BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Do not use deprecated NAMEID_EMAIL_ADDRESS as default for SAML2 logout

Open jdede opened this issue 2 months ago • 0 comments

For SAML 2.0 logout, the "NAMEID_EMAIL_ADDRESS" (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) is used as the default value. As the value is set, it can not be overwritten in the onelogin framework for example by setting something like

SAML2_ONELOGIN_OVERRIDES: '{"sp":{"NameIDFormat":"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"}}'

Further, the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress is outdated by IDMs like shibboleth.

By removing this line, the default settings of the underlying framework are being used and users can adapt the value according to their needs by using the overrides.

jdede avatar Nov 20 '25 23:11 jdede