SuiteCRM – SAML authentication vulnerability

There’s a serious bug in the current implementation of SAML authentication which allows an unauthenticated attacker to log into any existing user account without a password. The details have been reported to the vendor.

Read more ›
Posted in Software, System Administration Tagged with: ,

SuiteCRM – Broken SAML Authentication

PHP SAML Toolkit version has changed in SuiteCRM-7.8.2 which rendered existing SAML configurations broken. I also had the old version patched for SLO support. The patch proved difficult to port due to significant changes in the code and it didn’t make much sense either as the new toolkit version should have supported SLO out of the box.

Below are my short notes on how to migrate relevant SimpleSAMLphp IdP configuration to newer PHP SAML Toolkit version. Also included is SLO patch for SuiteCRM-7.8.18 LTS.

Read more ›
Posted in Software Tagged with: , , ,

iPROS24 Notices – Advanced usage and examples

Notes on advanced usage of iPROS24 Notices plugin. Ready-to-go examples.

Read more ›
Posted in Software Tagged with: ,