SSO over ADFS Login - Githubissues

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel

https://www.bookstackapp.com/

MIT License

15.45k stars 1.94k forks source link

SSO over ADFS Login #5285

Closed reddexx closed 2 weeks ago

reddexx commented 1 month ago

Attempted Debugging

[X] I have read the debugging page

Searched GitHub Issues

[X] I have searched GitHub for the issue.

Describe the Scenario

After customising the user accounts, you can log in via ADFS

Unfortunately there is still a problem where I do not know where the error is After clicking on the ‘Login with SSO’ button, you are redirected to the Microsoft ADFS login form where you have to log in instead of logging in directly, the manual login works.

Where is the Bookstack instance running? Docker container

How can the page be accessed? In the local network with a reverse proxy (nginx) the ADFS is also only accessible in the local network

Exact BookStack Version

24.10

Log Content

No response

Hosting Environment

Debian VM in a Docker Container

ssddanbrown commented 1 month ago

Hi @reddexx, Sorry, but I don't really understand what the issue is here.

After customising the user accounts, you can log in via ADFS

What do you mean by "customising the user accounts"?
What type of authentication in BookStack are you configuring for this?

you are redirected to the Microsoft ADFS login form where you have to log in instead of logging in directly, the manual login works.

What are your expectations here?
What is meant by "you have to log in instead of logging in directly"?

reddexx commented 1 month ago

Hey @ssddanbrown

What do you mean by "customising the user accounts"?

https://github.com/BookStackApp/BookStack/issues/5270#issuecomment-2416483646

What type of authentication in BookStack are you configuring for this?

SAML2

That we can use SSO (SAML2 over ADFS)

What is meant by "you have to log in instead of logging in directly"? after submit this button coming to ADFS Login

ssddanbrown commented 1 month ago

Okay, so you're being redirect to your ADFS system for SAML2 login. That's what I'd expect from BookStack, and any behavior while on the ADFS login screen will be down to the functionality of the auth (ADFS) system.

Are you already logged into ADFS, and therefore expecting the ADFS login to not show? If so, then that's not really something due to BookStack behaviour as far as I'm aware. I am not familiar enough with ADFS to know or suggestion settings/configuration for this.

reddexx commented 1 month ago

No, I have specifically cancelled my registration. I tried to log in to a fresh session

Could it be due to the reverse proxy?

ssddanbrown commented 1 month ago

No, I have specifically cancelled my registration. I tried to log in to a fresh session

Oh, then I'd expect a login to show on the auth provider side (ADFS in this case). Therefore I still don't understand what the issue is here, everything seems as expected.

reddexx commented 1 month ago

I don't think that's how it should work. I have set up several applications SSO only with Bookstack it is a little strange

I'm still checking a few things

ssddanbrown commented 2 weeks ago

Since there's been no further progress here I'll go ahead and close this off, especially as I still don't see any indication of there being something unexpected, configurable or unexpected on the BookStack side of things.

reddexx commented 2 weeks ago

sorry for the late feedback I am still testing with another instance (Moodle) where the reverse proxy is used, only at the moment there is a lot of stress.😅