Canvas LMS SAML Single Sign-On (SSO) Integration with Drupal as IdP
Overview
This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and Canvas LMS as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Installation Steps
- Using Composer
- Using Drush
- Manual Installation
Configuration Steps
Drupal SAML IdP Metadata:
- After installing the module on your Drupal site, in the Administration menu → navigate to Configuration → People → miniOrange SAML IDP Configuration. (/admin/config/people/miniorange_saml_idp/idp_setup)
- Under the IDP Metadata tab, click on the Download Metadata button. Open it on the notepad and copy the IdP information. Keep it handy. (This information is required to configure Canvas LMS as SAML SP.)
Configure Canvas LMS as Service Provider:
- Login to your Canvas LMS domain as an Account Administrator.
- Switch to Admin View.
- Go to Courses and under Managed Accounts, click on your domain name.
- Click on Authentication in the left pane and select SAML from the Choose an authentication service drop down list.
- Under Current Integration, click on Add New SAML Config and enter the details as shown:
| IdP Entity ID | Copy IDP Entity ID / Issuer from IDP Metadata tab in Drupal SAML IDP module and paste it. |
| Log On URL | Copy SAML Login URL from IDP Metadata tab in Drupal SAML IDP module and paste it. |
| Log Out URL | Copy SAML Logout URI from IDP Metadata tab in Drupal SAML IDP module and paste it. |
| Certificate Fingerprint | Follow the steps below to copy the Thumbprint of certificate: 1. Open the certificate that was downloaded earlier. 2. Go to Details and in the field column select Thumbprint. 3. Copy the Thumbprint that opens in the pane by pressing CTRL+C (Right-Click won’t work!). 4. Paste the Thumbprint in the Certificate Fingerprint. Make sure that there are no spaces in between the Certificate Fingerprint. Remove them manually. |
| Login Attribute | NameID |
| Identifier Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Authentication Context | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
| Login Label | Username |
| Unknown User Url | Leave blank. |
Configuring Drupal as SAML Identity Provider (IdP):
- Go to the Drupal site. Navigate to the Service Provider Setup tab of the miniOrange SAML IDP module. (/admin/config/people/miniorange_saml_idp/sp_setup)
- Click on the Upload SP Metadata.
- Upload the metadata file downloaded from the Canvas LMS.
- Click on the Test button to test the SSO.
- Setup Multiple Applications (Service Provider) with Drupal
- Share additional User Attribute/Roles to the Service Provider
- Dynamic Relay State (The URL to which users are redirected after successful authentication)
- IDP initiated SSO
You have successfully configured the SAML SSO between Canvas LMS as SAML SP and Drupal as SAML IDP.
Additional Features:
Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.
