Error with SAML logout when using ADFS #5988
Description
Attempted Debugging
- I have read the debugging page
Searched GitHub Issues
- I have searched GitHub for the issue.
Describe the Scenario
Configured Bookstack to use SAML for authentication and using ADFS as IDP.
Login works, but logout fails with An Error occured on the /saml2/sls endpoint.
APP_Debug in .env, gives the following error: OneLogin\Saml2\Error
Invalid SLS Response: logout_not_success
And Internal Error 500 response.
On ADFS server I seen this:
Error 368
The SAML Single Logout request does not correspond to the logged-in session participant.
Requestor: https://guide01-test.domain.net/saml2/metadata
Request name identifier: Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, NameQualifier: SPNameQualifier: , SPProvidedId:
Logged-in session participants:
Count: 1, [Issuer: https://guide01-test.domain.net/saml2/metadata, NameID: (Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, NameQualifier: SPNameQualifier: , SPProvidedId: )]
This request failed.
User Action
Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS Management snap-in.
Searched previous issues but haven't something the resolves this specific issue, but multiple point to signature validation errors, which is not the case here.
Exact BookStack Version
24.10.2
Log Content
Hosting Environment
Running on virtual server with Ubuntu 24.04