We have a ComponentSpace SAML idp server with ASP.net implementation and we trying to connect SuiteCRM to this server for user authentication.
I have tried the SAML Authentication option but it seems not working for the idp server.
Having talk to ComponentSpace people there and I was directed to use the simpleSAMLphp.
Do anyone has done this before and got SuiteCRM working with ComponentSpace SAML?
Thanks.
Just to put down some notes here in case anyone needs this. I managed to get this working using simplesamlphp.
Get simpelsamlphp setup and running. Make sure simplesamlphp test page is working with your ComponentSpace idp server.
Go to suitecrm > modules > Users > authentication > SAML2Authentication > SAML2Authenticate.php. In the pre_login() function, comment the codes in there (except parent::pre_login) modify it according to simpleSamlPhp authentication call.
Authentication using nameid only.
$auth->requireAuth();
\SimpleSAML\Session::getSessionFromRequest()->cleanup();
$nameid = $auth->getAuthData(‘saml:sp:NameID’);
$_SESSION[‘samlNameId’] = $nameid->value;
$this->redirectToLogin($GLOBALS[‘app’]);
Please note that this is a quick and dirty tips and it should be put in a new authenticate module for future version upgrade proof.
Currently still testing the stability of the site with above modification.
Updates:
File below need to update to bypass the $row[‘external_auth_only’] because it will cause infinite redirection if that field is empty.
suitecrm > modules > Users > authentication > SAML2Authentication > SAML2AuthenticateUser.php
//if (empty($row) || empty($row[‘external_auth_only’])) {
if (empty($row)) {