After login via SAML, Bookstack redirects to home page instead of original URL

[jimmyc802]

Describe the bug
We recently implemented SAML/SSO for our Bookstack environment and authentication works great except for one issue. If an unauthenticated user tries to navigate directly to an inner Bookstack page, they get redirected to the login page. They click Login With SSO. After authenticating, they are redirected to our Bookstack home page instead of the originally requested URL. Users than have to go back click/type in their original URL.

Steps To Reproduce
In an environment using SAML/SSO for authentication:

1. Go to an inner page that requires authentication
2. Click Login with SSO
3. You get redirected to the home page instead of the originally requested inner page.

Expected behavior
We would expect to be redirected to the originally requested page after authenticating with SAML/SSO

Your Configuration (please complete the following information):

• Exact BookStack Version (Found in settings): 31.4
• PHP Version: PHP 7.3.26
• Hosting Method (Nginx/Apache/Docker): Apache 2.4.6

Additional context
IDP is Azure AD

SAML2_NAME=SSO
SAML2_EMAIL_ATTRIBUTE=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
SAML2_EXTERNAL_ID_ATTRIBUTE=uid
SAML2_DISPLAY_NAME_ATTRIBUTES=http://schemas.microsoft.com/identity/claims/displayname
SAML2_IDP_ENTITYID=https://sts.windows.net/<redacted>/
SAML2_AUTOLOAD_METADATA=false
SAML2_IDP_SSO=https://login.microsoftonline.com/<redacted>/saml2
SAML2_IDP_SLO=https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
SAML2_IDP_x509=<redacted>

[WarriorXK]

Same issues here on 31.6, its a minor issue but would be great to see this fixed.

[kendraspock]

We are having this issue as well and it's quite an inefficient process. Would love to see this get resolved ASAP!

[zimbeo]

Please fix! It's a minor issue but greatly affects user experience and usability for things like bookmarks.

[jimmyc802]

After reading up a bit on this, it looks like most implementations make use of the RelayState mechanism to redirect back to the originally requested URL. Is this something that could be added to Bookstacks implementation?

[benyoung-iw]

Running into this as well. Definitely a minor issue, but one that causes friction and hurts adoption for our users.

[pandoraslunchbox]

Our business has users request this to support about monthly, it's definitely becoming a headache for people as we get more using this wonderful tool!

[artschwagerb]

Bump, not a php developer but this could be solved with a "next" url parameter.

Users who are not logged in are redirected to the login page with the previous page's relative url set in the "next" url parameter.

After login, if the "next" url parameter exists the user is redirected there. If it does not, the user is sent to the "home" page.

[ghost]

I'm having the same problem, can someone provide a workaround?

[ssddanbrown]

This is due to the session being lost upon redirection from the idp due to it being a POST request while BookStack session cookies are samesite=lax by default. Also affects SAML request verification.

Maybe we need to introduce a level of redirect loop via get request but the SAML toolkit does run against the current request which can complicate things. Assigned to be looked into for the next release.

[ssddanbrown]

Addressed within #2996. Will be part of the next feature release.