Search Results :

×

AWS Cognito SAML Single Sign-On (SSO) Integration with Drupal as IdP

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and AWS Cognito as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

  • Download the module:
    Composer require 'drupal/miniorange_saml_idp'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Install the module:
    drush en miniorange_saml_idp
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Go to ConfigurationPeopleminiOrange SAML IDP Configuration in the Administration menu. (/admin/config/people/miniorange_saml_idp/sp_setup)
Drupal SAML IDP - select miniOrange SAML IDP Configuration
  • Under the IDP Metadata tab, click the Download Metadata button to download the IdP metadata file. (This is required to configure SP.)
Drupal SAML IDP - Download Metadata File
  • Login to the AWS console.
  • Under the search bar search for Cognito and click on it.
AWS-Cognito-SAML-SP-Search-for-Cognito
  • Click on the Create user pool button.
AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • In Configure sign-in experience select the following configurations :
    • Enable the checkbox Federated identity providers.
    • From the Cognito user pool sign-in options enable the checkbox of the attributes using which the users should be allowed to login.
    • Choose SAML under the Federated Sign-in options.
AWS-Cognito-SAML-SP-Select-SAML-Federated-Identity-Provider
  • Click on the Next button.
  • In Configure security requirements, choose password policy mode, Multi-factor authentication (MFA) requirements, user account recovery options click on the Next button.
AWS-Cognito-SAML-SP-Configure-MFA
  • Select the suitable options from the Configure sign-up experience as per the requirements and click on the Next button.
AWS-Cognito-SAML-SP-Configure-Sign-in-Experience
  • Choose Send email with Cognito as the Email Provider and click Next.
AWS-Cognito-SAML-SP-Select-Message-Delivery-Option
  • Enter the User pool name. Select Other from Initial app client. Enter the App client name and then click on the Next button.
AWS-Cognito-SAML-SP-Enter-UserPool
  • Verify the required information, scroll down and click on the Create user pool button.
  • Now search for the created user pool and click on it.
AWS-Cognito-SAML-SP-Select-Created-UserPool
  • Navigate to the Sign-in experience tab.
AWS-Cognito-SAML-SP-Navigate-to-Sign-In-Experience
  • Click on Add identity provider button.
AWS-Cognito-SAML-SP-Click-Add-Identity-Providers
  • Select SAML.
AWS-Cognito-SAML-SP-Select-SAML
  • Enter the Provider name and upload the IdP metadata file that you downloaded from Drupal site.
AWS-Cognito-SAML-SP-Enter-Drupal-Metadata
  • Enter the SAML attribute in which the email of the user is received and click on the Add identity provider button.
AWS-Cognito-SAML-SP-Select-SAML-Attribute
  • Navigate to the App integration section.
AWS-Cognito-SAML-SP-Click-App-Integeration
  • Under the Actions dropdown click on Create Cognito domain.
AWS-Cognito-SAML-SP-Click-Create-Cognito-Domain
  • Enter the Cognito domain name as per your choice and click on Create Cognito domain button.
AWS-Cognito-SAML-SP-Enter-Custom-Domain-Name
  • Navigate to the Drupal site and switch to the Service Provider Setup tab of the module. Enter the Application name under the Service Provider Name text field. For example, AWS.
  • Enter the ACS URL. The ACS URL under Service Provider Setup tab in this format:

    https://Your user pool domain/saml2/idpresponse

Drupal-Single-Sign-On-Paste-the-SP-ACS-URL
  • In AWS Cognito -> User pools -> Application name (which you have created on AWS) -> under User pool overview and then get your User pool ID. Keep it handy. Usually, the Entity Id is in the format:

    urn:amazon:cognito:sp:<yourUserPoolID>

AWS-Cognito-SAML-SP-Copy-UserPool-ID
  • In Drupal's Service Provider Setup tab, paste the previously copied Entity Id into the SP Entity ID or Issuer text field.
AWS-Cognito-SAML-SP-Copy-UserPool-ID
  • Scroll down and click on the Save Configuration button.

You have successfully configured the SAML SSO between AWS Cognito as SAML SP and Drupal as SAML IDP.

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.


[MO_CONTACT_US]
ADFS_sso ×
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com