SAML Error - Nested Groups #3528

New Issue

OVERLORD · 2026-02-05T07:01:28+03:00

OVERLORD commented

2026-02-05 07:01:28 +03:00

Originally created by @Sx3 on GitHub (Feb 24, 2023).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

We have setup Azure SAML login with bookstack and mapped the group IDs to Role IDsaccordingly with bookstack configuration.
Everything works and we needed to add another group in to our existing group so that the new group has same privilages as the existing one...
we are getting the following error.

Request Id: xxxxxxx-1234-1234-1234-e8d44da12900
Correlation Id: xxxxxxx-1234-47bf-1234-7ef734399133
Timestamp: 2023-02-23T06:24:32Z

Message: AADSTS50105: Your administrator has configured the application BookStack_SAML ('GROUP_ID') to block users unless they are specifically granted ('assigned') access to the application. The signed in user ['myemail](mailto:'myemail)' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.

Is there any configuration on bookstack to allow nested groups to login ?
Thanks.

Exact BookStack Version

v23.01

Log Content

No response

PHP Version

PHP 7.4.30

Hosting Environment

Apache/2.4.29 (Ubuntu)
PHP 7.4.30

Originally created by @Sx3 on GitHub (Feb 24, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario We have setup Azure SAML login with bookstack and mapped the group IDs to Role IDsaccordingly with bookstack configuration. Everything works and we needed to add another group in to our existing group so that the new group has same privilages as the existing one... we are getting the following error. ``` Request Id: xxxxxxx-1234-1234-1234-e8d44da12900 Correlation Id: xxxxxxx-1234-47bf-1234-7ef734399133 Timestamp: 2023-02-23T06:24:32Z Message: AADSTS50105: Your administrator has configured the application BookStack_SAML ('GROUP_ID') to block users unless they are specifically granted ('assigned') access to the application. The signed in user ['myemail](mailto:'myemail)' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application. ``` Is there any configuration on bookstack to allow nested groups to login ? Thanks. ### Exact BookStack Version v23.01 ### Log Content _No response_ ### PHP Version PHP 7.4.30 ### Hosting Environment Apache/2.4.29 (Ubuntu) PHP 7.4.30

OVERLORD added the 🐕 Support label 2026-02-05 07:01:28 +03:00

OVERLORD closed this issue

2026-02-05 07:01:30 +03:00

OVERLORD commented

2026-02-05 07:01:36 +03:00

@ssddanbrown commented on GitHub (Feb 24, 2023):

Hi @Sx3,
To be honest, based upon that error message, this looks to be purely an AzureAD issue/limitation or something that's dependent to your Azure user group management. I'm don't think I can help you out with this from a BookStack perspective.

@ssddanbrown commented on GitHub (Feb 24, 2023): Hi @Sx3, To be honest, based upon that error message, this looks to be purely an AzureAD issue/limitation or something that's dependent to your Azure user group management. I'm don't think I can help you out with this from a BookStack perspective.

OVERLORD commented

2026-02-05 07:01:38 +03:00

@ssddanbrown commented on GitHub (Mar 6, 2023):

Since there's been no further conversation here I'll close this off.

@ssddanbrown commented on GitHub (Mar 6, 2023): Since there's been no further conversation here I'll close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3528