AWS SAML Single Sign On (SSO) Integration using Drupal as IDP

AWS SAML Single Sign On (SSO) Integration using Drupal as IDP


AWS SSO Login integration with Drupal - AWS Cognito login using Drupal Credentials ( IDP ) will allow your users to login into AWS Cognito using their Drupal credentials. This SSO integration can be achieved by using our Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module that is compatible with Drupal 7, Drupal 8, and as well as Drupal 9.
Here we will go through a step-by-step guide to configure SAML IDP SSO login between Drupal site and AWS Cognito by considering AWS Cognito as SP ( Service Provider ) and Drupal as IDP ( Identity Provider )

If you have any doubts or queries, you can contact us at drupalsupport@xecurify.com. We will help you to configure the module. If you want, we can also schedule an online meeting to help you configure the Drupal SAML IDP Single Sign on (SSO) module.


Pre-requisite: Download and Installation 


  • For Window:
    composer require drupal/miniorange_saml_idp
  • For Linux:
    composer require 'drupal/miniorange_saml_idp'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Download the module:
    drush dl miniorange_saml_idp
  • Install the module:
    drush en miniorange_saml_idp
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup

Steps to configure AWS Cognito SAML Single Sign-On (SSO) Login into Drupal site

1. Download Metadata XML file from Drupal:

  • Go to IDP Metadata tab. Click on Download XML Metadata button. Keep this XML file to configure your SP.
  • AWS Cognito as SP and Drupal as IDP,Download Metadata

2. Configure AWS Cognito Service Provider:

  • First of all, go to Cognito Console and sign up/login in your account to Configure AWS Cognito.
  • Go to Services > Security, Identity, & Compliance > Cognito.
  • AWS Cognito as SP and Drupal as IDP,Cognito console
  • Click Manage User Pools, then Create a user pool.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
    AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • Enter a name for the Pool Name. Click Review Defaults, then Create Pool .
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • After creating a pool keep the Pool ID handy or you can note down so that it will help to configure your IdP.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • On the left pane, click on Domain Name under App Integration. Enter an available domain prefix, then save it. Keep this Domain it will require in ACS URL to configure your IDP.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • On the left pane, click on Identity provider under Federation. Then Selct SAML
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • Upload the downloaded in step-1 Drupal IDP metadata file, name it, then click Create Provider.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • Under Federation, select Attribute mapping .
  • Add this
     http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress 
    attribute in SAML attribute text field and select User Pool Attribute as Email.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • Click Save changes.

3. Configuring Drupal as Identity Provider (IDP):

  • In Drupal SAML IDP Module, go to Service Provider tab.
  • In the SP Entity ID field, enter urn:amazon:cognito:sp:(YourUserPoolId) and add your user pool id which you have already copied above while creating the pool.
  • Replace "yourUserPoolId" with your Amazon Cognito user pool ID.
  • To find the User Pool ID:
    • Log in to the AWS Management Console as an administrator.
    • Go to Services > Security, Identity, & Compliance, then select Cognito.
    • Select Manage User Pools, then the user pool you want to use in the configuration.
    • Find Pool Id at the top of the list.
  • In the ACS URL field, enter the following URL:
    https://YourSubdomain.amazoncognito.com/saml2/idpresponse
    and save it.
  • Please replace YourSubdomain with which you have created in the above step.
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • To find YourSubdomain
  • Click on Domain Name under App Integration
  • Copy the whole URL and replace it with YourSubdomain in the ACS URL (please remove all the whitespaces here).
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • Enable the Assertion Sign checkbox to sign the assertion and click on the Save button.

4. Configure App Client in AWS Cognito:

  • Now click on the App Clients under General Settings. Click on Add an App Client.
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • Enter App client name. For eg. Drupal IdP. Disable the Generate client secret checkbox and click on the Create App Client button at the bottom.
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • Now click on the App Client settings under App Integration at the left pane.
  • Enable Select all checkbox, enter Callback URL(s) and Sign out URL(s).
  • Select Implicit Grant under Allowed OAuth Flows.
  • Now Enable email and openid checkbox under Allowed OAuth Scopes and click on Save Changes button at the bottom right corner.
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • Now click on Launch Hosted UI at the bottom to perform SSO.
  • AWS Cognito as SP and Drupal as IDP, Drupal SP Cofiguration
  • You can also use the following SSO URL for perform the SSO.
    https://(domain_prefix).auth.(region).amazoncognito.com/login?
    response_type=token&client_id=(app client id)&redirect_uri=(your redirect URI)
  • Now you have successfully configured miniOrange Drupal SAML IDP with AWS Cognito as SP.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML IDP Single Sign-On module.

Free Trial:

If you would like to test out the module to ensure your business use case is fulfilled, we do provide a 7-day trial. Please drop us an email at drupalsupport@xecurify.com requesting a trial. You can create an account with us using this link.

Additional Resources

Our Other modules:

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com