I’m currently trying to configure SAML with SuiteCRM 7.9.9 and a ADFS 2.0 server (Windows Server 2012 R2) to enable single sign on. I extracted my login URL, SLO URL and X509 certificate from the ADFS manifest and configured SuiteCRM with it. On the other side I configured a new entry on the ADFS following guides about SugarCRM. When I navigate to Suite, I got redirected to the ADFS login page but I got an error that dont said too much…
I search on the web how to configure SuiteCRM with ADFS and did not find any documentation that helped me except some about SugarCRM, but it looks like it dont work exactly the same way,with Sugar there is an option to import the manifest and export an output manifest to ease the configuration.
Does someone already configured it succesfully? Is there documentation for Suite somewhere? how the settings.php should be configured?
I finally got the Single Sign In working with our ADFS. Here is some things I have to do on the ADFS side to make it work:
[ul]
[li]Trust those two URL:
https ://aaa.bbb.com/index.php?action=Login&module=Users
https ://aaa.bbbl.com/index.php [/li]
[li]Create a first rule to map LDAP attributes to outgoing claim type using email address.
Create a second rules to transform incomming claim (email address) type to outgoing claim type (email address).
Following Step 13 of this guide: http://support.sugarcrm.com/Knowledge_Base/Password_Management/Configuring_SSO_With_ADFS_in_Sugar_7.9_and_Lower/index.html [/li]- Our SuiteCRM installation is on-premise, so all transaction occur inside our network. We have to enable the Form Authentication for intranet. By defaults its only Windows authentication.
So far so good, now we are able to successfully login. BUT, we are still not able to logout! On logout we are redirected to the ADFS page with an error in the log: