I turned on SAML and now unable to access admin login page.
I checked the external_auth_only of the users and they are all set to 0
I understand SAML config is in confir_verride.php
Is there any way to disable the SAML authentication by modifying the config files?
Try logging in by adding parameter no_saml=true in URI, e.g. https://crm.example.com/index.php?action=Login&module=Users&no_saml=true
That way you should be able to authenticate and disable SAML from administration.
Thank you for your reply… But when i try in the format suggested by you, i get a 404 error…
So is there a way to disable it in the db or via files?
Kindly let me know…
Thanks and Regards
Welcome to the community
To disable saml go to your config_override.php and change the value of saml_authentication to false. This will restore previous auth functionality.
Thank you for your reply.
That entry did not exist in config_override.php file. so i added it as below.
But the SAML authentication is not disabled…
This is the url https://bit.ly/2W6WPe5
Thanks and Regards
I also have set these as suggest by some user…
$sugar_config[‘authenticationClass’] = ‘’;
$sugar_config[‘SAML_loginurl’] = ‘’;
$sugar_config[‘SAML_X509Cert’] = ‘’;
yet the SAML authentication is not disabled…
Also the error if we try to login using the SAML authentication is
The config file line is as below.
We are using SAML with Azure AD too and I’ve never seen that error message (plenty of others though). Also the configuration parameter suggested by @Mac-Rae should do the trick.
I find it odd you get a 404 trying to hit index.php with a parameter; it shouldn’t give a 404 in any case but at least redirect you to the SAML login. Is there anything in web server’s errorlog? Can you reach anything on you crm site, e.g. if you ran
echo test > path/to/crmroot/test.txt in command line are you able to access that with browser?
EDIT: I just realised that if it redirects you to O365 login then index.php is reachable. Check that you don’t have any conflicting lines in config.php.
Hmm ok, what version of SuiteCRM are you using?
Hi @TLi and @Mac-Rae.
Thank you very much for your support. I went through the config file and the site url was put as the IP address. So i tried the link suggested by Rae using the IP address and was able to access the Admin panel. The enable SAML is unchecked in the admin panel. However, the domain still keeps redirecting to the SAML authentication. So not sure what is going on.
Hmm that is a strange one,
The enable SAML is unchecked in the admin panel.
What happens if you enable it, save, and then disable it again?
As @Mac-Rae said, that is a strange issue.
I’ll throw some random suggestions that you could check in the hopes that they might help (but no guarantees):
- Check .htaccess for anything fishy. You could also try rebuilding it at Administration->Repair->Rebuild .htaccess
- Which web server are you using? Check the server settings for crm site and make sure there’s nothing e.g. forcing a redirect
- Check web server logs and suitecrm.log for clues
- Try a different web browser and/or private/incognito mode in case it’s a local cache issue
EDIT: Mistake with blockquote.
I am using SuiteCRM 7.5.3-0.
That could be why, last few version there been numerous updates to fix saml issues including really important security issues. I suggest if and when possible you updated to latest 7.10.x