SSO over ADFS Login - Githubissues

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel

https://www.bookstackapp.com/

MIT License

15.21k stars 1.9k forks source link

SSO over ADFS Login #5285

Open reddexx opened 4 days ago

reddexx commented 4 days ago

Attempted Debugging

[X] I have read the debugging page

Searched GitHub Issues

[X] I have searched GitHub for the issue.

Describe the Scenario

After customising the user accounts, you can log in via ADFS

Unfortunately there is still a problem where I do not know where the error is After clicking on the ‘Login with SSO’ button, you are redirected to the Microsoft ADFS login form where you have to log in instead of logging in directly, the manual login works.

Where is the Bookstack instance running? Docker container

How can the page be accessed? In the local network with a reverse proxy (nginx) the ADFS is also only accessible in the local network

Exact BookStack Version

24.10

Log Content

No response

Hosting Environment

Debian VM in a Docker Container

ssddanbrown commented 4 days ago

Hi @reddexx, Sorry, but I don't really understand what the issue is here.

After customising the user accounts, you can log in via ADFS

What do you mean by "customising the user accounts"?
What type of authentication in BookStack are you configuring for this?

you are redirected to the Microsoft ADFS login form where you have to log in instead of logging in directly, the manual login works.

What are your expectations here?
What is meant by "you have to log in instead of logging in directly"?

reddexx commented 4 days ago

Hey @ssddanbrown

What do you mean by "customising the user accounts"?

https://github.com/BookStackApp/BookStack/issues/5270#issuecomment-2416483646

What type of authentication in BookStack are you configuring for this?

SAML2

That we can use SSO (SAML2 over ADFS)

What is meant by "you have to log in instead of logging in directly"? after submit this button coming to ADFS Login

ssddanbrown commented 3 days ago

Okay, so you're being redirect to your ADFS system for SAML2 login. That's what I'd expect from BookStack, and any behavior while on the ADFS login screen will be down to the functionality of the auth (ADFS) system.

Are you already logged into ADFS, and therefore expecting the ADFS login to not show? If so, then that's not really something due to BookStack behaviour as far as I'm aware. I am not familiar enough with ADFS to know or suggestion settings/configuration for this.

reddexx commented 3 days ago

No, I have specifically cancelled my registration. I tried to log in to a fresh session

Could it be due to the reverse proxy?

ssddanbrown commented 3 days ago

No, I have specifically cancelled my registration. I tried to log in to a fresh session

Oh, then I'd expect a login to show on the auth provider side (ADFS in this case). Therefore I still don't understand what the issue is here, everything seems as expected.

reddexx commented 3 days ago

I don't think that's how it should work. I have set up several applications SSO only with Bookstack it is a little strange

I'm still checking a few things