ADFS Single Sign On (SSO) for Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using ADFS within minutes.
Step 1: Configuring ADFS as Identity Provider (IdP)
- In ADFS, click on Add Relying Party Trust . Then click on Start .
- In Select Data Source: Select Enter data about the relying party manually. Click Next .
- In Specify Display name: Enter Display name . Click Next.
- In Choose Profile : Select AD FS profile. Click Next.
- In Configure Certificate: If you’re using a free Module, skip this step and click Next. If you’re using the premium Module, upload the certificate downloaded from the Module. Click Next.
- In Configure URL: Check Enable Support for the SAML 2.0 Web SSO Protocol and enter the ACS URL from the Module in Relying Party SAML 2.0 SSO service URL field. Click Next.
- Configure Identifiers: Enter the SP-Entity ID/Issuer URL from the Module in Relying Party Trust Identifier field. Click Add. Click Next
- In Configure Multi-factor Authentication: Select I do not want to configure multi factor authentication settings for this relying party trust. Click Next.
- In Choose Issuance Authorization Rules, select Permit all users to access this relying party. Click Next.
- In Ready to Add Trusts, select click Next.
- Check Open the Edit Claim Rules dialog and click close. Click Add rule and then select Send LDAP Attributes as Claims . Enter the following:
| Claim rule name
|| Enter claim rule name(Any). For example: Attributes
| Attribute Store
|| Active Directory
| LDAP Attribute
| Outgoing Claim Type
|| Name ID
- Click on Finish button.
Step 2: Configuring Drupal as Service Provider (SP)
Step 3: Attribute Mapping. (It is Optional to fill this). This is Premium feature.
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your Identity Provider (IdP)and map them to Drupal user attributes like firstname, lastname etc.
- While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
- In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
||Name of the username attribute from IdP (Keep NameID by default)
||Name of the email attribute from IdP (Keep NameID by default)
||Name of the Role attribute from Identity Provider (IdP)
- You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.
Step 4: Role Mapping (It is Optional to fill this). This is Premium feature.
- Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
- While auto registering, the users are assigned roles based on the group they are mapped to.
Step 5: Sign In Setting. This is Premium feature.
- Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider,auto-create user and Backdoor Login. To use these features, click on the respective checkboxes.
If you don't find what you are looking for, please contact us at firstname.lastname@example.org or call us at +1 978 658 9387.