Comments (6)
@timosbot Thanks for the information.
Your OIDC_DISPLAY_NAME_CLAIMS=bookstack
option would appear to be the underlying cause from my view.
There is no bookstack
claim being provided in the token. In this case BookStack would fall back to just using the ID for the new user display names, but as of the latest update it will attempt to fetch this from the userinfo endpoint instead.
Is there a reason OIDC_DISPLAY_NAME_CLAIMS
is set to bookstack
? Or should it maybe instead be name
or preferred_username
which are part of your token data?
from bookstack.
You are so correct thanks for your amazing help. Setting OIDC_DISPLAY_NAME_CLAIMS=preferred_username fixed it. You are awesome thanks soooo much.
from bookstack.
Hi @timosbot,
Looks like there's a couple of things going on here. Userinfo should only be used if not all expected details come back from the OIDC system in the token, and then for some reason that userinfo response is coming back invalid.
To help me understand what's going on, please could you:
- Set
OIDC_DUMP_USER_DETAILS=true
and then run a login, and confirm back the dumped data. - Confirm what
OIDC_*
options you have set in your.env
or docker environment and their values.
(Feel free to obfuscate values, but I need to be able to see the property names of things and know when a value is empty/false/null so please don't hide everything)
from bookstack.
Sure here is the dumped data with OIDC_DUMP_USER_DETAILS=true
enabled:
{
"amr": [
"pwd",
"sms",
"mfa",
"mca"
],
"at_hash": "KL*************",
"aud": [
"7Uwq9t39**********"
],
"auth_time": 1715628051,
"azp": "7Uwq9t39**********",
"client_id": "7Uwq9t39**********",
"email": "******",
"email_verified": true,
"exp": 1715713756,
"iat": 1715710156,
"iss": "https:\/\/*****.*****.****",
"jti": "2eb*****************",
"name": "******",
"preferred_username": "*******",
"sub": "504********************"
}
There are my OIDC_*
settings:
- OIDC_NAME=SSO
- OIDC_DISPLAY_NAME_CLAIMS=bookstack
- OIDC_CLIENT_ID=7U************
- OIDC_CLIENT_SECRET=E**************
- OIDC_ISSUER=https://*****.********.*******
- OIDC_ISSUER_DISCOVER=true
- OIDC_DUMP_USER_DETAILS=true
from bookstack.
Glad I could help, and happy to hear that solved it!
from bookstack.
You are so correct thanks for your amazing help. Setting OIDC_DISPLAY_NAME_CLAIMS=preferred_username fixed it. You are awesome thanks soooo much.
I had the same issue and this fixed it, thanks!
from bookstack.
Related Issues (20)
- Tiered permissions - Managers can promote employees to managers, but not to admins. HOT 1
- LDAP Group sync dont works HOT 9
- Logging of mails that could not be delivered.
- How Fix Access Denied Error? HOT 3
- Improve/clarify backup code description text
- MFA setup view: Titles are not visible on dark mode
- Missing avatars after update to Bookstack v24.05 HOT 2
- Tamil Translation of Bookstack
- Div tag for whole page HOT 3
- Could not find driver issue HOT 4
- Request to open translation contribution for Bengali language in crowdin
- Scoped Webhooks
- Issues setting up M365 SMTP email sending HOT 2
- Diff arbitrary revisions of pages HOT 1
- Change inline code highlighted text HOT 2
- GIF Thumbnail creation fails, breaking the image picker window HOT 12
- Nested collapsible blocks: Ghost inline-code block
- Editor draft actions should dismiss existing notifications so success notifications are clear HOT 3
- Can't create a first page: Illegal offset type HOT 5
- "Override permissions for role" Not Working HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bookstack.