SAML Single Sign On (SSO) into Drupal using PingOne as IDP

Drupal SAML PingOne SSO setup will allow your user to login to your Drupal site using their PingOne Credentials. The Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. This module is compatible with all the SAML Identity Providers ( IDP ). Here we will go through a guide to configure SAML SSO between Drupal and PingOne IdP. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.

If you have any doubts or queries, you can contact us at We will help you to configure the module.

Step 1: Setup PingOne as Identity Provider

    All the information required to configure the PingOne i.e. plugin’s metadata is given in the Service Provider Metadata tab of the miniOrange plugin.

  • Login to your PingOne environment as the administrator. Click on your ProfileAdmin.
  • Go to ApplicationsAdd ApplicationNew SAML Application.
  • Enter the application details and click Continue to Next Step. Application Name, Application Description, and Category are required fields. For logos and icons, PNG is the only supported graphics format.
  • drupal saml sp-addapplication

miniOrange image Provide the SAML configuration details for the application.

    1.Signing. In the dropdown list, select the signing certificate you want to use.

    2.SAML Metadata. Click Download to retrieve the SAML metadata for PingOne. This supplies the Ping    One connection information to the application.

    3.Protocol Version. Select the SAML protocol version appropriate for your application.

    4.Upload Metadata: There are 3 ways to provide service provider metadata to PingOne

      Method 1:

      • Click on use URL
      • Enter Service provider metadata URL from Service provider setup tab of miniOrange module.
      Method 2:

      • Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you.
      Method 3:

      • Go to Service Provider Metadata tab of miniOrange module. You can find ACS URL, Entity ID, Single logout URL. you will need to enter this information manually.

    5.Single Logout Endpoint. The URL to which our service will send the SAML Single Logout (SLO) request    using the Single Logout Binding Type that you select).

    6.Single Logout Response Endpoint. The URL to which your service will send the SLO Response.

    7.Single Logout Binding Type. Select the binding type (Redirect or POST) to use for SLO.

    8.Primary Verification Certificate. Click Choose File to upload the primary public verification certificate    to use for verifying the SP signatures on SLO requests and responses.

    9.Signing Algorithm. Use the default value or select the algorithm to use from the dropdown list.

      miniOrange image Optional:

        I.Encrypt Assertion. If selected, the assertions PingOne sends to the SP for the application will   be encrypted.

        II.Encryption Certificate: Upload the certificate from miniOrange plugin to use to encrypt the    assertions.

        III.Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We    recommend AES_256 (the default), but you can select AES_128 instead.

        IV.Transport Algorithm: The algorithm used for securely transporting the encryption key.    Currently, RSA-OAEP is the only transport algorithm supported.

        V.Force Re-authentication. If selected, users having a current, active SSO session will be    re- authenticated by the identity bridge to establish a connection to this application.

  • Click Continue to Next Step. The SSO Attribute Mapping page is displayed.
  • drupal saml sp-ping one saml configuration
  • In the Attribute Mapping, Modify or add any attribute mappings as necessary for the application.
  • ping one sso-3
  • The summary information for the application configuration is then displayed on a new page and the new SAML application is added to your My Applications list.

Step 2: Setup your Drupal site as Service provider

  • You can configure your IDP using one of these 3 methods:
    • miniOrange image By Metadata URL:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Enter your metadata URL.
      • If your IDP changes certificates at intervals, you should select Update IDP settings by pinging metadata URL (We will store the metadata URL)
      • Click Fetch Metadata.
      • drupal saml sp-upload metadata

      miniOrange image By uploading Metadata XML file:

      • Enter Identity Provider Name.
      • Click on Upload Metadata URL in Service Provider Setup tab.
      • Click on Browse and select a metadata XML file.
      • Click Upload.
      • drupal saml sp-idp metadata/

      miniOrange image Manual Configuration:

      • Go to Service Provider Setup tab and enter the following details.
      • Identity Provider Name: Enter your IdP name. For example : PingOne
        SAML Login URL: The SSO URL that you noted while configuring the Drupal site in PingOne.
        IdP Entity ID or Issuer: The Entity ID that you noted while configuring the Drupal site in PingOne.
        X.509 Certificate: Open the downloaded certificate in the Notepad. Copy/paste the entire content of the file here.
        drupal saml sp- configure service provider
    • Now click on Save Configuration.
    • You can Test Configuration By clicking on Test Configuration.

Free Trial

If you don't find what you are looking for, please contact us at or call us at +1 978 658 9387.

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to