Azure ADS SAML2 SSO microsoft auto sign in #3939

New Issue

OVERLORD · 2026-02-05T07:54:47+03:00

OVERLORD commented

2026-02-05 07:54:47 +03:00

Originally created by @wedowhateverwewant on GitHub (Jul 26, 2023).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

So I have bookstack setup to use SAML2 Azure AD for SSO and that works all great , but we also have another service that uses the same setup, but with different 365 account. and both of these services auto login using whatever account that was logged in first, causing the other service to not be able to login because that user is now allowed on this service and its a different username to being with, is there a way to get bookstack to continue to auto load the SSO but make the user have to login with username and password on the microsoft login page? like with adding prompt=login to the application which i tried but I may be doing it wrong ?

Exact BookStack Version

v23.06.2

Log Content

No response

PHP Version

No response

Hosting Environment

Docker Compose with nginx proxy and bookstack, Azure AD for SAML2

Originally created by @wedowhateverwewant on GitHub (Jul 26, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario So I have bookstack setup to use SAML2 Azure AD for SSO and that works all great , but we also have another service that uses the same setup, but with different 365 account. and both of these services auto login using whatever account that was logged in first, causing the other service to not be able to login because that user is now allowed on this service and its a different username to being with, is there a way to get bookstack to continue to auto load the SSO but make the user have to login with username and password on the microsoft login page? like with adding prompt=login to the application which i tried but I may be doing it wrong ? ### Exact BookStack Version v23.06.2 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment Docker Compose with nginx proxy and bookstack, Azure AD for SAML2

OVERLORD added the 🐕 Support label 2026-02-05 07:54:47 +03:00

OVERLORD closed this issue

2026-02-05 07:54:48 +03:00

OVERLORD commented

2026-02-05 07:54:52 +03:00

@ssddanbrown commented on GitHub (Jul 26, 2023):

The equivalent in SAML2 might be ForceAuthn.
We don't expose that as an option right now but if you're familiar enough with docker/terminal to access the app in the container you could find and change the first false in the below linked line to true to toggle ForceAuthn on:

295cd01605/app/Access/Saml2Service.php (L50)

@ssddanbrown commented on GitHub (Jul 26, 2023): The equivalent in SAML2 might be `ForceAuthn`. We don't expose that as an option right now but if you're familiar enough with docker/terminal to access the app in the container you could find and change the first `false` in the below linked line to `true` to toggle `ForceAuthn` on: https://github.com/BookStackApp/BookStack/blob/295cd0160525125bbd7756d7ad07392ae7201cb8/app/Access/Saml2Service.php#L50

OVERLORD commented

2026-02-05 07:54:57 +03:00

@wedowhateverwewant commented on GitHub (Jul 26, 2023):

that seems to have done it, thanks for the quick response

@wedowhateverwewant commented on GitHub (Jul 26, 2023): that seems to have done it, thanks for the quick response

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3939