Drupal SAML Single Sign On using Keycloak as Identity Provider
The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Keycloak and the
Drupal site. The users will be able to log in to the Drupal site using their Keycloak credentials. This document
will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and
Keycloak as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10..
After installing the module on your Drupal site, in the Administration menu, navigate to
Configuration → People
→ miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)
Under the Service Provider Metadata tab, click on the Download XML Metadata button. (This is required to configure Keycloak as an Identity Provider).
Configure SAML Single Sign-On Application in Keycloak:
Log in to the Keycloak Admin console and select Create Realm.
Select Clients from the left navigation menu and click on the Import Client button.
Click on the Browse button and upload the metadata from the Drupal. Enter the client name in the Name text field and click on Save button.
Scroll down to the SAML Capabilities and select email as Name ID format from the dropdown.
Turn on the Force name ID format button, then click on the Save button.
Click on the Users form the left navigation menu. Click on the Add user button.
Enter the Username and Email of a user in the respective text fields. Enable the Email verified button and click on the Create button.
Navigate to the Realm settings in left navigation menu and click on the SAML 2.0 Identity Provider Metadata link.
Copy the URL of the Metadata page and keep it handy. (This is required to configure Drupal as a Service Provider)
Configure Drupal as SAML Service Provider:
Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP
Paste the previously copied Keycloak Metadata URL into the Upload Metadata
URL text field. Click on the Fetch Metadata button.
Note: To update Identity Provider Name, follow these steps:
Under Action, select the Edit.
Enter Keycloak in the Identity Provider Name text field.
Scroll down and click on the Save Configuration button.
Click on the Test link to test the connection between Drupal and Keycloak.
On a Test Configuration popup sign in using Keycloak credentials (if an active session is not present). After
successful authentication, a list of attributes that are received from Keycloak will be displayed. Click on the
Congratulations! you have successfully configure Keycloak as SAML Identity Provider (IdP) and Drupal as SAML Service
How does SAML
SSO login work?
Open a new browser/private window and navigate to the Drupal site login page.
Click the Login using Identity Provider (Keycloak) link.
You will be redirected to the Keycloak login page. Enter the Keycloak credentials. After successful authentication, the
user will be redirected back to the Drupal site.
Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request
Request 7-day trial button of the module or reach out to
us at firstname.lastname@example.org for
one-on-one assistance from Drupal expert.
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly
flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.