SAML Single Sign On (SSO) into Drupal using PingOne as IDP


Drupal SAML PingOne SSO ( Single Sign-on ) setup will allow your user to login to your Drupal site using their PingOne Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-on for Drupal. This module is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML SP 2.0 Single Sign on (SSO) - SAML Service Provider module which is compatible with Drupal 7, Drupal 8 and Drupal 9. Here we will go through a guide to configure SAML SSO between Drupal and PingOne Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.

If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal SAML Single Sign on - Service Provider SSO Login module.

Features and Pricing

Know more about Drupal SAML Single Sign On - Service Provider module from here.

Pre-requisites: Download

You can download the SAML Single Sign On - Service Provider module from here.

1. Install Drupal SAML SP 2.0 Single Sign On (SSO) module

    1.1. Using Composer:

    • Composer require drupal/miniorange_saml
    • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
    • Enable the module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.2. Using Drush:

    • Download the module:
      drush dl drupal/miniorange_saml
    • Install the module:
      drush en drupal/miniorange_saml
    • Clear the cache:
       drush cr
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.3. Manual installation:

    • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
    • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
    • Click on Enable newly added modules.
    • Enable this module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

Steps to configure PingOne SAML Single Sign-On ( SSO ) Login into Drupal site

1. Setup Drupal as Service Provider

  • In the miniOrange SAML Service Provider module, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID / Issure, SP ACS URL (AssertionConsumerService) and X.509 Certificate which are required to configure the Identity Provider ( PingOne ), Copy it and keep it handy.
  • Drupal SAML Service Provider - copy the sp entity id or issue, acs url, saml login url and certificate form service provider metadata tab
  • You can provide metadata to your IDP. This can be accomplished in two ways:
    • You are given a metadata URL that you can provide directly to your IdP.
    • You can Download XML Metadata file and upload it on your Identity Provider ( PingOne ).
    • Drupal SAML Service Provider - copy the sp metadata url and download xml metadata
  • In the miniOrage SAML Service Provider module, go to Service Provider Setup tab of the module. There are two way to configure Drupal SAML Service Provider SSO module:
    • A. By Uploading IDP Metadata
    • Click on Upload IDP Metadata link.
    • Click on Upload Metadata File and click on Upload File to fetch your information.
    • You can either Upload Metadata URLand click on Fetch Metadata button.
    • Drupal SAML Service Provider - upload idp metadata
      B. Manual Configuartion
    • Provide the required settings (i.e. Identity Provider Name, Idp Entity ID or Issuer, SAML Login URL and X.509 Certificate ) find to your Identity Provider PingOne and click on Save Configuration button to save your configuration.
    • Identity Provider Name Enter name of Identity Provider
      Idp Entity ID or Issuer Copy Idp Entity ID / Issuer from PingOne Dashboard and paste it.
      SAML Login URL Copy Single Sign On URL from PingOne Dashboard and paste it.
      X.509 Certificate Copy and Download Signing certificate from PingOne Dashboard and paste it.
      Drupal SAML Service Provider - Manual configuartion

3. Setup PingOne as Identity Provider

miniorange img Configure PingOne as IdP

    All the information required to configure the PingOne i.e. module’s metadata is given in the Service Provider Metadata tab of the Drupal module.

  • Login to your PingOne environment as the administrator. Click on your ProfileAdmin.
  • Go to ApplicationsAdd ApplicationNew SAML Application.
  • Enter the application details and click Continue to Next Step. Application Name, Application Description, and Category are required fields. For logos and icons, PNG is the only supported graphics format.
  • drupal saml sp-addapplication

miniOrange image Provide the SAML configuration details for the application.


    1. Signing: In the dropdown list, select the signing certificate you want to use.

    2. SAML Metadata: Click Download to retrieve the SAML metadata for PingOne. This supplies the Ping    One connection information to the application.

    3. Protocol Version: Select the SAML protocol version appropriate for your application.

    4. Upload Metadata: There are 3 ways to provide service provider metadata to PingOne

      Method 1:

      • Click on use URL
      • Enter Service provider metadata URL from Service provider setup tab of miniOrange module.
      Method 2:

      • Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you.
      Method 3:

      • Go to Service Provider Metadata tab of miniOrange module. You can find ACS URL, Entity ID, Single logout URL. you will need to enter this information manually.

    5. Single Logout Endpoint. The URL to which our service will send the SAML Single Logout (SLO) request    using the Single Logout Binding Type that you select).

    6. Single Logout Response Endpoint. The URL to which your service will send the SLO Response.

    7. Single Logout Binding Type. Select the binding type (Redirect or POST) to use for SLO.

    8. Primary Verification Certificate. Click Choose File to upload the primary public verification certificate    to use for verifying the SP signatures on SLO requests and responses.

    9. Signing Algorithm. Use the default value or select the algorithm to use from the dropdown list.

      miniOrange image Optional:

        I. Encrypt Assertion. If selected, the assertions PingOne sends to the SP for the application will   be encrypted.

        II. Encryption Certificate: Upload the certificate from Drupal module to use to encrypt the    assertions.

        III. Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We    recommend AES_256 (the default), but you can select AES_128 instead.

        IV. Transport Algorithm: The algorithm used for securely transporting the encryption key.    Currently, RSA-OAEP is the only transport algorithm supported.

        V. Force Re-authentication. If selected, users having a current, active SSO session will be    re- authenticated by the identity bridge to establish a connection to this application.

  • Click Continue to Next Step. The SSO Attribute Mapping page is displayed.
  • drupal saml sp-ping one saml configuration
  • In the Attribute Mapping, Modify or add any attribute mappings as necessary for the application.
  • ping one sso-3
  • The summary information for the application configuration is then displayed on a new page and the new SAML application is added to your My Applications list.

You have successfully configured PingOne as SAML IdP (Identity Provider) for achieving PingOne SSO login into your Drupal Site.


Conclusion

In this Guide, you have successfully configured PingOne SAML Single Sign-On ( PingOne Login ) choosing PingOne as IdP and Drupal as SP using miniOrange SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider Login module. This solution ensures that you are ready to roll out secure access to your Drupal site using PingOne login credentials within secound.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP Single Sign On (SSO) module.

Additional Resources

Our Other modules

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com