SAML SSO Integration Issue – Not Redirecting to IdP on Login (SuiteCRM 8.5.1)

amore · 5 June 2025 12:07

SuiteCRM Version: 8.5.1
Installation Type: Compiled zip (official release)
Authentication Type: SAML SSO (Azure AD)
Environment: Azure VM with IIS 10 and PHP
Frontend: Default React frontend (/public/#/Login)

Issue Summary:

We are trying to enable SAML Single Sign-On (SSO) authentication in SuiteCRM using Azure AD as the Identity Provider (IdP). Despite setting all required configuration variables in .env and .env.local, the application still loads the default login screen instead of redirecting to the Azure AD login page.

Configuration Changes Made:

Below are the key changes added to the .env and .env.local files:

AUTH=saml
SAML_ENABLED=true

SAML_SSO_URL="https://login.microsoftonline.com/{your-tenant-id}/saml2"
SAML_ACS_URL="https://crm.example.com/public/legacy/index.php?module=Users&action=Authenticate"
SAML_IDP_ENTITY_ID="https://sts.windows.net/{your-tenant-id}/"
SAML_SP_ENTITY_ID="https://crm.example.com"

SAML_X509_CERT="-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIQCgooq+meS6N5NGR9VJgdFTANBgkqhkiG9w0BAQsFADBg
...
-----END CERTIFICATE-----"

SAML_REQUEST_SIGNING=true
SAML_VALIDATE_SIGNATURE=true
SAML_VALIDATE_RESPONSE=true
SAML_VALIDATE_ASSERTION=true

Observed Behavior:

SuiteCRM continues to show the default login page at /public/#/Login.
No redirection to the IdP (Azure AD login page) is triggered automatically.
No relevant errors are shown in SuiteCRM logs.
We confirmed that the AUTH=saml setting is loaded correctly.

Expected Behavior:

Upon accessing the login page, SuiteCRM should automatically redirect to the Azure AD login page for authentication via SAML.

Request:

Please assist in diagnosing why SuiteCRM is not initiating the SAML SSO flow, despite the environment variables being correctly configured. Any guidance or troubleshooting steps would be greatly appreciated.

marius.gelezinis · 6 June 2025 04:36

The key in .env should be AUTH_TYPE=saml instead of AUTH=saml

bhavin0070 · 6 June 2025 07:26

I attempted to implement the same functionality using Google Sign-In, but it did not work as expected.
Could anyone please guide me on how to properly configure or troubleshoot Google Sign-In integration?

amore · 6 June 2025 08:35

I crossed checked in .env file it is AUTH_TYPE=saml
Still, it is not working.

amore · 6 June 2025 13:55

Hi,

I’ve set up a fresh installation using the latest SuiteCRM version 8.8 on nginx server and configured Azure Single Sign-On (SSO) for authentication.

But still it is not working.

Please advise on how to resolve this issue, especially in the context of Azure SSO integration.

Urvi · 4 July 2025 08:35

Hi @amore,
to resolve the Azure SSO issue with your SuiteCRM 8.8 on Nginx, first ensure that the Azure AD redirect URI exactly matches your SuiteCRM URL and that the client ID, tenant ID, and secret are correctly set in the config. Make sure OpenID Connect (OIDC) is enabled in SuiteCRM and that your Nginx setup isn’t blocking any headers or redirects. Also, check both SuiteCRM and Nginx logs for any errors, and verify that Azure AD users are mapped properly to SuiteCRM users.