SAML External Auth ID for Role mapping with "Spaces" #4357

New Issue

OVERLORD · 2026-02-05T08:39:12+03:00

OVERLORD commented

2026-02-05 08:39:12 +03:00

Originally created by @holzi1005 on GitHub (Dec 10, 2023).

Describe the Bug

I setup the external Auth with SAML and the group mapping as bescribed in the docs.
Some of the external users groups (keycloak and LDAP Sync) have "Spaces in the name (e.g. /group abc)
When the groups don not have a Space in the name, the External Auth Mapping works but if a Spaces is in the name, the mapping does not work and the users are not assined to the role

Steps to Reproduce

Some of the external users groups (keycloak and LDAP Sync) have "Spaces in the name (e.g. /group abc)
When the groups don not have a Space in the name, the External Auth Mapping works but if a Spaces is in the name, the mapping does not work and the users are not assined to the role

Expected Behaviour

I can create an External Group /Role Mapping with External-Auth-IDs with Spaces

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

latest

Originally created by @holzi1005 on GitHub (Dec 10, 2023). ### Describe the Bug I setup the external Auth with SAML and the group mapping as bescribed in the docs. Some of the external users groups (keycloak and LDAP Sync) have "Spaces in the name (e.g. /group abc) When the groups don not have a Space in the name, the External Auth Mapping works but if a Spaces is in the name, the mapping does not work and the users are not assined to the role ### Steps to Reproduce Some of the external users groups (keycloak and LDAP Sync) have "Spaces in the name (e.g. /group abc) When the groups don not have a Space in the name, the External Auth Mapping works but if a Spaces is in the name, the mapping does not work and the users are not assined to the role ### Expected Behaviour I can create an External Group /Role Mapping with External-Auth-IDs with Spaces ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version latest

OVERLORD added the 🐛 Bug label 2026-02-05 08:39:12 +03:00

OVERLORD closed this issue

2026-02-05 08:39:14 +03:00

OVERLORD commented

2026-02-05 08:39:20 +03:00

@ssddanbrown commented on GitHub (Dec 10, 2023):

Hi @holzi1005,
You should be able to map to those groups using hypens instead.
So a SAML group name of "Chuckle Brothers" could be mapped to a BookStack role via an "External Authentication Ids" values of "chuckle-brothers". If that's not working for you, let me know the details of what names is being mapped, and the external auth value used, and I'll dig deeper if needed.

@ssddanbrown commented on GitHub (Dec 10, 2023): Hi @holzi1005, You should be able to map to those groups using hypens instead. So a SAML group name of "Chuckle Brothers" could be mapped to a BookStack role via an "External Authentication Ids" values of "chuckle-brothers". If that's not working for you, let me know the details of what names is being mapped, and the external auth value used, and I'll dig deeper if needed.

OVERLORD commented

2026-02-05 08:39:26 +03:00

@holzi1005 commented on GitHub (Dec 11, 2023):

Hi @ssddanbrown

thank you for the answer.
I was able to map the external id from keycloak with out the "" only by exchanging the spaces with - and all in lower cases.

@holzi1005 commented on GitHub (Dec 11, 2023): Hi @ssddanbrown thank you for the answer. I was able to map the external id from keycloak with out the "" only by exchanging the spaces with - and all in lower cases.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4357