Name of user via idp not populated #5138

New Issue

OVERLORD · 2026-02-05T09:42:37+03:00

OVERLORD commented

2026-02-05 09:42:37 +03:00

Originally created by @boscorelly on GitHub (Jan 21, 2025).

Describe the Bug

When an account is created through AzureAD SSO, the name of the user is not populated properly.
Instead, you get the email of the user.

Steps to Reproduce

configure AAD SSO
let a user connect
check his profile

Expected Behaviour

Name have to be populated with the SSO variable as set in the .env file

Screenshots or Additional Context

SAML2_DISPLAY_NAME_ATTRIBUTES=givenname|surname

Browser Details

No response

Exact BookStack Version

24.10.3

Originally created by @boscorelly on GitHub (Jan 21, 2025). ### Describe the Bug When an account is created through AzureAD SSO, the name of the user is not populated properly. Instead, you get the email of the user. ### Steps to Reproduce configure AAD SSO let a user connect check his profile ### Expected Behaviour Name have to be populated with the SSO variable as set in the .env file ### Screenshots or Additional Context SAML2_DISPLAY_NAME_ATTRIBUTES=givenname|surname ![Image](https://github.com/user-attachments/assets/7fd2b857-ed52-4c7b-8ec8-2ae5b7356573) ### Browser Details _No response_ ### Exact BookStack Version 24.10.3

OVERLORD added the 🐛 Bug label 2026-02-05 09:42:37 +03:00

OVERLORD closed this issue

2026-02-05 09:42:37 +03:00

OVERLORD commented

2026-02-05 09:42:40 +03:00

@boscorelly commented on GitHub (Jan 21, 2025):

exemple of output at logon :
{
"id_from_idp": "col@value-info.fr",
"attrs_from_idp": {
"http://schemas.microsoft.com/identity/claims/tenantid": [
"1b29893c-a382-4d9a-b5f4-a07ccbe77536"
],
"http://schemas.microsoft.com/identity/claims/objectidentifier": [
"27b2451c-0bf8-478e-a8c0-8af8d1b57548"
],
"http://schemas.microsoft.com/identity/claims/displayname": [
"C********"
],
"http://schemas.microsoft.com/identity/claims/identityprovider": [
"https://sts.windows.net/1b29893c-a382-4d9a-b5f4-a07ccbe77536/"
],
"http://schemas.microsoft.com/claims/authnmethodsreferences": [
"http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509",
"http://schemas.microsoft.com/claims/multipleauthn"
],
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": [
"C***"
],
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": [
"O*****"
],
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": [
"c****@.fr"
],
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": [
"c@.fr"
],
"Group": [
"8bb438de-aea4-4ba5-9a9b-7e9ef659d223"
]
},
"attrs_after_parsing": {
"external_id": "c@.fr",
"name": "c@.fr",
"email": "c@.frr",
"saml_id": "c@****.fr",
"groups": [
"8bb438de-aea4-4ba5-9a9b-7e9ef659d223"
]
}
}

as you can see, name is populated with email instead of the given name and surname

@boscorelly commented on GitHub (Jan 21, 2025): exemple of output at logon : { "id_from_idp": "col@value-info.fr", "attrs_from_idp": { "http://schemas.microsoft.com/identity/claims/tenantid": [ "1b29893c-a382-4d9a-b5f4-a07ccbe77536" ], "http://schemas.microsoft.com/identity/claims/objectidentifier": [ "27b2451c-0bf8-478e-a8c0-8af8d1b57548" ], "http://schemas.microsoft.com/identity/claims/displayname": [ "C********" ], "http://schemas.microsoft.com/identity/claims/identityprovider": [ "https://sts.windows.net/1b29893c-a382-4d9a-b5f4-a07ccbe77536/" ], "http://schemas.microsoft.com/claims/authnmethodsreferences": [ "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509", "http://schemas.microsoft.com/claims/multipleauthn" ], "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": [ "C***" ], "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": [ "O*****" ], "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": [ "c****@******.fr" ], "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": [ "c****@******.fr" ], "Group": [ "8bb438de-aea4-4ba5-9a9b-7e9ef659d223" ] }, "attrs_after_parsing": { "external_id": "c****@******.fr", "name": "c****@******.fr", "email": "c****@******.frr", "saml_id": "c****@******.fr", "groups": [ "8bb438de-aea4-4ba5-9a9b-7e9ef659d223" ] } } as you can see, name is populated with email instead of the given name and surname

OVERLORD commented

2026-02-05 09:42:42 +03:00

@ssddanbrown commented on GitHub (Jan 21, 2025):

Based upon that dump data, you'd need to configure the option like so:

SAML2_DISPLAY_NAME_ATTRIBUTES="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname|http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"

@ssddanbrown commented on GitHub (Jan 21, 2025): Based upon that dump data, you'd need to configure the option like so: ``` SAML2_DISPLAY_NAME_ATTRIBUTES="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname|http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" ```

OVERLORD commented

2026-02-05 09:42:44 +03:00

@boscorelly commented on GitHub (Jan 21, 2025):

AWESOME !!

@boscorelly commented on GitHub (Jan 21, 2025): AWESOME !!

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5138