AWS Cognito SAML Single Sign-On (SSO) Integration with Drupal as IdP

Overview

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and AWS Cognito as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Download Schedule a Meeting

Configuration Steps

Drupal SAML IDP Metadata:

• Go to Configuration → People → miniOrange SAML IDP Configuration in the Administration menu. (/admin/config/people/miniorange_saml_idp/sp_setup)

• Under the IDP Metadata tab, click the Download Metadata button to download the IdP metadata file. (This is required to configure SP.)

Configure AWS Cognito as Service Provider:

• Login to the AWS console.
• Under the search bar search for Cognito and click on it.

• Click on the Create user pool button.

• In Configure sign-in experience select the following configurations :
• Enable the checkbox Federated identity providers.
• From the Cognito user pool sign-in options enable the checkbox of the attributes using which the users should be allowed to login.
• Choose SAML under the Federated Sign-in options.

• Click on the Next button.
• In Configure security requirements, choose password policy mode, Multi-factor authentication (MFA) requirements, user account recovery options click on the Next button.

• Select the suitable options from the Configure sign-up experience as per the requirements and click on the Next button.

• Choose Send email with Cognito as the Email Provider and click Next.

• Enter the User pool name. Select Other from Initial app client. Enter the App client name and then click on the Next button.

• Verify the required information, scroll down and click on the Create user pool button.
• Now search for the created user pool and click on it.

• Navigate to the Sign-in experience tab.

• Click on Add identity provider button.

• Select SAML.

• Enter the Provider name and upload the IdP metadata file that you downloaded from Drupal site.

• Enter the SAML attribute in which the email of the user is received and click on the Add identity provider button.

• Navigate to the App integration section.

• Under the Actions dropdown click on Create Cognito domain.

• Enter the Cognito domain name as per your choice and click on Create Cognito domain button.

Configuring Drupal as SAML Identity Provider (IdP):

• Navigate to the Drupal site and switch to the Service Provider Setup tab of the module. Enter the Application name under the Service Provider Name text field. For example, AWS.
• Enter the ACS URL. The ACS URL under Service Provider Setup tab in this format:

  https://Your user pool domain/saml2/idpresponse

• In AWS Cognito -> User pools -> Application name (which you have created on AWS) -> under User pool overview and then get your User pool ID. Keep it handy. Usually, the Entity Id is in the format:

  urn:amazon:cognito:sp:<yourUserPoolID>

• In Drupal's Service Provider Setup tab, paste the previously copied Entity Id into the SP Entity ID or Issuer text field.

• Scroll down and click on the Save Configuration button.

You have successfully configured the SAML SSO between AWS Cognito as SAML SP and Drupal as SAML IDP.

Related Articles

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.

• Setup Multiple Applications (Service Provider) with Drupal
• Share additional User Attribute/Roles to the Service Provider
• Dynamic Relay State (The URL to which users are redirected after successful authentication)
• IDP initiated SSO

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.

 Contact us

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.

 Know More