SSO Intregation between two Drupal sites using OAuth / OpenID Connect protocol
Overview
The Drupal OAuth/OIDC Server module enables Single Sign-On i.e. SSO between the Drupal site and any Client application that supports the OAuth or OpenID Connect protocol. Here, we go through the steps to configure the module. In this Integration one Drupal site acts as an Identity Provider and another will act as the client site i.e. users will be logging into the client site using their server site credentials.
Configuration Steps
Set up Drupal as an OAuth Client:
- The miniOrange OAuth Client module will be required on the Client Drupal Site. You can follow the steps mentioned in this setup guide.
- Once you have installed the miniOrange OAuth client module on the Client site, navigate to the Configuration tab and click on the miniOrange OAuth Client Configuration.
- From the Select Application dropdown select Custom OAuth 2.0 Provider.
- Enter the application name under the Display Name text field and the name you want to display on the login page link under the Login link on the login page text field.
- Copy the Callback/Redirect URL.
Create SSO Application in Drupal:
- Navigate to the Client site and paste the copied Client ID and Client Secret into the respective fields.
- Add the Endpoints as specified in the table below (You can also get the same from the Scope & Endpoints section of the Drupal site -> Configuration -> miniOrange OAuth server configuration -> OAuth Client):-
Scope | profile email openid |
---|---|
Authorize Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/authorize |
Access Token Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/token |
Get User Info Endpoint | {base_url_of_the_drupal_site}/mo/oauth2/userinfo |
- You can choose where to send the Client ID and Secret from the Header and Body of the request.
- Make sure the Enable Login with OAuth checkbox is checked and click on the Save Configuration button.
Test Connection
- Once the Test is successful you will be navigated to the Attribute Mapping section.
- From the Email Attribute dropdown select the attribute in which you have received the user’s email. Similarly for Username Attribute.
- Once done with the Attribute Mapping, click on the Save Configuration button.
Let’s see how it works:
- Open a new window/private browser and navigate to the login page of the Client Site.
- Click on the Login with Drupal button.
- Enter the Server site credentials and click on the Log in button.
You have successfully performed the SSO between 2 Drupal sites!
Need Assistance?
If you face any issues during the configuration or if you want some additional features, please contact us at drupalsupport@xecurify.com.