saml not working because of clientid not being send(?) #5273

New issue

Open

opened 2026-02-20 16:32:15 -05:00 by deekerman · 1 comment

deekerman commented

2026-02-20 16:32:15 -05:00

Owner

Originally created by @f1-outsourcing on GitHub (Nov 15, 2024).

Issue

[[C2024-11-15 21:18:14,160 WARN [org.keycloak.events] (executor-thread-4) type="LOGIN_ERROR", realmId="a2a87471-45ee-400d-b064-8e51666e337d", realmName="xxxxxx", clientId="null", userId="null", ipAddress="192.168.123.90", error="client_not_found", reason="Cannot_match_source_hash"

Possible Fix

add clientid to the password form and send it.

Steps to Reproduce the Issue

Probably need newer saml server to see this error, maybe new in saml2 specification?

Context

No response

Version

7.14.6

What browser are you currently using?

Firefox

Browser Version

No response

Environment Information

mysql php8.2

Operating System and Version

nvm

Originally created by @f1-outsourcing on GitHub (Nov 15, 2024). ### Issue [[C2024-11-15 21:18:14,160 WARN [org.keycloak.events] (executor-thread-4) type="LOGIN_ERROR", realmId="a2a87471-45ee-400d-b064-8e51666e337d", realmName="xxxxxx", clientId="null", userId="null", ipAddress="192.168.123.90", error="client_not_found", reason="Cannot_match_source_hash" ### Possible Fix add clientid to the password form and send it. ### Steps to Reproduce the Issue ```bash Probably need newer saml server to see this error, maybe new in saml2 specification? ``` ### Context _No response_ ### Version 7.14.6 ### What browser are you currently using? Firefox ### Browser Version _No response_ ### Environment Information mysql php8.2 ### Operating System and Version nvm

deekerman added the

Type: Bug

label

2026-02-20 16:32:15 -05:00

deekerman commented

2026-02-20 16:32:17 -05:00

Author

Owner

@f1-outsourcing commented on GitHub (Nov 15, 2024):

 46 error_log('>>>'.$spBase);
 47 $settingsInfo = array (
 48     'sp' => array (
 49         'entityId' => 'xxxxxxxx',
 50         'assertionConsumerService' => array (
 51             'url' => $spBase,
 52         ),
 53         'singleLogoutService' => array (
 54             'url' => $spBase,
 55         ),
 56         'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
 57     ),
 58     'idp' => array (
 59         'entityId' => 'xxxxxxxx',
 60         'singleSignOnService' => array (

If I change the code like this and xxxxx matches my clientid in keycloak, I am proceeding further in the process.

I have the impression that either suitecrm or keycloak is not following a standard.

https://stackoverflow.com/questions/24196369/what-to-present-at-saml-entityid-url

@f1-outsourcing commented on GitHub (Nov 15, 2024): 46 error_log('>>>'.$spBase); 47 $settingsInfo = array ( 48 'sp' => array ( 49 'entityId' => 'xxxxxxxx', 50 'assertionConsumerService' => array ( 51 'url' => $spBase, 52 ), 53 'singleLogoutService' => array ( 54 'url' => $spBase, 55 ), 56 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', 57 ), 58 'idp' => array ( 59 'entityId' => 'xxxxxxxx', 60 'singleSignOnService' => array ( If I change the code like this and xxxxx matches my clientid in keycloak, I am proceeding further in the process. I have the impression that either suitecrm or keycloak is not following a standard. https://stackoverflow.com/questions/24196369/what-to-present-at-saml-entityid-url