Guide for Drupal Single Sign On (SSO) using PingOne as Identity Provider (IdP)

Download Module

Drupal SAML SP module gives the ability to enable SAML Single Sign-On for Drupal site. Drupal SAML SP module is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Drupal and PingFederate / PingOne. By the end of this guide, Ping One users should be able to log in and register to Drupal site.

Step 1: Setup PingOne as Identity Provider

    All the information required to configure the PingOne i.e. plugin’s metadata is given in the Service Provider Metadata tab of the miniOrange plugin.

  • Login to your PingOne environment as the administrator. Click on your ProfileAdmin.
  • Go to ApplicationsAdd ApplicationNew SAML Application.
  • Enter the application details and click Continue to Next Step. Application Name, Application Description, and Category are required fields. For logos and icons, PNG is the only supported graphics format.
    • pingone sso-1

miniorange img Provide the SAML configuration details for the application.


    1.Signing. In the dropdown list, select the signing certificate you want to use.

    2.SAML Metadata. Click Download to retrieve the SAML metadata for PingOne. This supplies the Ping    One connection information to the application.

    3.Protocol Version. Select the SAML protocol version appropriate for your application.

    4.Upload Metadata: There are 3 ways to provide service provider metadata to PingOne

      Method 1:

      • Click on use URL
      • Enter Service provider metadata URL from Service provider setup tab of miniOrange module.
      Method 2:

      • Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you.
      Method 3:

      • Go to Service Provider Metadata tab of miniOrange module. You can find ACS URL, Entity ID, Single logout URL. you will need to enter this information manually.

    5.Single Logout Endpoint. The URL to which our service will send the SAML Single Logout (SLO) request    using the Single Logout Binding Type that you select).

    6.Single Logout Response Endpoint. The URL to which your service will send the SLO Response.

    7.Single Logout Binding Type. Select the binding type (Redirect or POST) to use for SLO.

    8.Primary Verification Certificate. Click Choose File to upload the primary public verification certificate    to use for verifying the SP signatures on SLO requests and responses.

    9.Signing Algorithm. Use the default value or select the algorithm to use from the dropdown list.

       Optional:

        I.Encrypt Assertion. If selected, the assertions PingOne sends to the SP for the application will   be encrypted.

        II.Encryption Certificate: Upload the certificate from miniOrange plugin to use to encrypt the    assertions.

        III.Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We    recommend AES_256 (the default), but you can select AES_128 instead.

        IV.Transport Algorithm: The algorithm used for securely transporting the encryption key.    Currently, RSA-OAEP is the only transport algorithm supported.

        V.Force Re-authentication. If selected, users having a current, active SSO session will be    re- authenticated by the identity bridge to establish a connection to this application.

  • Click Continue to Next Step. The SSO Attribute Mapping page is displayed.
    • ping one sso-2/> <li>In the <strong>Attribute Mapping</strong>, Modify or add any attribute mappings as necessary for the application.</li> <img class=
  • The summary information for the application configuration is then displayed on a new page and the new SAML application is added to your My Applications list.

Step 2: Setup your Drupal site as Service provider

  • You can configure your IDP using one of these 3 methods:

      •  By Metadata URL:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Enter your metadata URL.
      • If your IDP changes certificates at intervals, you should select Update IDP settings by pinging metadata URL (We will store the metadata URL)
      • Click Fetch Metadata.
        • ping one sso-1

       By uploading Metadata XML file:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Click on Browse and select a metadata XML file.
      • Click Upload.
        • ping one sso-1

       Manual Configuration:

      • Go to Service Provider Setup tab and enter the following details.
        • Identity Provider Name: Enter your IdP name. For example : PingOne
        SAML Login URL: The SSO URL that you noted while configuring the Drupal site in PingOne.
        IdP Entity ID or Issuer: The Entity ID that you noted while configuring the Drupal site in PingOne.
        X.509 Certificate: Open the downloaded certificate in the Notepad. Copy/paste the entire content of the file here.
        ping one sso-1
    • Now click on Save Configuration.
    • You can Test Configuration By clicking on Test Configuration.

Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.