[PR #5907] Do not use deprecated NAMEID_EMAIL_ADDRESS as default for SAML2 logout #6591

New Issue

OVERLORD · 2026-02-05T10:36:14+03:00

OVERLORD commented

2026-02-05 10:36:14 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/5907
Author: @jdede
Created: 11/21/2025
Status: 🔄 Open

Base: development ← Head: fix-SLO

📝 Commits (2)

01563ff Do not use deprecated NAMEID_EMAIL_ADDRESS as default
deae0b0 Do not use deprecated SAML:1.1 NameIDFormat as default

📊 Changes

2 files changed (+2 additions, -3 deletions)

View changed files

📝 app/Access/Saml2Service.php (+1 -2)
📝 app/Config/saml2.php (+1 -1)

📄 Description

For SAML 2.0 logout, the "NAMEID_EMAIL_ADDRESS" (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) is used as the default value. As the value is set, it can not be overwritten in the onelogin framework for example by setting something like

SAML2_ONELOGIN_OVERRIDES: '{"sp":{"NameIDFormat":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}}'

Further, the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress is outdated by IDMs like shibboleth.

By removing this line, the default settings of the underlying framework are being used and users can adapt the value according to their needs by using the overrides.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/5907 **Author:** [@jdede](https://github.com/jdede) **Created:** 11/21/2025 **Status:** 🔄 Open **Base:** `development` ← **Head:** `fix-SLO` --- ### 📝 Commits (2) - [`01563ff`](https://github.com/BookStackApp/BookStack/commit/01563ff114ef632ca3570392f9fe8e6111b1145f) Do not use deprecated NAMEID_EMAIL_ADDRESS as default - [`deae0b0`](https://github.com/BookStackApp/BookStack/commit/deae0b01081d11e39c17ecce5c20e55b03937b8a) Do not use deprecated SAML:1.1 NameIDFormat as default ### 📊 Changes **2 files changed** (+2 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `app/Access/Saml2Service.php` (+1 -2) 📝 `app/Config/saml2.php` (+1 -1) </details> ### 📄 Description For SAML 2.0 **logout**, the "`NAMEID_EMAIL_ADDRESS`" (`urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) is used as the default value. As the value is set, it can **not** be overwritten in the `onelogin` framework for example by setting something like SAML2_ONELOGIN_OVERRIDES: '{"sp":{"NameIDFormat":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}}' Further, the `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress` is outdated by IDMs like shibboleth. By removing this line, the default settings of the underlying framework are being used and users can adapt the value according to their needs by using the overrides. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:36:14 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6591