search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.53k stars 2.09k forks source link

saml not working because of clientid not being send(?) #10577

Open f1-outsourcing opened 6 hours ago

f1-outsourcing commented 6 hours ago

Issue

[[C2024-11-15 21:18:14,160 WARN [org.keycloak.events] (executor-thread-4) type="LOGIN_ERROR", realmId="a2a87471-45ee-400d-b064-8e51666e337d", realmName="xxxxxx", clientId="null", userId="null", ipAddress="192.168.123.90", error="client_not_found", reason="Cannot_match_source_hash"

Possible Fix

add clientid to the password form and send it.

Steps to Reproduce the Issue

Probably need newer saml server to see this error, maybe new in saml2 specification?

Context

No response

Version

7.14.6

What browser are you currently using?

Firefox

Browser Version

No response

Environment Information

mysql php8.2

Operating System and Version

nvm

f1-outsourcing commented 3 hours ago 
 46 error_log('>>>'.$spBase);
 47 $settingsInfo = array (
 48     'sp' => array (
 49         'entityId' => 'xxxxxxxx',
 50         'assertionConsumerService' => array (
 51             'url' => $spBase,
 52         ),
 53         'singleLogoutService' => array (
 54             'url' => $spBase,
 55         ),
 56         'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
 57     ),
 58     'idp' => array (
 59         'entityId' => 'xxxxxxxx',
 60         'singleSignOnService' => array (

If I change the code like this and xxxxx matches my clientid in keycloak, I am proceeding further in the process.

I have the impression that either suitecrm or keycloak is not following a standard.

https://stackoverflow.com/questions/24196369/what-to-present-at-saml-entityid-url