

OVERLORD closed this issue 2026-02-05 05:28:54 +03:00

OVERLORD commented 2026-02-05 05:29:02 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 18, 2022):

Hi @davidtrattnig,
Usually scenarios like this can have trouble due to cookie controls blocking cookie usage within iframes and hence issues with session persistence.

Based upon the error message, It seems to me like the BookStack session system is working but something is lost in the response back from SimpleSAML.

Assuming you're using SimpleSAMLphp, what values are set for the session.cookie.secure and session.cookie.samesite options (If existing)?

@ssddanbrown commented on GitHub (Jun 18, 2022): Hi @davidtrattnig, Usually scenarios like this can have trouble due to cookie controls blocking cookie usage within iframes and hence issues with session persistence. Based upon the error message, It seems to me like the BookStack session system is working but something is lost in the response back from SimpleSAML. Assuming you're using SimpleSAMLphp, what values are set for the `session.cookie.secure` and `session.cookie.samesite` options (If existing)?

OVERLORD commented 2026-02-05 05:29:04 +03:00

Author

Owner

Copy Link

@add-n2x commented on GitHub (Jun 19, 2022):

Thanks @ssddanbrown. Yes it's SimpleSAML. I don't have these Cookies set. But I have a "__Host-nc_sameSiteCookiestrict: true" and "__Host-nc_sameSiteCookielax: true" set in the Cookie. Not sure if that's related to SimpleSAML.

@add-n2x commented on GitHub (Jun 19, 2022): Thanks @ssddanbrown. Yes it's SimpleSAML. I don't have these Cookies set. But I have a "`__Host-nc_sameSiteCookiestrict: true`" and "`__Host-nc_sameSiteCookielax: true`" set in the Cookie. Not sure if that's related to SimpleSAML.

OVERLORD commented 2026-02-05 05:29:14 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 19, 2022):

Hi @davidtrattnig,
For clarity, the option names I listed previously were for options within your SimpleSAMLphp configuration file, not the name of cookies.

Do you have such options in your SimpleSAMLphp config?

@ssddanbrown commented on GitHub (Jun 19, 2022): Hi @davidtrattnig, For clarity, the option names I listed previously were for options within your SimpleSAMLphp configuration file, not the name of cookies. Do you have such options in your SimpleSAMLphp config?

OVERLORD commented 2026-02-05 05:29:16 +03:00

Author

Owner

Copy Link

@add-n2x commented on GitHub (Jun 19, 2022):

Clear, thx. I do not have control over the SimpleSAML instance but it is hosted by a third party. I've forwarded your tip and am waiting for an answer now.

@add-n2x commented on GitHub (Jun 19, 2022): Clear, thx. I do not have control over the SimpleSAML instance but it is hosted by a third party. I've forwarded your tip and am waiting for an answer now.

OVERLORD commented 2026-02-05 05:29:20 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 25, 2022):

I'm going to close this off since there's no pending action on our side but if you need any other support feel free to still comment and this can be re-opened if required.

@ssddanbrown commented on GitHub (Jun 25, 2022): I'm going to close this off since there's no pending action on our side but if you need any other support feel free to still comment and this can be re-opened if required.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2857