Drupal SAML Single Sign On using Salesforce as Identity Provider

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Salesforce and the Drupal site. The users will be able to log in to the Drupal site using their Salesforce credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Salesforce as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Drupal SAML SP Metadata:

• After installing the module on your Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)

• Copy the SP Entity ID/Issuer and the SP ACS URL from the tab. Keep it handy. (This is required to configure Salesforce as IdP.)

Configure SAML Single Sign-On Application in Salesforce:

• Log in to your Salesforce account.
• Click on the setting Icon in the top right corner. Click on Setup from the dropdown.

• Navigate to the Quick Find box from the left panel.
• Search for Identity Provider and click on it.

• Click on Enable Identity Provider button.

• Click on Save button.

• Click on the Download Metadata button. Keep the downloaded file handy. (This is needed to configure Drupal as SAML Service Provider.)
• Click on Service Providers are now created via Connected Apps. Click here link. You will be redirected to New Connected App configurations page.

• On the New Connected App, provide the following information.
• Basic Information:
• Enter the name of the Application in Connected App Name text field.
• Enter a valid email address in the Contact Email text field.

• Web App Settings:
• Check the Enable SAML checkbox and provide the required information into the corresponding text field from the Service Procider Metadata tab of the module referring below.

Salesforce SAML Field	Service Provider Information (Drupal)
Entity ID	SP Entity ID/Issuer
ACS URL	SP ACS URL
Subject Type	Username
Name ID Format	urn:oasis:names:tc:SAML:2.0:nameid-format:persistent


• Click on Save.

Assign User Profiles to Salesforce Application:

• Navigate to the Quick Find box from the left panel.
• Search for Manage Connected Apps and click on it.
• Select the Application that you have created on Salesforce. For, example Drupal.

• Scroll down to Profiles section and click on Manage Profiles button.

• Select the profiles you want to give access to login through this app. Click on the Save button.

Configure Drupal as SAML Service Provider:

• Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata.
• In the Upload Metadata File field, choose the XML metadata file that you downloaded from Salesforce. Click on the Upload File button.


Note: To update Identity Provider Name, follow these steps:

• Under Action, select the Edit.
• Enter Salesforce in the Identity Provider Name text field.
• Scroll down and click on the Save Configuration button.


• Click on the Test link to test the connection between Drupal and Salesforce.

• On a Test Configuration popup sign in using Salesforce credentials (if an active session is not present). After successful authentication, a list of attributes that are received from Salesforce will be displayed. Click on the Done.

Congratulations! you have successfully configure Salesforce as SAML Identity Provider (IdP) and Drupal as SAML Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (Salesforce) link.
• You will be redirected to the Salesforce login page. Enter the Salesforce credentials. After successful authentication, the user will be redirected back to the Drupal site.