SuiteCRM 8.8.0 SAML SSO with Keycloak – Redirects to Logout After Successful Login

👨‍💻 Development Help
1

Hello Team,

We are currently using SuiteCRM v8.8.0 with PHP 8.3 and attempting to configure SAML-based SSO using Keycloak as the Identity Provider (IdP).

We have followed the official documentation:

https://docs.suitecrm.com/8.x/admin/configuration/saml/8.7.0-saml-configuration/

Issue Description

  • User is successfully redirected to the Keycloak login page.

  • Authentication completes successfully.

  • After redirecting back to SuiteCRM, the system immediately redirects to: /public/auth#logged-out

Instead of landing on the dashboard, the user is logged out automatically.

Although we can successfully redirect to the Keycloak login page, after authenticating we are redirected back to SuiteCRM and then immediately taken to the logout page. We have tried different configurations but still face the same issue.

Could you please guide us with the actual steps required to configure SSO correctly? Also, how can we display the SSO login button on the SuiteCRM login form?

Environment Details

  • SuiteCRM Version: 8.8.0

  • PHP Version: 8.3

  • APP_ENV: dev

  • APP_DEBUG: true

  • SAML_DEBUG: true

  • Keycloak Realm: trust

  • Deployment: UAT

################################

SAML CONFIGURATION

################################

AUTH_TYPE=saml
SAML_ENABLED=true

SAML_STRICT=true
SAML_COMPRESS_REQUESTS=true

APP_ENV=dev
APP_DEBUG=true
SAML_DEBUG=true

########## IDP (KEYCLOAK) ##########

SAML_IDP_ENTITY_ID=https://..com/realms/trust
SAML_IDP_SSO_URL=https://..com/realms/trust/protocol/saml
#SAML_IDP_SLO_URL=https://..com/realms/trust/protocol/saml
SAML_IDP_X509CERT=‘My certificate here’

APP_URL=https://..**/suitecrm/public

########## SP (SUITECRM) ##########

SAML_SP_ENTITY_ID=https://../suitecrm/public
#SAML_SP_ASSERTION_CONSUMER_SERVICE_URL=https://../suitecrm/public/saml/acs
SAML_SP_SINGLE_LOGOUT_SERVICE_URL=https://..**/suitecrm/public/saml/logout

SAML_AUTO_CREATE_USERS=true

########## USER MAPPING ##########

SAML_USERNAME_ATTRIBUTE=username
SAML_USE_ATTRIBUTE_FRIENDLY_NAME=false

SAML_AUTOCREATE=enabled

SAML_AUTOCREATE_ATTRIBUTES_MAP=‘{
“username”:“user_name”,
“email”:“email1”,
“givenName”:“first_name”,
“surname”:“last_name”
}’

Any help or sample configuration would be greatly appreciated.

Thanks in advance!

2