Drupal AWS SSO | Login into AWS Using Drupal as IDP
Drupal AWS SSO Integration will allow you to configure Single Sign-On ( SSO ) login between your Drupal site and AWS. Drupal as IdP SAML SSO module acts as a SAML 2.0 Identity Provider which can be configured to establish the trust between the module and AWS as Service Provider (SP) to securely authenticate users using Drupal credentials.
This Drupal AWS SSO setup will also help you to manage your users in one single place. We provide the Drupal SAML Identity Provider - SAML 2.0 IDP Single Sign-On module for Drupal 7, Drupal 8, and Drupal 9. Here, we will go through a step-by-step guide to configure SAML IDP SSO login between the Drupal website as IDP ( Identity Provider ) and AWS as SP ( Service Provider ).
If you have any doubts or queries, you can contact us at firstname.lastname@example.org. We will help you to configure the module. We will help you to configure the module. If you want, we can also schedule an online meeting to help you configure the Drupal SAML SSO module.
Click on Services Tab. Under Security, Identity & Compliances click on IAM (Identity and Access Management).
From the left-hand side list, click on Identity Providers and then click on Create Provider button in the right section.
In the Configure Provider, select SAML as Provider type from the drop-down list and enter any Provider Name. (e.g miniOrange/Drupal)
Click on Choose File and choose the metadata file that you have downloaded from above step, then click on Next Step.
In the next screen, you will be shown your entered provider information. Verify it and click on the Create button. The SAML Provider is created and it should be listed in the Provider table.
Now click on Roles from the left-hand side list and then click on Create role button and click on SAML 2.0 federation tab.
Under Choose SAML 2.0 Provider, select the SAML Provider that you have created previously i.e miniOrange.
After that, choose Allow programmatic access only radio option and select SAML:aud option from the Attribute drop-down list.
Enter the value as https://signin.aws.amazon.com/saml then, click on Next: Permissions button.
Check the Policy Name AmazonEC2ReadOnlyAccess and click on Next: Tags button.
Then, skip Step Add Tags (Optional) by clicking on Next:Preview button.
In the next step, enter Role name and click on Create Role button then select your created role name.
In the Summary section, click on the Trusted relationship tab and copy Role ARN and Trusted Entities value.
Keep the values with you in comma separated format. For example- [arn:aws:iam::656620318436:role/SSORole,arn:aws:iam::656620318436:saml-provider/miniOrange]
2. Configure Drupal as Identity Provider
In the IDP Metadata, Copy the IDP Entity ID/Issuer and SAML Login URL and Keep it handy.
In the Service Provoder Setup tab, you can enter the name of Service Provider as AWS (AWS as SAML SP).
Navigate to the Service Provider Setup tab of the miniOrange SAML Identity Provider module on your Drupal site. There are two way to configure your Identity Provider ( Drupal as SAML Idp ):
A. By Uploading SP metadata:
Click on UPLOAD SP METADATA link.
You can either Upload Metadata File and click on Upload button or use a Upload Metadata URL and click on Fetch Metadata.
B. Manual Configuration:
Navigate to Service Provider Setup tab of the miniOrange Drupal IDP module.
Provide the required settings (i.e. Service Provider Name, SP Entity ID or Issuer, ACS (Assertion Consumer Service) URL, X.509 Certificate (Optional)) as provided by your Service Provider AWS ( AWS as SP ).
Service Provider Name
SP Entity ID or Issuer
You can get the SP Entity ID or Issuer from the metadata (https://signin.aws.amazon.com/static/saml-metadata.xml). You will find the value in the first line against entityID. It is set to urn:amazon:webservices but may vary for non-US regions.
https://signin.aws.amazon.com/saml. This might vary for non-US regions in which case you would find it in metadata ( https://signin.aws.amazon.com/static/saml-metadata.xml) as Location attribute of AssertionConsumerService.
Click on the Save Configuration button to save your configuration. Then click on Test Configuration button to test your configuration.
24*7 Active Support
If you face any issues or if you have any questions, please feel free to reach out to us at email@example.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you.
Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML IDP SSO Login module.
If you would like to test out the module to ensure your business use case is fulfilled, we do provide a 7-day trial. Please drop us an email at firstname.lastname@example.org requesting a trial. You can create an account with us using this link.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.