Direct record link not passing URL parameter to SAML login

Bug reproduction:

  1. Custom single sign on is used and it’s working fine.
  2. Generated a direct record link in email notification (e.g. domain/index.php?module=Leads&return_module=Leads&action=DetailView&record=XXXXXXXXXX) but when user clicked on the link, the browser unable to go to the record page after login.
  3. Checking the url and it seems the parameter in the URL has lost.

In include\MVC\SugarApplication.php in loadUser() function, the login_XXXXX parameter was dropped when redirect was called and needs to be added back in.

    if (isset($_SESSION['authenticated_user_id'])) {
        // set in modules/Users/Authenticate.php
        if (!$authController->sessionAuthenticate()) {
            // if the object we get back is null for some reason, this will break - like user prefs are corrupted
            $GLOBALS['log']->fatal('User retrieval for ID: (' . $_SESSION['authenticated_user_id'] . ') does not exist in database or retrieval failed catastrophically.  Calling session_destroy() and sending user to Login page.');
            **$loginVars = $this->createLoginVars();**
**                SugarApplication::redirect('index.php?action=Login&module=Users' . (empty($loginVars) ? '' : $loginVars));**
    } elseif (!($this->controller->module == 'Users' && in_array($this->controller->action, $allowed_actions))) {
        **$loginVars = $this->createLoginVars();**
**        SugarApplication::redirect('index.php?action=Login&module=Users'. (empty($loginVars) ? '' : $loginVars));**

In the SAML2Authenticate.php, the following code is added to the redirectToLogin() function:

            //check whether there is a login redirect
            $redirectVars = array('module', 'action', 'record');
            foreach ($redirectVars as $var) {
                if (!empty($_REQUEST['login_' . $var])) {
                    $ret[$var] = $_REQUEST['login_' . $var];

            if (!empty($ret)) {
            } else {

I hope this helps anyone has issue on the direct link with saml login.

Is this a bug within the CRM? If so you’d be best putting this thread on the GitHub so it gets seen by the Devs :+1::+1: