ownCloud SAML Single Sign-On (SSO) Integration with Drupal as IdP
Overview
This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and ownCloud as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Installation Steps
- Using Composer
- Using Drush
- Manual Installation
About ownCloud:
- ownCloud is an open-source file hosting application that provides services for business and personal use. It is a flexible tool which manages file and data synchronization. It helps users to store files, folders, contacts, photo galleries, calendars and more on a server of your choice. It is a self-hosted file sync and share server that is all under your control. Content can be shared by defining granular read/write permissions between users and groups. To use the application effectively, you can be logged in into ownCloud using SSO. Single sign-on helps employees save time, prevents lost or forgotten passwords, and reduces the risk of password theft.
Challenge:
- To achieving Single Sign-On between Identity Provider (Drupal) and Service Provider ( ownCloud ) both need to supports SAML. ownCloud supports SAML connection, but it is supported in the ownCloud enterprise version. Single Sign-On users can log in to IdP based sites and gain access to ownCloud services. Identity Provider can manage the identity details of users and give the authorization to use the resources of the service provider.
Solution:
- The SAML IDP plugin makes SAML connection between Drupal and ownCloud. miniOrange SAML IDP Plugin is an authentication component that serves identity details to the service provider for on-premise, cloud, and mobile. SAML single sign-on (SSO) compliance makes it possible for users to authenticate through an identity provider when they log in to ownCloud applications. SAML SSO module acts as an Identity Provider which can be configured to build the trust between the module and ownCloud Service Provider. SAML exchanges security and identity-related information such as authorization and authentication. The user can easily log in to ownCloud using their Drupal credentials.
How miniOrange SAML module can work for ownCloud?:
Configuration Steps
SAML IDP Metadata from Drupal:
- After the successful module installation, navigate to the Configuration → People → Drupal SAML IDP Configuration.
- From the IDP Metadata tab, copy the IDP-Entity ID/Issuer and SAML Login URL. Optionally, download the Certificate (open in Notepad and copy). Keep these for configuring ownCloud as a SAML SP.
Configure ownCloud as Service Provider:
There are two ways to setup the ownCloud. You can either import the metadata url of the IdP or provide individual values required by the ownCloud from Drupal Identity Provider (module). You can find both under IDP METADATA tab in the module. Here is an example of setting up ownCloud as a Service Provider.
- Log in to your ownCloud’s Admin Console.
- Go to Security Settings.
- Under Security Settings go to Setup up single sign-on (SSO) settings.
- You will need to provide the following information in ownCloud from the plugin’s IDP METADATA Tab under the Setup SSO with Third party Identity Provider Section:
| Sign-in page URL | SAML Login URL from the IDP METADATA Tab. |
| Sign-out page URL | SAML Logout URL from the IDP METADATA Tab. |
| Verification Certificate | Upload the certificate from the IDP METADATA Tab |
Configuring Drupal as SAML Identity Provider (IdP):
- Head towards the Drupal site and navigate to the Service Provider Setup tab of the miniOrange SAML IDP module ( /admin/config/people/miniorange_saml_idp/sp_setup). (/admin/config/people/miniorange_saml_idp/sp_setup)
- Click on the Upload SP Metadata.
- Upload the metadata file downloaded from the ownCloud.
- Click on the Test button to test the SSO.
- If the Test is successful, a new window will appear in which you will be logged in to the ownCloud dashboard.
- Setup Multiple Applications (Service Provider) with Drupal
- Share additional User Attribute/Roles to the Service Provider
- Dynamic Relay State (The URL to which users are redirected after successful authentication)
- IDP initiated SSO
You have successfully configured the SAML SSO between ownCloud as SAML SP and Drupal as SAML IDP.
Additional Features:
Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.
