Drupal SAML Single Sign On using OneLogin as Identity Provider

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Onelogin and the Drupal site. The users will be able to log in to the Drupal site using their Onelogin credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Onelogin as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Drupal SAML SP Metadata

• After installing the module on the Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)

• Copy the SP Entity ID/Issuer and the SP ACS URL in the Service Provider Metadata tab. Keep it handy. (This is required to configure OneLogin as Identity Provider (IdP)).

Configure SAML Single Sign-On Application in OneLogin:

• Log into OneLogin as Administrator console.
• Navigate to the Applications and select Applications from the dropdown.

• Click on the Add App button.

• Under the Find Applications, search for SAML Custom and click on the SAML Custom Connector (Advanced).

• On the Configuration tab, enter the app name in the Display Name text field. Click on Save.

• In the Application details section of the Configuration tab, enter the information from the module's Service Provider Metadata tab referring below.

  OneLogin SAML Field	Service Provider Information (Drupal)
  Audience (EntityID)	SP Entity ID/Issuer
  ACS (Consumer) URL	SP ACS URL
  ACS (Consumer) URL Validator	SP ACS URL


• Click on the Save
• Navigate to the Info of the created application from the left panel. From the More Actions dropdown on the top right corner, select SAML Metadata. Keep the downloaded file handy. (This will be required to configure Drupal as SAML Service Provider.)

Configure Drupal as SAML Service Provider:

• Go to your Drupal website. Navigate to the Service Provider Setup tab of the module and click on the Upload IdP Metadata.
• In the Upload Metadata File field, choose the SAML metadata file that you downloaded from OneLogin and click on the Upload File button.


Note: To alter your Identity Provider Name, follow these steps:

• Under Action, select the Edit.
• Enter Okta in the Identity Provider Name text field.
• Scroll down and click on the Save Configuration button.


• After successfully saving the configurations, click on the Test link

• On a Test Configuration popup sign in using OneLogincredentials (if an active session is not present). After successful authentication, a list of attributes that are received from OneLogin will be displayed. Click on the Done.

Congratulations! you have successfully configured OneLogin as SAML Identity Provider and Drupal as SAML Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (Onelogin) link.
• You will be redirected to the Onelogin login page. Enter the Onelogin credentials. After successful authentication, the user will be redirected back to the Drupal site.