Salesforce Drupal Single Sign-On – SSO Integration using OpenID Connect

Overview

Drupal SSO integration will allow the users to log in to the Salesforce using the Drupal site Credentials. This SSO integration is achieved by the miniOrange OAuth / OpenID Connect server module which uses the OAuth 2.0 and OpenID Connect protocol. The module is compatible with all OAuth / OpenID Connect clients and is available for Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

In this setup guide, we will help you configure the Single Sign-on login using the OAuth protocol between the Drupal site and the Salesforce.

Download Schedule a Meeting

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  composer require 'drupal/oauth_server_sso'

• Go to Extend menu on your Drupal admin console and enable the module by enabling the checkbox and click on Install button.
• Configure the module at:

  {BaseURL}/admin/config/people/oauth_server_sso/config_client

• Install the module:

  drush en oauth_server_sso

• Clear the cache:

   drush cr

• Configure the module at:

  {BaseURL}/admin/config/people/oauth_server_sso/config_client

• Navigate to Extend menu on your Drupal admin console and click on Install new module.
• Install the Drupal OAuth / OIDC Provider - Single Sign On (SSO) module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on Install button.
• Configure the module at

  {BaseURL}/admin/config/people/oauth_server_sso/config_client

Configuration Steps

Configure Application in Salesforce:

• Login to your Salesforce account.
• Switch to the Salesforce Classic mode from the profile menu.

• Navigate to the Setup page.

• Search for Auth under the search bar in the left navigation panel.
• Click on Auth Provider.

• Click on the New button.

• From the Provider Type dropdown, select Open ID Connect.

• Enter the Application name under the Name text field and copy the generated URL Suffix.

Configure Drupal as an OAuth Server:

• Navigate to the Drupal site and go to the Configuration → miniOrange OAuth server configuration → OAuth Client tab.
• Click on the Add Client button to add a new application.

• Enter the name of your application under the Application Name text field.
• Enter the Callback URL (https://{yoursubdomain}/services/authcallback/{URL Suffix}) under the Callback/Redirect URL text field.
• You can add multiple Callback URLs by clicking on the Add More button next to the Callback/Redirect URL text field.

• Click on the Save button.
• Copy the generated Client ID and Client secret.

Configure Salesforce as OAuth Client:

• Navigate to the Salesforce dashboard and paste the copied Client ID under the Consumer Key text field.

• Paste the copied Client Secret into the Consumer Secret text field.

• Add the Scope and Endpoints as specified in the table below (You can also get the same from the Scope & Endpoints section of the Drupal site → Configuration → miniOrange OAuth server configuration → OAuth Client):-

Default Scopes	profile openid email
Authorize Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/authorize
Token Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/token
User Info Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/userinfo

• Click on the Automatically create a registration handler template link.

• Click on the Search icon next to the Execute Registration Handler As text box.

• Select the Admin account from the list of users.

• Click on the Save button.

• Now, click on the AutocreatedRegHandler link next to the Registration Handler.

• Click on the Edit button.

• Remove the existing code, paste the following code, and click on the Save button.

global class AutocreatedRegHandlerMoDrupal implements Auth.RegistrationHandler{   
        global User createUser(Id portalId, Auth.UserData data){
            User u = new User();
            Profile p = [SELECT Id FROM profile WHERE name='Chatter Moderator User'];
            u.username = data.email.split('@')[0] + '@miniorange_drupal.com';
            u.email = data.email;
            u.lastName = 'Unknown';
            u.firstName = 'Unknown';
            u.languagelocalekey ='en_US';
            u.localesidkey = 'en_US';
            u.emailEncodingKey = 'UTF-8';
            u.alias = (data.email.split('@')[0].length() > 8) ? data.email.split('@')[0].substring(0, 8) : data.email.split('@')[0];
            u.timeZoneSidKey = 'America/Los_Angeles';
            u.profileId = p.Id;
            insert u;
            return u;
        }
    
        global void updateUser(Id userId, Id portalId, Auth.UserData data){
              User u = new User(id=userId);
              u.email = data.email;
              update(u);
        }
    }        
   

• Please confirm that the Callback URL you previously entered in Drupal matches the one provided here. If there was a different configuration earlier, please update it to match the URL provided here.

• In the left navigation panel search for My Domain and click on it.

• Scroll down to the Authentication Configuration section and click on the Edit button.

• Enable the checkbox next to the Application configured under the Authentication Service section and click on the Save button.

Let’s see how this works:

• Open a new window/private browser and navigate to the login page of the Salesforce website.
• Click on the Login with Drupal button.

• Enter the Drupal credentials and click on the Log in button.

• You will be logged into Salesforce using Drupal credentials.

You have successfully performed the SSO between Salesforce and Drupal!