Describe the feature you'd like

Bookstack only supports the SAML NameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. However, other IdPs such as Shibboleth do not support this format out of the box. In our case, we had to manually configure our Shibboleth-IdP to support the email-format but this still brakes the Single Log Out feature.
Other projects using SAML-Toolkit seem to show similar problems with Single Log Out and the email-format (see this issue).

Formats such as urn:oasis:names:tc:SAML:2.0:nameid-format:persistent and urn:oasis:names:tc:SAML:2.0:nameid-format:transient seem to be more common and do not require special configuration for IdP administrators.
Since the persistent-format is a long-lived unique identifier, similar to a mail address, this format should not break any logic as long as the mail attribute is still transmitted.

Describe the benefits this would bring to existing BookStack users

At least for Shibboleth IdP administrators, supporting the urn:oasis:names:tc:SAML:2.0:nameid-format:persistent-NameIDFormat would decrease configuration effort.
Moreover, it would enable Single Log Out for such deployments.

End users should not notice any changes.

Can the goal of this request already be achieved via other means?

We tried to override the NameIDFormat as described in #2367 but this lead to user landing on the log-in page again after finishing the SAML authentication flow.

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

1 to 5 years

Additional context

The NameIDFormat is hard coded at least here: