mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-09 03:09:38 +03:00
SSO over ADFS Login #5023
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @reddexx on GitHub (Oct 24, 2024).
Attempted Debugging
Searched GitHub Issues
Describe the Scenario
After customising the user accounts, you can log in via ADFS
Unfortunately there is still a problem where I do not know where the error is
After clicking on the ‘Login with SSO’ button, you are redirected to the Microsoft ADFS login form where you have to log in instead of logging in directly, the manual login works.
Where is the Bookstack instance running?
Docker container
How can the page be accessed?
In the local network with a reverse proxy (nginx)
the ADFS is also only accessible in the local network
Exact BookStack Version
24.10
Log Content
No response
Hosting Environment
Debian VM in a Docker Container
@ssddanbrown commented on GitHub (Oct 24, 2024):
Hi @reddexx,
Sorry, but I don't really understand what the issue is here.
@reddexx commented on GitHub (Oct 24, 2024):
Hey @ssddanbrown
What do you mean by "customising the user accounts"?
What type of authentication in BookStack are you configuring for this?
That we can use SSO (SAML2 over ADFS)
What is meant by "you have to log in instead of logging in directly"?
after submit this button coming to ADFS Login
@ssddanbrown commented on GitHub (Oct 24, 2024):
Okay, so you're being redirect to your ADFS system for SAML2 login.
That's what I'd expect from BookStack, and any behavior while on the ADFS login screen will be down to the functionality of the auth (ADFS) system.
Are you already logged into ADFS, and therefore expecting the ADFS login to not show?
If so, then that's not really something due to BookStack behaviour as far as I'm aware.
I am not familiar enough with ADFS to know or suggestion settings/configuration for this.
@reddexx commented on GitHub (Oct 24, 2024):
No, I have specifically cancelled my registration.
I tried to log in to a fresh session
Could it be due to the reverse proxy?
@ssddanbrown commented on GitHub (Oct 24, 2024):
Oh, then I'd expect a login to show on the auth provider side (ADFS in this case).
Therefore I still don't understand what the issue is here, everything seems as expected.
@reddexx commented on GitHub (Oct 24, 2024):
I don't think that's how it should work.
I have set up several applications SSO only with Bookstack it is a little strange
I'm still checking a few things
@ssddanbrown commented on GitHub (Nov 7, 2024):
Since there's been no further progress here I'll go ahead and close this off, especially as I still don't see any indication of there being something unexpected, configurable or unexpected on the BookStack side of things.
@reddexx commented on GitHub (Nov 8, 2024):
sorry for the late feedback
I am still testing with another instance (Moodle) where the reverse proxy is used, only at the moment there is a lot of stress.😅
@awittendorff commented on GitHub (May 19, 2025):
@reddexx are you thinking of Windows Integrated Authentication with ADFS? So you don't have to type username/password on ADFS form?
Try setting the following in the .env file: SAML2_IDP_AUTHNCONTEXT=false