Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

saml group mapping not working with groups with comma #3405

Closed
2 tasks done
GustavJer opened this issue May 2, 2022 · 4 comments
Closed
2 tasks done

saml group mapping not working with groups with comma #3405

GustavJer opened this issue May 2, 2022 · 4 comments
Labels
🐕 Support
Milestone
v22.06

Comments

@GustavJer
Copy link

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

Hi,

Im having some trouble getting SAML group-mapping to work when one of the groups contains a comma. This is while using External Authentication ID on a role to match with the groupname.

This is abit of a problem since our IDP sends the full DN(which contains commas) of the AD-groups that the users is a member of and we need to be able to match these DN´s with roles within Bookstack.

If I send a static string value from our IDP in the groups attribute like "test" and match that to a role in bookstack the group mapping works but if I change it to ",test" in our IDP and in the external auth id field it stops working.
I know that the documentation states that "BookStack will standardise the names of SAML groups to be lower-cased and spaces will be replaced with hyphens." so could it be something similar with commas?

Gustav

Exact BookStack Version

v22.02.3

Log Content

No response

PHP Version

No response

Hosting Environment

Ubuntu LTS 20.04 installed using official installation script.
@ssddanbrown
Copy link
Member

Yeah, This is an awkward scenario.
The values in our "External Authentication IDs" field get split on comma to allow mapping of multiple auth system groups to the role. Maybe we need to add some an escape option for commas so they can be treated literally.

@GustavJer
Copy link
Author

GustavJer commented May 2, 2022
edited
Loading

Yep, that would be nice. Or if you could specify your group attribute delimiter in the .env file and choose between comma, semicolon and other options.

ssddanbrown added a commit that referenced this issue May 4, 2022
@ssddanbrown
Added ability to escape role "External Auth ID" commas
d795af0 
- Using a backslash in this field before a comma.
- Could potentially (Although unlikely) be a breaking change.

For #3405
@ssddanbrown ssddanbrown mentioned this issue May 4, 2022
Merged
@ssddanbrown ssddanbrown added this to the Next Feature Release milestone May 4, 2022
@ssddanbrown
Copy link
Member

Hi @GustavJer,
I've now added the code for handling escapes for commas within the external auth IDs: #3416

I'd often add this kind of change into a sooner patch release but since this could potentially be considered a breaking change (although very unlikely), and therefore would require an update notice, it's instead target for the next feature release (Likely end of month).

@ssddanbrown
Copy link
Member

I'll close this off since #3416 has been merged.
This functionality will be part of the next feature release.

yangmx5 pushed a commit to yangmx5/BookStack that referenced this issue Jun 19, 2022
@ssddanbrown
Added ability to escape role "External Auth ID" commas
2e9aa63 
- Using a backslash in this field before a comma.
- Could potentially (Although unlikely) be a breaking change.

For BookStackApp#3405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐕 Support
Milestone
v22.06
Development

No branches or pull requests
2 participants
@ssddanbrown @GustavJer