SAML Single Sign-On (SSO) into Drupal using PhenixID as IdP

Overview

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between PhenixID and the Drupal site. The users will be able to log in to the Drupal site using their PhenixID credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and PhenixID as an Identity Provider (IdP). The module is compatible with with Drupal 7, Drupal 8, Drupal 9, Drupal 10 and Drupal 11.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  Composer require 'drupal/miniorange_saml'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
• Enable the module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml/idp_setup

• Install the module:

  drush en drupal/miniorange_saml

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml/idp_setup

• Navigate to Extend menu on your Drupal admin console and click on Install new module button.
• Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml/idp_setup

Configuration Steps

Drupal SAML SP Metadata

• Go to Configuration → People → SAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)

• Navigate to the Service Provider Metadata and download the metadata. (This is required in configuring the PhenixID as a SAML IdP)

Configure SAML Single Sign-On Application in PhenixID

• Login to the PhenixID server admin console with your credentials.
• Navigate to Scenarios tab and then click on Federation.

• In the left pane, scroll down then select SAML Metadata Upload and click on + sign.
• In the Metadata tab, enter the application NAME and DESCRIPTION (optional).

• Upload the metadata file.

• Then click on Verify and show.
• In the left pane, select Username and Password.
• Click on + sign to provide IDP NAME and DESCRIPTION (Optional) then click on Next.

• In the CONNECTION tab, select Create New then proceed to Next page.

• Choose the required Connection Type from the SELECT CONNECTION TYPE dropdown.

• Give your connection a NAME and DESCRIPTION (Optional) and then click on Next.

• In the Driver tab, select the database driver according to your database and proceed to next screen.

• Under CONNECTION DETAILS enter your database HOST.

• Enter your DATABASE NAME.

• The console will now provide you with your database connection URL, verify it and click on Next.

• Under the Credentials tab enter your database Username and Password.

• In the JDBC SEARCH SETTINGS tab, provide the database query required for mapping the attributes.
• Make sure that attributes givenName, mail and sn are returned in the query then click on Next.

• Now create an Entity ID for your IDP and make sure it is unique.
• Also provide a POST SSO URL in the format specified.

• Next screen will show you the Keystore tab, you can choose Keystore of your choice or can keep it as a default.
• Click on Next.

• In the Attributes tab, enter the User Identifier attribute and additional attributes if there are any and proceed to the next screen.

• Select the SP you previously set up as Default SP from the dropdown.

• Click on Create to complete the setup.

• You can find your IDP listed on sidebar as submenu to Username and Password.
• Select your IDP name, then navigate to the IDENTITY PROVIDER tab and click on View SAML Metadata to save the metadata XML file.
• Download the Metadata and keep it handy.

Configure Drupal as Service Provider:

• Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata..
• Upload downloaded Metadata file.
• Click on the Fetch Metadata button.

• Click on the Test link to test the connection between Drupal and PhenixID.

• In the test configuration window, a success message with SAML response attributes will appear if the configurations are correct; otherwise, error messages with additional troubleshooting instructions will appear. Click on Done.

Congratulations! You have successfully configured PhenixID as an Identity Provider and Drupal as a Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (PhenixID) link.
• You will be redirected to the PhenixID login page. Enter the PhenixID credentials. After successful authentication, the user will be redirected back to the Drupal site.