Thread Details
  • State Not Answered
  • Replies 14 replies
  • Subscribers 374 subscribers
  • Views 3739 views
  • Users 0 members are here
Forum Actions

What file to customize to change the way sugar does login?

Nagy Zoltan

Hello. I am working on a user synchronization system from our companies main product, Workspace. I have made a REST api that inserts users into CRM, triggered from Workspace. Now, I want to customize sugar login the following way: Do the regular stuff and check username and password. If there is a match, cool, do as usual. If not, instead of directly jumping out with the "invalid credentials" message contact Workspace with the hashed password and username and if there is a match there, do as if the hash was correct in the first place. PS: This is a mock-up replacement for single sign on, until we develop that properly, using SAML and open ID connect. That means the user is present in the CRM system but I am failing to match the way workspace hashes the password with the way sugar hashes the password. The result is if I try to log into CRM, I get the "invalid credentials" error. So what file and method I would need to customize?

Parents
  • 0 Sugar Employee Badge

    You can create a custom user authentication. Have a look on modules/Users/authentication/, here you find different authentication methods. You can write your own files in custom/modules/Users/authentication/CustomSugarAuthenticate/ and custom/modules/Users/authentication/SugarAuthenticate/ to create an own SSO mechanism together with an own view in custom/modules/Users/views/view.authenticate.php

    For this you need some entry like $sugar_config['authenticationClass'] = 'CustomSugarAuthenticate'; 
    in config.php (not in config_override.php!)

    It's not simple, but doable.

    See here for current implementation: https://support.sugarcrm.com/Knowledge_Base/Password_Management/Security_Layers_for_User_Authentication_in_Sugar/

    Harald Kuske
    Principal Solution Architect – Professional Services, EMEA
    hkuske@sugarcrm.com
    SugarCRM Deutschland GmbH

  • 0 in reply to Harald Kuske

    Can you please elaborate/detail how this should happen? It is very promising, but I never touched this area, so I am unfamiliar. I customized quotes and accounts usually

Reply
  • 0 in reply to Harald Kuske

    Can you please elaborate/detail how this should happen? It is very promising, but I never touched this area, so I am unfamiliar. I customized quotes and accounts usually

Children
  • 0 Sugar Employee Badge in reply to Nagy Zoltan

    You need a clear specification how the SSO should work.

    One possible scenario could be that Sugar Authentication has to call an external tool which creates a session and returns the session_id back to Sugar, perhaps by another service call from sugar to this tool. 

    So, the first thing is to know the details  of the used SSO tool, some kind of information flow.

    Harald Kuske
    Principal Solution Architect – Professional Services, EMEA
    hkuske@sugarcrm.com
    SugarCRM Deutschland GmbH