[PR #1787] [MERGED] SAML2 Authentication #5887

New Issue

OVERLORD · 2026-02-05T10:19:36+03:00

OVERLORD commented

2026-02-05 10:19:36 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/1787
Author: @ssddanbrown
Created: 11/16/2019
Status: ✅ Merged
Merged: 11/17/2019
Merged by: @ssddanbrown

Base: master ← Head: saml2_auth

📝 Commits (10+)

3c41b15 Initial work on SAML integration
bda0082 Add login and automatic registration; Prepare Group sync
03dbe32 Refactor for codestyle
8e723f1 Add error messages, fix LDAP error
bb1f43c Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml
8169c72 Started review of SAML implementation
9bba846 Appeased codeclimate by extracting out external_auth_id group matching
3a17ba2 Started using OneLogin SAML lib directly
488325f Added the ability to auto-load config from metadata url
aef6eb8 Added SAML singleLogoutService capabilities

📊 Changes

27 files changed (+1628 additions, -414 deletions)

View changed files

📝 .env.example.complete (+22 -0)
➕ app/Auth/Access/ExternalAuthService.php (+83 -0)
📝 app/Auth/Access/LdapService.php (+2 -63)
➕ app/Auth/Access/Saml2Service.php (+395 -0)
📝 app/Auth/Role.php (+7 -0)
➕ app/Config/saml2.php (+148 -0)
📝 app/Config/services.php (+1 -1)
➕ app/Exceptions/JsonDebugException.php (+25 -0)
➕ app/Exceptions/SamlException.php (+6 -0)
📝 app/Http/Controllers/Auth/LoginController.php (+25 -1)
📝 app/Http/Controllers/Auth/RegisterController.php (+5 -1)
➕ app/Http/Controllers/Auth/Saml2Controller.php (+96 -0)
📝 app/Http/Middleware/VerifyCsrfToken.php (+1 -1)
📝 composer.json (+1 -0)
📝 composer.lock (+447 -334)
📝 phpunit.xml (+1 -0)
📝 readme.md (+2 -1)
➕ resources/icons/saml2.svg (+4 -0)
📝 resources/lang/de/errors.php (+2 -0)
📝 resources/lang/de_informal/errors.php (+2 -7)

...and 7 more files

📄 Description

Continuation of #1576.

TODO

Align config/env property names
Align config prop names
Testing of the core service & routes
Update of .env.complete with available options.
Add login icon, using a sensible name that can be overidden via the theme system if wished.
Update readme with attribution of libs used

Questionables

Do we need to consider multiple IDP usage? I'm tempted to say no for initial implementation but I'm worried we could be bitten by this. Maybe have a prefix to IDP-specific options now, Just as default?
- Going to not worry about this for now, as we may be suiting the wrong requirement. Focus on single IDP.
Do we need the laravel library? Tempted to test usage of the OneLogin lib directly just so we don't have to rely on anther laravel-specific lib which adds another consideration on framework updates.
- Removal now started

Considerations

Implementation of this will put pressure on the requirement of being able to disable the default auth. Don't want another large auth change in the release so will maybe need to queue that for release afterwards.
Since email auth will still be in place, users could reset their password via normal means until the above has been implemented.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/1787 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 11/16/2019 **Status:** ✅ Merged **Merged:** 11/17/2019 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `saml2_auth` --- ### 📝 Commits (10+) - [`3c41b15`](https://github.com/BookStackApp/BookStack/commit/3c41b15be65ca59a89f1588522d2d58f775e71cc) Initial work on SAML integration - [`bda0082`](https://github.com/BookStackApp/BookStack/commit/bda0082461c4609b7333c8e3d9373f8d68da3da7) Add login and automatic registration; Prepare Group sync - [`03dbe32`](https://github.com/BookStackApp/BookStack/commit/03dbe32f9926b53c1a0c35534e57f526c5d2bc2b) Refactor for codestyle - [`8e723f1`](https://github.com/BookStackApp/BookStack/commit/8e723f10dc3db49df9dc66ea5a90e3153eda54e8) Add error messages, fix LDAP error - [`bb1f43c`](https://github.com/BookStackApp/BookStack/commit/bb1f43cbd882b51550007020f72667fd0fb10171) Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml - [`8169c72`](https://github.com/BookStackApp/BookStack/commit/8169c725d55eb64ffd45b472520bb68f5df608d7) Started review of SAML implementation - [`9bba846`](https://github.com/BookStackApp/BookStack/commit/9bba84684fa53a6c4f38c4fd7cea08552208b228) Appeased codeclimate by extracting out external_auth_id group matching - [`3a17ba2`](https://github.com/BookStackApp/BookStack/commit/3a17ba2cb9e923d70df6439be242df49918389fa) Started using OneLogin SAML lib directly - [`488325f`](https://github.com/BookStackApp/BookStack/commit/488325f4593ec0dd88cd8b4cfda3b9a20e9489e4) Added the ability to auto-load config from metadata url - [`aef6eb8`](https://github.com/BookStackApp/BookStack/commit/aef6eb81e4789f97c7ff23b87295e239c0aead14) Added SAML singleLogoutService capabilities ### 📊 Changes **27 files changed** (+1628 additions, -414 deletions) <details> <summary>View changed files</summary> 📝 `.env.example.complete` (+22 -0) ➕ `app/Auth/Access/ExternalAuthService.php` (+83 -0) 📝 `app/Auth/Access/LdapService.php` (+2 -63) ➕ `app/Auth/Access/Saml2Service.php` (+395 -0) 📝 `app/Auth/Role.php` (+7 -0) ➕ `app/Config/saml2.php` (+148 -0) 📝 `app/Config/services.php` (+1 -1) ➕ `app/Exceptions/JsonDebugException.php` (+25 -0) ➕ `app/Exceptions/SamlException.php` (+6 -0) 📝 `app/Http/Controllers/Auth/LoginController.php` (+25 -1) 📝 `app/Http/Controllers/Auth/RegisterController.php` (+5 -1) ➕ `app/Http/Controllers/Auth/Saml2Controller.php` (+96 -0) 📝 `app/Http/Middleware/VerifyCsrfToken.php` (+1 -1) 📝 `composer.json` (+1 -0) 📝 `composer.lock` (+447 -334) 📝 `phpunit.xml` (+1 -0) 📝 `readme.md` (+2 -1) ➕ `resources/icons/saml2.svg` (+4 -0) 📝 `resources/lang/de/errors.php` (+2 -0) 📝 `resources/lang/de_informal/errors.php` (+2 -7) _...and 7 more files_ </details> ### 📄 Description Continuation of #1576. ### TODO - [x] Align config/env property names - [x] Align config prop names - [x] Testing of the core service & routes - [x] Update of `.env.complete` with available options. - [x] Add login icon, using a sensible name that can be overidden via the theme system if wished. - [x] Update readme with attribution of libs used ### Questionables - Do we need to consider multiple IDP usage? I'm tempted to say no for initial implementation but I'm worried we could be bitten by this. Maybe have a prefix to IDP-specific options now, Just as `default`? - **_Going to not worry about this for now, as we may be suiting the wrong requirement. Focus on single IDP_**. - Do we need the laravel library? Tempted to test usage of the OneLogin lib directly just so we don't have to rely on anther laravel-specific lib which adds another consideration on framework updates. - **_Removal now started_** ### Considerations - Implementation of this will put pressure on the requirement of being able to disable the default auth. Don't want another large auth change in the release so will maybe need to queue that for release afterwards. - Since email auth will still be in place, users could reset their password via normal means until the above has been implemented. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:19:36 +03:00

OVERLORD closed this issue

2026-02-05 10:19:39 +03:00

OVERLORD referenced this issue

2026-02-05 10:36:12 +03:00

[PR #5887] [MERGED] Updated translations with latest Crowdin changes #6587

Sign in to join this conversation.