Good Day,
I would like to integrate MS Entra ID with SuiteCRM for SSO. Please provide some links / documentation on how to do this.
Thanks!
Good Day,
I would like to integrate MS Entra ID with SuiteCRM for SSO. Please provide some links / documentation on how to do this.
Thanks!
Hello @jomelp
While a direct integration between Entra ID (formerly Azure AD) and SuiteCRM 8 for Single Sign-On (SSO) isn’t available, here are two effective approaches to achieve similar functionality:
1. SAML 2.0 Integration:
SuiteCRM Configuration:
Entra ID Configuration:
In your Entra ID tenant, navigate to “Enterprise Applications” and create a new application for SuiteCRM.
Select “SAML 2.0” as the sign-on method and configure settings based on SuiteCRM’s SAML configuration (Entity ID, SSO URL, etc.).
Provide SuiteCRM with the necessary SAML attributes (e.g., username) for user identification.
2. Third-Party Integration Tool:
Resources:
I hope this comprehensive response assists you in achieving SSO between Entra ID and SuiteCRM 8!
Thank you.
Hi @chirag_biz309 ,
I can’t find the “SAML Authentication” module in the official SuiteCRM store.
Hello @jomelp
Please check How to enable SAML authentication, no need to install or find SAML Authentication in the official SuiteCRM store.
I hope this helps!
Thanks.
Hi. I also have the same issue. I looked at the documentation you provided, but it seems I’m missing some configuration.
Would anyone know what this error log means? Somehow I’m confused as to where should the yaml files be located or how to configure IDP and SP settings.
[2024-02-05 07:00:42] request.CRITICAL: Uncaught PHP Exception OneLogin\Saml2\Error: "Invalid array settings: sp_acs_url_invalid, sp_sls_url_invalid, idp_sso_url_invalid, idp_slo_url_invalid, idp_cert_or_fingerprint_not_found_and_required" at /bitnami/suitecrm/vendor/onelogin/php-saml/src/Saml2/Settings.php line 149 {"exception":"[object] (OneLogin\\Saml2\\Error(code: 2): Invalid array settings: sp_acs_url_invalid, sp_sls_url_invalid, idp_sso_url_invalid, idp_slo_url_invalid, idp_cert_or_fingerprint_not_found_and_required at /bitnami/suitecrm/vendor/onelogin/php-saml/src/Saml2/Settings.php:149)"} []
Hello @Aftershow76,
Perhaps this topic will be helpful for your issue.
Let me know, if you’ve any concerns.
Thanks.
Thank you. That helped alot. Would you know what might be missing? When I try to clear the cache, it displays an error regarding security.firewalls.
In PrototypedArrayNode.php line 288:
You are not allowed to define new elements for path “security.firewalls”. Please define all elements for this path in on
e config file.
Here are the contents of security.yaml based on the topic you provided.
security:
# …providers: saml_provider: # Basic provider instantiates a user with default roles saml: user_class: 'AppBundle\Entity\User' default_roles: ['ROLE_USER'] firewalls: app: pattern: ^/ saml: # Match SAML attribute 'uid' with username. # Uses getNameId() method by default. username_attribute: uid # Use the attribute's friendlyName instead of the name use_attribute_friendly_name: true check_path: saml_acs login_path: saml_login logout: path: saml_logout access_control: - { path: ^/saml/login, roles: PUBLIC_ACCESS } - { path: ^/saml/metadata, roles: PUBLIC_ACCESS } - { path: ^/, roles: ROLE_USER }
Hello @Aftershow76
Let’s break down the issues and provide comprehensive solutions:
Understanding the “Invalid array settings” Error:
sp_acs_url
: URL for Entra ID to send authentication responses (Assertion Consumer Service).sp_sls_url
: URL for Single Logout Service in SuiteCRM (typically /saml/logout
).idp_sso_url
: URL for Entra ID’s Single Sign-On endpoint.idp_slo_url
: URL for Entra ID’s Single Logout endpoint.idp_cert_or_fingerprint
: Entra ID’s signing certificate (entire certificate or its SHA-256 fingerprint).Resolving the “security.firewalls” Conflict:
1. Consolidate Firewall Configuration:
config/packages/security.yaml
.2. Clear Cache and Regenerate Configurations:
bin/console cache:clear --no-warmup
By following these steps and carefully verifying your configuration, you should be able to successfully resolve the errors and establish a seamless Entra ID integration for your SuiteCRM 8 users.
I hope this helps!
Thanks.
Every time I do the bin/console cache:clear --no-warmup the CRM server login page is inaccessible and throws out server error 500.
When I copy back the backup of the cache folder, the page loads properly.
Is there any other way to load symphony changes aside from clearing the cache ?
SAML still doesn’t work. I do not see any logs on saml on prod.log or crm.log
Sorry, I don’t have any idea about it
Me neither…
I never used SAML