After setting up in Azure, Login URL, SLO URL and X509 certificate was setup in the SuiteCRM application.
When we are trying to login the page just goes blank, If anyone here can help us understand where we are going wrong or any detailed document would be helpful.
We tried to setup in our test environment which is on version 7.10.11. Its connecting to the Microsoft Signon page, once the Sign in is done the below error is showing.
AADSTS700016: Application with identifier āhttps:///suitecrm/index.php?action=Login&module=Usersā was not found in the directory '34ddb339-7fd0-4f00-*********ā. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
I do not see any errors on the suitecrm.log. I will post here if I see any errors in php_error.log.
Please let us know if I need to verify something. Do you see any issue with the Login and Reply URL which was posted above.
This looks like something peculiar to your web server / security configurationsā¦ I am afraid I never saw a problem like this, I am a bit lost on how to help youā¦ :unsure:
Iāve spent a while now trying to get this to work and encountered the same error message. For us, it was a result of a small difference between Azureās Entity ID and the identifier sent by SuiteCRM (https://crm.example.com:443/ā¦ in config.php vs. https://crm.example.com/ā¦ in Azure AD). Since SuiteCRM seems to create and send identifier based on the configured site_url and Azure AD is sensitive with the input, I got rid of this error by omiting port from site_url in SuiteCRMās config.php.
Iām still stuck on an eternal login loop though, so I assume some data on Azureās end is still incomplete.
hi hakkih1,
could you please describe how you set up azure/ad/suitecrm?
Iām trying to get it work for a while now and Iām stuck. Weāre getting the microsoft login-page, but are redirected to the regular login or get trapped in a never ending loading screen.
I am hitting the same issue with the latest version that has a Docker image - 7.11.8. I am running SuiteCRM in Kubernetes using the Helm chart and Docker images from Bitnami. SuiteCRM runs fine until I enable SAML and put login/logout URLs and Certificate generate from a Keycloak SAML client.
When I re-open SuiteCRM I get a blank page(see the screenshot attached). In the suitecrm.log file I get these errors showing every few seconds when SAML is enabled :
@pgr it was sometime last year when I worked on it so I donāt remember the exact nature of the issue but
we recently upgraded our instance to 7.11.5 which reverted my changes and caused SSO to keep looping back to the login prompt for google so I assume there is a problem still.
Iāll have a look at my code and the differences to a fresh install and write something up
We got SAML authentication using Azure AD working some time after my last post. I canāt remember what exactly was the problem and how did I get it working (I think in the end it was some stupid mistake on my part). It did require a fair bit of trial-and-error, but I didnāt need to change any line of the code.
Just finished reviewing the two folders. and it turns out that onelogin has been updated since last year to the same version I am using
not sure what happened during the upgrade the other day but at this point the folder I sent in isnāt necessary
I am still not sure what to do on this. I get exactly the same issue. I tried running - ācomposer install --no-devā but it makes no difference.
Is there a newer version of SuiteCRM where this is fixed, I am still trying with - 7.11.8 ?
I ended up replacing the entire /modules/Users/authentication/SAML2Authenticate directory with the most recent version (updated 2 months ago as of this post I believe) last night, as well as re-updating config_override.php with the x509 cert hash. And it worked!
I have also updated the UpgradeAccess.php as per your suggestion (looks much cleaner).
I upgraded to 7.11.10 and SAML is broken again. Canāt figure out whatās going on.
This is what my server log is saying:
[error] 4231#4231: 211 FastCGI sent in stderr: āPHP message: PHP Warning: session_destroy(): Trying to destroy uninitialized session in ā¦/include/MVC/SugarApplication.php on line 172ā while reading response header from upstream, client: ***.**.***.***, server: ***.***.***.***, request: āGET / HTTP/2.0ā, upstream: āfastcgi://unix:/run/php/php7.2-fpm.sock:ā,