Drupal SAML jboss keycloak SSO | SAML SSO Into Drupal Using keycloak
Drupal SAML JBoss keycloak SSO setup will allow your user to login to your Drupal site using their JBoss keycloak Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. Drupal module is compatible with all SAML Identity Providers. Here we will go through a guide to configure SAML SSO between Drupal and JBoss keycloak . By the end of this guide, users from JBoss keycloak should be able to login into the Drupal site, you can download module click here
Step 1: Configuring Jboss keycloak as Identity Provider (IdP)
- In your Keycloak admin console, select the realm that you want to use.
- Click on the Clients from the left navigation bar.
- Click on create button at the top right corner and enter the following values to create a new client/application.
Client ID SP-EntityID/Issuer from Service Provider Metadata Client protocol SAML Client SAML Endpoint (optional) The ACS (Assertion Consumer Service) URL from Service Provider Metadata - Click on Save.
- Configure the following:
Client ID The SP-EntityID / Issuer from Service Provider Metadata Name Provide a name for this client (Eg. Drupal) Description (optional) Provide a description Enabled ON Consent Required OFF Client Protocol SAML Include AuthnStatement NO Sign Documents NO Optimize Redirect signing key lookup OFF Sign Assertions NO Signature Algorithm RSA_SHA256 Encrypt Assertion OFF Client Signature Required OFF Client Signature Required EXCLUSIVE Force Name ID Format NO Name ID Format Email Root URL Leave empty or Base URL of Service Provider Valid Redirect URIs The ACS (Assertion Consumer Service) URL from Service Provider Metadata - Under Fine Grain SAML Endpoint Configuration, configure the following:
Assertion Consumer Service POST Binding URL The ACS (Assertion Consumer Service) URL from Service Provider Metadata Logout Service Redirect Binding URL The Single Logout URL from Service Provider Metadata - Click on Save.
Add Mappers
- Add the following attributes in the Mappers tab.
- Click on Add Built-in and add the following option.
Add User
- Click on the Users from the left nav bar.
- Add a new user/view all users.
- Enter the username, valid email address and check on User Enabled.
- Click on Save.
Step 2: Configuring Drupal as Service Provider(SP)
- Click on the Realm Settings from the left nav bar and open SAML 2.0 Identity Provider Metadata.
- Go to, https://<YOUR_DOMAIN>/auth/realms/{YOUR_REALM}/protocol/saml/descriptor.These will open an XML in the browser.
- In miniOrange’s Drupal SAML SP plugin, go to Service Provider Setup Tab. Enter the following values:
- Click on Save Configuration.
- Test the configuration after successful saving.
OR
| Identity Provider Name | Provide an Identity Provider name (For Example: Keycloak). |
| IdP Entity ID or Issuer | Search for the entityID from IDP Metadata.Enter the Value in the Entity ID textbox. |
| SAML Login URL | Search for SingleSignOnService Binding ”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” from IDP Metadata.Enter the location value in the SAML Login URL textbox. |
| SAML Logout URL (Optional) | Search for SingleLogoutService Binding”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” from IDP Metadata.Enter the location value in the SAML Login URL textbox. |
| X.509 Certificate (Optional) | Search for the X.509 Certificate from IDP Metadata.Enter the tag value in Certificate textbox. |
| Enable login with SAML | Checked |
| Signed SSO and SLO Requests | Unchecked |
Additional Resources
×
![centrify_sso_model]()
Our Other Module:
SAML SSO
|
SAML IDP
|
2FA
|
OAuth Client
|
LDAP/AD Login
|
OAuth Server
|
OTP Verification
|
Website Security
Website Security
If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.
Hello there!
Need Help? We are right here!
