Rocket.Chat SAML Single Sign-On (SSO) Integration with Drupal as IdP

Overview

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and Rocket.Chat as a Service Provider(SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. This module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Installation Steps

• Using Composer
• Using Drush
• Manual Installation

• Download the module:

  Composer require 'drupal/miniorange_saml_idp'

• Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
• Enable the module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

• Install the module:

  drush en miniorange_saml_idp

• Clear the cache:

   drush cr

• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

• Navigate to Extend menu on your Drupal admin console and click on Install new module button.
• Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
• Click on Enable newly added modules.
• Enable this module by checking the checkbox and click on install button.
• Configure the module at

  {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Configuration Steps

Obtain SAML IDP Metadata from Drupal:

• Once the module is installed, navigate to the Configuration tab from the top navigation bar and click on the miniOrange SAML IDP Configuration.

• Navigate to the IDP Metadata tab. Copy the SAML Login URL, and X.509 Certificate. Keep it handy. (This is required in order to set up Rocket.Chat as a SAML SP)

Configure Rocket.Chat as Service Provider

• Open a new browser tab or window, Log in to your RocketChat account as Account Admin.
• Click on Administration from the left corner and navigate to Workspace.

• Scrolldown and click on the Settings and search for SAML. Click on the Open button in the SAML card.

• Now, enter the previously copied SAML Login URL and X.509 Certificate from Drupal in the corresponding textfield as per below table:

  Custom Provider	<name-of-your-app>
  Custom Entry Point	Enter the SAML Login URL copied from step 2.
  Custom Issuer	https://<your-rocketchat-url>/_saml/metadata/<name-of-your-app>



Note: Copy the Custom Issuer url, it is Service Provider metadata url and required to configure Drupal as Identity Provider.

• Scrooldown and enter previously copied X.509 Certificate from Drupal into the Public Cert Contents textfield.
• Select Validate Response Signature from the Signature Validation Type dropdown.
• Click on the Save button.

Configuring Drupal as SAML Identity Provider (IdP):

• Go to the Drupal site. Navigate to the Service Provider Setup tab of the miniOrange SAML IDP module.
• Click on the Upload SP Metadata.

• Paste the copied Custom Issuer (Metadata URL) url into the Add from a URL textfield and click on Fetch Metadata button.

• Scrolldown and click on the Save Configuration button.

• Now click on the Test link to verify your configuration. If your configurations are correct then you will get the homepage of the Rocket.Chat site in the test configuration window.

You have successfully configured the SAML SSO between Rocket.Chat as SAML SP and Drupal as SAML IDP.