Search Results :

×

Contents

SAML Single Sign-On (SSO) into Drupal using PingFederate as IdP

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between PingFederate and the Drupal site. The users will be able to log in to the Drupal site using their PingFederate credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and PingFederate as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10 and Drupal 11.

free trial plugin Playground plugin pricing button schedule meeting button Schedule a Meeting
  • Download the module: 
    Composer require 'drupal/miniorange_saml'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Install the module: 
    drush en drupal/miniorange_saml
  • Clear the cache: 
     drush cr
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Go to ConfigurationPeopleSAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)
Drupal SAML SP - select miniOrange SAML Login Configuration
  • Under the Service Provider Metadata tab, copy the metadata URL by clicking the Copy button. (This is required to configure IdP.)
Drupal SAML SP - Copy SP Metadata URL
  • Login to your PingFederate User Admin dashboard.
  • Click on the Identity Provider in the left navigation menu.
  • Under SP CONNECTION, click on Create New button.
Drupal-saml-sp-new-connection

  • Select the Browser SSO Profiles connection template on the Connection Type tab and click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso connection type

  • Select Browser SSO on the Connection Options tab and click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso connection opentions

  • Select File as the method for importing metadata and click Choose file to choose the miniOrange SSO plugin’s metadata on the Import Metadata tab. Click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso import metadata

  • Review the information on the Metadata Summary tab and click Next.
  • In the General Info tab ensure that the Service Provider’s Entity ID, Connection Name, and Base URL fields pre-populate based on the metadata. Click Next.
  • Navigate to the Browser SSO tab and click on the Configure Browser SSO. You will be redirected to Browser SSO Setup wizard.
  • Select the IdP-Initiated SSO and SP-Initiated SSO options on the SAML Profiles tab and click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso sp-initiated SSO

  • Enter your desired assertion validity time from on the Assertion Lifetime tab and click Next. By default, it is configured 5 minutes for both.
  • Navigate to the Assertion Creation and click on the Configure Assertion Creation. You will be redirected to the assertion creation setup wizard.
  • In the Identity Mapping tab select STANDARD and click Next.
  • Select a Subject Name Format for the SAML_SUBJECT on the Attribute Contract tab and click Next.
  • Click Map New Adapter Instance on the Authentication Source Mapping.
Drupal SAML Single Sign On (SSO) pingfederate sso source mapping

  • Select an Adapter Instance and click Next. The adapter must include the user’s email address.
Drupal SAML Single Sign On (SSO) pingfederate sso adapter instanse

  • Select the Use only the adapter contract values in the SAML assertion option on the Mapping Method tab and click Next.
  • Select your adapter instance as the Source and the email as the Value on the Attribute Contract Fulfilment tab and click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso attribute value

  • (Optional) Select any authorization conditions you would like on the Issuance Criteria tab and click Next.
  • Click Done on the Summary.
  • Click Next on the Authentication Source Mapping tab.
  • Click Done on the Summary tab.
  • Click Next on the Assertion Creation
  • Navigate to the Protocol Settings tab of the Browser SSO wizard and click on the Configure Protocol settings.
Drupal SAML Single Sign On (SSO) pingfederate sso endpoints

  • Select POST on the Allowable SAML Bindings tab and click Next.
  • Select your desired signature policies for assertions on the Signature Policy tab and click Next.
Drupal SAML Single Sign On (SSO) pingfederate sso signature policy

  • Select your desired encryption policy for assertions on the Encryption Policy tab and click Next.
  • Done on the Protocol Settings Summary tab.
  • Click Done on the Browser SSO Summary.
  • Navigate to the Credentials and click on the Configure Credentials. You will be redirected to the Credentials setup wizard.
  • Select the Signing Certificate to use with the Single Sign-On service and select Include the certificate in the signature element in the Digital Signature Settings tab. Click Done.
Drupal SAML Single Sign On (SSO) pingfederate sso single sign on services

  • Click Done on the Summary.
  • Click Next on the Credentials.
  • Select Active for the Connection Status on the Activation & Summary tab and click Save.
  • Now, navigate to the Ping Federate User Admin dashboardè Identity Provide.
  • Click Manage All under SP Connections.
  • Click Export Metadata for the desired service provider connection.
  • Click Export on the Export & Summary tab and click Done.
  • Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata.
  • Paste the previously copied Metadata Url (from PingFederate) into the Upload Metadata URL text field.
  • Click on the Fetch Metadata button.
Paste-the-Federation-Metadata-URL-into-the-Upload-Metadata-URL
Note and Contact Us - SSO between two WordPress sites

Note: To update Identity Provider Name, follow these steps:

  • Under Action, select the Edit.
  • Enter PingFederate in the Identity Provider Name text field.
  • Scroll down and click on the Save Configuration button.
  • Click on the Test link to test the connection between Drupal and PingFederate.
Click-on-Test-link-to-verify-the-connection-between-drupal-and-azure
  • On a Test Configuration popup, you will be prompted to sign in to PingFederate if you don't have an active session in the same browser. After successfully logging in to PingFederate, you will be provided with a list of attributes received from PingFederate.
drupal saml Single Sign On as SP - click on Done button

Congratulations! you have successfully configure PingFederate as SAML Identity Provider (IdP) and Drupal as SAML Service Provider.

  • Open a new browser/private window and navigate to the Drupal site login page.
  • Click the Login using Identity Provider (PingFederate) link.
  • You will be redirected to the Microsoft Entra ID login page. Enter the PingFederate credentials. After successful authentication, the user will be redirected back to the Drupal site.
24x7 Support

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.

 Contact us
Case Study

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more
Other Solutions

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.

 Know More

[MO_CONTACT_US]
ADFS_sso ×
Hello there!

Need Help? We are right here!
support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com