[PR #1576] [MERGED] SAML Auth Provider #5838

New Issue

OVERLORD · 2026-02-05T10:18:26+03:00

OVERLORD commented

2026-02-05 10:18:26 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/1576
Author: @Xiphoseer
Created: 8/5/2019
Status: ✅ Merged
Merged: 11/17/2019
Merged by: @ssddanbrown

Base: master ← Head: feature/saml

📝 Commits (4)

3c41b15 Initial work on SAML integration
bda0082 Add login and automatic registration; Prepare Group sync
03dbe32 Refactor for codestyle
8e723f1 Add error messages, fix LDAP error

📊 Changes

19 files changed (+802 additions, -79 deletions)

View changed files

➕ app/Auth/Access/ExternalAuthService.php (+76 -0)
📝 app/Auth/Access/LdapService.php (+2 -63)
➕ app/Auth/Access/Saml2Service.php (+227 -0)
📝 app/Config/app.php (+1 -0)
➕ app/Config/saml2_settings.php (+241 -0)
📝 app/Config/services.php (+20 -7)
➕ app/Exceptions/SamlException.php (+6 -0)
📝 app/Http/Controllers/Auth/LoginController.php (+6 -1)
📝 app/Http/Kernel.php (+5 -0)
➕ app/Listeners/Saml2LoginEventListener.php (+42 -0)
📝 app/Providers/EventServiceProvider.php (+4 -0)
📝 composer.json (+2 -1)
📝 composer.lock (+150 -2)
📝 resources/lang/de/errors.php (+2 -0)
📝 resources/lang/de_informal/errors.php (+1 -0)
📝 resources/lang/en/errors.php (+2 -0)
📝 resources/views/auth/login.blade.php (+11 -1)
📝 resources/views/settings/roles/form.blade.php (+2 -2)
📝 resources/views/users/form.blade.php (+2 -2)

📄 Description

This PR should be the base of adding SAML as an additional authentication provider for bookstack accounts. Currently with some minimal configuration in .env as specified below, the use should be redirected to the configured identity provide and redirected back to the application. The actual handling of the logged in event remains to be done, as the data sent to the IDP is still somehow broken. Hence the WIP for this PR.

SAML2_ENABLED=true
SAML2_IDP_SSO=https://example.com/idp/SSORedirectLogin
SAML2_IDP_x509=BASE64IDPCERT==
SAML2_IDP_ENTITYID=https://example.com/idp/metadata.xml

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/1576 **Author:** [@Xiphoseer](https://github.com/Xiphoseer) **Created:** 8/5/2019 **Status:** ✅ Merged **Merged:** 11/17/2019 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `feature/saml` --- ### 📝 Commits (4) - [`3c41b15`](https://github.com/BookStackApp/BookStack/commit/3c41b15be65ca59a89f1588522d2d58f775e71cc) Initial work on SAML integration - [`bda0082`](https://github.com/BookStackApp/BookStack/commit/bda0082461c4609b7333c8e3d9373f8d68da3da7) Add login and automatic registration; Prepare Group sync - [`03dbe32`](https://github.com/BookStackApp/BookStack/commit/03dbe32f9926b53c1a0c35534e57f526c5d2bc2b) Refactor for codestyle - [`8e723f1`](https://github.com/BookStackApp/BookStack/commit/8e723f10dc3db49df9dc66ea5a90e3153eda54e8) Add error messages, fix LDAP error ### 📊 Changes **19 files changed** (+802 additions, -79 deletions) <details> <summary>View changed files</summary> ➕ `app/Auth/Access/ExternalAuthService.php` (+76 -0) 📝 `app/Auth/Access/LdapService.php` (+2 -63) ➕ `app/Auth/Access/Saml2Service.php` (+227 -0) 📝 `app/Config/app.php` (+1 -0) ➕ `app/Config/saml2_settings.php` (+241 -0) 📝 `app/Config/services.php` (+20 -7) ➕ `app/Exceptions/SamlException.php` (+6 -0) 📝 `app/Http/Controllers/Auth/LoginController.php` (+6 -1) 📝 `app/Http/Kernel.php` (+5 -0) ➕ `app/Listeners/Saml2LoginEventListener.php` (+42 -0) 📝 `app/Providers/EventServiceProvider.php` (+4 -0) 📝 `composer.json` (+2 -1) 📝 `composer.lock` (+150 -2) 📝 `resources/lang/de/errors.php` (+2 -0) 📝 `resources/lang/de_informal/errors.php` (+1 -0) 📝 `resources/lang/en/errors.php` (+2 -0) 📝 `resources/views/auth/login.blade.php` (+11 -1) 📝 `resources/views/settings/roles/form.blade.php` (+2 -2) 📝 `resources/views/users/form.blade.php` (+2 -2) </details> ### 📄 Description This PR should be the base of adding SAML as an additional authentication provider for bookstack accounts. Currently with some minimal configuration in `.env` as specified below, the use should be redirected to the configured identity provide and redirected back to the application. The actual handling of the logged in event remains to be done, as the data sent to the IDP is still somehow broken. Hence the WIP for this PR. ``` SAML2_ENABLED=true SAML2_IDP_SSO=https://example.com/idp/SSORedirectLogin SAML2_IDP_x509=BASE64IDPCERT== SAML2_IDP_ENTITYID=https://example.com/idp/metadata.xml ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:18:26 +03:00

OVERLORD closed this issue

2026-02-05 10:18:27 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5838