New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML redirect loop when user does not exists in CRM #6622
Comments
@vladaman I'll add the suggestion label here as it does throw an error in the logs and detail that the authentication fails, so there is error handling here. It simply needs improvement to catch the loop and return suitable errors/logs to the user in the UI. |
+1. |
+1 I just ran into this one again. We added a new employee (it's been a while) and then told them to go to the CRM. It gets into a SAML redirect loops infinitely. The log is filled with:
This needs better error handling. I ended up spinning my wheels on this until I realized that the account was not properly provisioned in SuiteCRM. |
I think this no longer happens when I just tested it, no longer is auth against email but instead username anyway. I would close this ticket and propose opening a new one that allows more config of the saml driver to have fallback for standard login as well. There may be times this would be useful, ie we have staff that access our CRM via SSO but we want external users to also use it but as they are not in our AD/Keycloak etc it would just be easier to implement direct login. |
When the user logs in successfully to the IDP SAML auth provider, sometimes you want the CRM to then auto create a CRM account if one does not already exist - their view might be restricted to seeing little to nothing (only records they have read access to in the ACL). Other times, you want to send a notification to some other CRM user/team leader/group owner, to authorize the creation of this new user's CRM account. |
I would also love to see user creation, the same way LDAP login does that. |
Any updates? |
Issue
When using SAML and providing non-existing email address via SAML Indentty provider the auth gets into loop. User is returned back to SuiteCRM and then back to Identity provider. This continues.
Expected Behavior
Display error message that the user account does not exists.
Actual Behavior
Notice from logs the rapid log events
Steps to Reproduce
Your Environment
The text was updated successfully, but these errors were encountered: