AWS Cognito SAML Single Sign-On (SSO) Integration with Drupal as IdP

Overview

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and AWS Cognito as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Download

Schedule a Meeting

Installation Steps

Using Composer
Using Drush
Manual Installation

Download the module:

Composer require 'drupal/miniorange_saml_idp'

Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
Enable the module by checking the checkbox and click on install button.

Configure the module at

{BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Install the module:
```
drush en miniorange_saml_idp
```
Clear the cache:
```
 drush cr
```

Configure the module at

{BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Navigate to Extend menu on your Drupal admin console and click on Install new module button.
Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
Click on Enable newly added modules.
Enable this module by checking the checkbox and click on install button.

Configure the module at

{BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Configuration Steps

Drupal SAML IDP Metadata:

Go to Configuration → People → miniOrange SAML IDP Configuration in the Administration menu. (/admin/config/people/miniorange_saml_idp/sp_setup)

Drupal SAML IDP - select miniOrange SAML IDP Configuration

Under the IDP Metadata tab, click the Download Metadata button to download the IdP metadata file. (This is required to configure SP.)

Drupal SAML IDP - Download Metadata File

Configure AWS Cognito as Service Provider:

Login to the AWS console.
Under the search bar search for Cognito and click on it.

Click on the Create user pool button.

AWS Cognito as SP and Drupal as IDP, Manage User Pools

In Configure sign-in experience select the following configurations :

Enable the checkbox Federated identity providers.
From the Cognito user pool sign-in options enable the checkbox of the attributes using which the users should be allowed to login.
Choose SAML under the Federated Sign-in options.

AWS-Cognito-SAML-SP-Select-SAML-Federated-Identity-Provider

Click on the Next button.
In Configure security requirements, choose password policy mode, Multi-factor authentication (MFA) requirements, user account recovery options click on the Next button.

Select the suitable options from the Configure sign-up experience as per the requirements and click on the Next button.

AWS-Cognito-SAML-SP-Configure-Sign-in-Experience

Choose Send email with Cognito as the Email Provider and click Next.

AWS-Cognito-SAML-SP-Select-Message-Delivery-Option

Enter the User pool name. Select Other from Initial app client. Enter the App client name and then click on the Next button.

Verify the required information, scroll down and click on the Create user pool button.
Now search for the created user pool and click on it.

AWS-Cognito-SAML-SP-Select-Created-UserPool

Navigate to the Sign-in experience tab.

AWS-Cognito-SAML-SP-Navigate-to-Sign-In-Experience

Click on Add identity provider button.

AWS-Cognito-SAML-SP-Click-Add-Identity-Providers

Select SAML.

Enter the Provider name and upload the IdP metadata file that you downloaded from Drupal site.

AWS-Cognito-SAML-SP-Enter-Drupal-Metadata

Enter the SAML attribute in which the email of the user is received and click on the Add identity provider button.

AWS-Cognito-SAML-SP-Select-SAML-Attribute

Navigate to the App integration section.

AWS-Cognito-SAML-SP-Click-App-Integeration

Under the Actions dropdown click on Create Cognito domain.

AWS-Cognito-SAML-SP-Click-Create-Cognito-Domain

Enter the Cognito domain name as per your choice and click on Create Cognito domain button.

AWS-Cognito-SAML-SP-Enter-Custom-Domain-Name

Configuring Drupal as SAML Identity Provider (IdP):

Navigate to the Drupal site and switch to the Service Provider Setup tab of the module. Enter the Application name under the Service Provider Name text field. For example, AWS.
Enter the ACS URL. The ACS URL under Service Provider Setup tab in this format:
https://Your user pool domain/saml2/idpresponse

Drupal-Single-Sign-On-Paste-the-SP-ACS-URL

In AWS Cognito -> User pools -> Application name (which you have created on AWS) -> under User pool overview and then get your User pool ID. Keep it handy. Usually, the Entity Id is in the format:
urn:amazon:cognito:sp:<yourUserPoolID>

In Drupal's Service Provider Setup tab, paste the previously copied Entity Id into the SP Entity ID or Issuer text field.

Scroll down and click on the Save Configuration button.

You have successfully configured the SAML SSO between AWS Cognito as SAML SP and Drupal as SAML IDP.

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.

Single Sign On

SAML Service Provider

OAuth/OpenId Connect Client (SSO)

Social Login Social Sharing

Headless Single Sign-On

SAML Identity Provider

OAuth/OpenId Connect Server

Login using YourMembership

Auto Login and Register using JWT

Multi-Factor Authentication (MFA)

Two Factor Authentication

WooCommerce Password Reset Over OTP

OTP Over Phone Call

Bulk SMS/WhatsApp Notification

OTP Verification

Limit OTP Request

Receive OTP and Notifications on WhatsApp

LDAP/Active Directory Integrations

LDAP/Active Directory Integration for WordPress

WP Staff/Employee Search Directory for Active Directory

LDAP/AD Integration for Cloud & Shared Hosted WordPress

Forms Integration with Active Directory for WordPress

Office365 Integration

SharePoint WordPress

PowerBI WordPress Integration

Outlook and MS Teams Integration

Azure AD / Office 365 app Integrations

Dynamics CRM 365 WordPress Integration

WooCommerce Integration

WooCommerce Product Sync

WooCommerce Integrator

Dynamics CRM 365 WordPress Integration

Object Data Sync for Salesforce

Decentralised ID

Digital ID Login

Web3 WordPress Authentication

WordPress Web3 Suite

WordPress NFT Marketplace

WordPress Smart Contracts

Add-Ons

Page and Post Restriction

LearnDash Integrator

WooCommerce Integrator

SSO Login Audit

Paid Membership Pro integrator

Media Restriction

BuddyPress Integrator

WordPress Discord Integrator

Guest User Login

SCIM User Provisioning

MemberPress Integrator

SSO Session Management

Attribute based redirection

Other Plugins

REST API Authentication

Custom API for WordPress

WordPress Online Proctoring for LMS

No Code Automation

Object Data Sync for Salesforce

WP User Sync Integration for Third Party Apps

WP User and Login Management

Management tool for Web Agency

Single Sign On

SAML SSO

Crowd SSO

Kerberos / NTLM SSO

Helpdesk SSO Integration

OAuth/OpenID SSO

Git Authentication

Advance SSO Option

Help & Support

User Management

SCIM Provisioning

WORD/PDF Exporter

Project Config Manager

Bulk User Management

Centralized License Manager

Custom User Profile

Help & Support

Security