Guide for Drupal Single Sign On (SSO) using ADFS as Identity Provider (IdP)
ADFS Single Sign On (SSO) for Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using ADFS within minutes.
Step 1: Configuring ADFS as Identity Provider (IdP)
- In ADFS, click on Add Relying Party Trust . Then click on Start .
- In Select Data Source: Select Enter data about the relying party manually. Click Next .
- In Specify Display name: Enter Display name . Click Next.
- In Choose Profile : Select AD FS profile. Click Next.
- In Configure Certificate: If you’re using a free Module, skip this step and click Next. If you’re using the premium Module, upload the certificate downloaded from the Module. Click Next.
- In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the Module in Relying Party SAML 2.0 SSO service URL field. Click Next.
- Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the Module in Relying Party Trust Identifier field. Click Add. Click Next
- In Configure Multi-factor Authentication: Select I do not want to configure multi factor authentication settings for this relying party trust. Click Next.
- In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
- In Ready to Add Trusts, select click Next.
- Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims . Enter the following:
- Click on Finish button.
| Claim rule name | Enter claim rule name(Any). For example: Attributes |
| Attribute Store | Active Directory |
| LDAP Attribute | E-Mail-Addresses |
| Outgoing Claim Type | Name ID |
Step 2: Configuring Drupal as Service Provider (SP)
- In Drupal SAML Module, go to Service Provider Setup tab. There are two ways to configure the Module:
- Click on Upload IDP Metadata.
- Upload metadata file and click on Upload.
- Click on Upload IDP Metadata.
- Enter Metadata URL and click on Fetch Metadata.
- You can provide this metadata url https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml
- If you want Single logout then follow these steps:
- Navigate to Relying Party Trusts => Properties
- Navigate to Endpoints => Add SAML
- Select SAML Logout from Endpoint type dropdown.
- Enter ACS URL in Trusted URL textfield and SAML Logout URL in Response URL textfield then click on OK button.
By Uploading ADFS Metadata File :
By ADFS Metadata URL :
Step 3: Attribute Mapping. (It is Optional to fill this). This is Premium feature.
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your Identity Provider (IdP)and map them to Drupal user attributes like firstname, lastname etc.
- While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
- In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
- You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.
| Username: | Name of the username attribute from IdP (Keep NameID by default) |
| Email: | Name of the email attribute from IdP (Keep NameID by default) |
| Group/Role Key: | Name of the Role attribute from Identity Provider (IdP) |
Step 4: Role Mapping (It is Optional to fill this). This is Premium feature.
- Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
- While auto registering, the users are assigned roles based on the group they are mapped to.
Step 5: Sign In Setting. This is Premium feature.
- Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider and Backdoor Login. To use these features, click on the respective checkboxes.
×
![ADFS_sso]()
If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.