Guide for Drupal Single Sign On (SSO) using ADFS as Identity Provider (IdP)


ADFS Single Sign On (SSO) for Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using ADFS within minutes.

Step 1: Configuring ADFS as Identity Provider (IdP)

  • In ADFS, click on Add Relying Party Trust . Then click on Start .
  • ADFS_sso ADFS_sso
  • In Select Data Source: Select Enter data about the relying party manually. Click Next .
  • ADFS_sso
  • In Specify Display name: Enter Display name . Click Next.
  • In Choose Profile : Select AD FS profile. Click Next.
  • In Configure Certificate: If you’re using a free Module, skip this step and click Next. If you’re using the premium Module, upload the certificate downloaded from the Module. Click Next.
  • In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the Module in Relying Party SAML 2.0 SSO service URL field. Click Next.
  • ADFS_sso
  • Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the Module in Relying Party Trust Identifier field. Click Add. Click Next
  • ADFS_sso
  • In Configure Multi-factor Authentication: Select I do not want to configure multi factor authentication settings for this relying party trust. Click Next.
  • In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
  • In Ready to Add Trusts, select click Next.
  • Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims . Enter the following:
    Claim rule name Enter claim rule name(Any). For example: Attributes
    Attribute Store Active Directory
    LDAP Attribute E-Mail-Addresses
    Outgoing Claim Type Name ID
  • Click on Finish button.
  • ADFS_sso

Step 2: Configuring Drupal as Service Provider (SP)

  • In Drupal SAML Module, go to Service Provider Setup tab. There are two ways to configure the Module:
    • ADFS_sso By Uploading ADFS Metadata File :

      • Click on Upload IDP Metadata.
      • Upload metadata file and click on Upload.

      ADFS_sso By ADFS Metadata URL :

      • Click on Upload IDP Metadata.
      • Enter Metadata URL and click on Fetch Metadata.
      • You can provide this metadata url https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml
    • If you want Single logout then follow these steps:
    • Navigate to Relying Party Trusts => Properties
    • Unable to load Image
    • Navigate to Endpoints => Add SAML
    • Unable to load Image
    • Select SAML Logout from Endpoint type dropdown.
    • Enter ACS URL in Trusted URL textfield and SAML Logout URL in Response URL textfield then click on OK button.
    • Unable to load Image

Step 3: Attribute Mapping. (It is Optional to fill this). This is Premium feature.

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your Identity Provider (IdP)and map them to Drupal user attributes like firstname, lastname etc.
  • While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
  • In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
    Username: Name of the username attribute from IdP (Keep NameID by default)
    Email: Name of the email attribute from IdP (Keep NameID by default)
    Group/Role Key: Name of the Role attribute from Identity Provider (IdP)
  • drupal saml sp attribute mapping
  • You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.

Step 4: Role Mapping (It is Optional to fill this). This is Premium feature.

  • Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
  • Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
  • While auto registering, the users are assigned roles based on the group they are mapped to.
  • drupal saml sp role mapping

Step 5: Sign In Setting. This is Premium feature.

  • Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider,auto-create user and Backdoor Login. To use these features, click on the respective checkboxes.
  • drupal saml sp sign in settings

Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.