Guide for Drupal Single Sign On (SSO) using ADFS as Identity Provider (IdP)
ADFS Single Sign On (SSO) for Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using ADFS within minutes.
Step 1: Configuring ADFS as Identity Provider (IdP)
- In ADFS, click on Add Relying Party Trust . Then click on Start .
- In Select Data Source: Select Enter data about the relying party manually. Click Next .
- In Specify Display name: Enter Display name . Click Next.
- In Choose Profile : Select AD FS profile. Click Next.
- In Configure Certificate: If you’re using a free Module, skip this step and click Next. If you’re using the premium Module, upload the certificate downloaded from the Module. Click Next.
- In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the Module in Relying Party SAML 2.0 SSO service URL field. Click Next.
- Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the Module in Relying Party Trust Identifier field. Click Add. Click Next
- In Configure Multi-factor Authentication: Select I do not want to configure multi factor authentication settings for this relying party trust. Click Next.
- In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
- In Ready to Add Trusts, select click Next.
- Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims . Enter the following:
Claim rule name Enter claim rule name(Any). For example: Attributes Attribute Store Active Directory LDAP Attribute E-Mail-Addresses Outgoing Claim Type Name ID - Click on Finish button.
Step 2: Configuring Drupal as Service Provider (SP)
- In Drupal SAML Module, go to Service Provider Setup tab. There are two ways to configure the Module:
- Click on Upload IDP Metadata.
- Upload metadata file and click on Upload.
- Click on Upload IDP Metadata.
- Enter Metadata URL and click on Fetch Metadata.
- You can provide this metadata url https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml
- If you want Single logout then follow these steps:
- Navigate to Relying Party Trusts => Properties
- Navigate to Endpoints => Add SAML
- Select SAML Logout from Endpoint type dropdown.
- Enter ACS URL in Trusted URL textfield and SAML Logout URL in Response URL textfield then click on OK button.
By Uploading ADFS Metadata File :
By ADFS Metadata URL :
Step 3: Attribute Mapping. (It is Optional to fill this). This is Premium feature.
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your Identity Provider (IdP)and map them to Drupal user attributes like firstname, lastname etc.
- While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
- In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
Username: Name of the username attribute from IdP (Keep NameID by default) Email: Name of the email attribute from IdP (Keep NameID by default) Group/Role Key: Name of the Role attribute from Identity Provider (IdP) - You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.
Step 4: Role Mapping (It is Optional to fill this). This is Premium feature.
- Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
- While auto registering, the users are assigned roles based on the group they are mapped to.
Step 5: Sign In Setting. This is Premium feature.
- Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider,auto-create user and Backdoor Login. To use these features, click on the respective checkboxes.
×
![ADFS_sso]()
If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.