Drupal Keycloak SSO | SAML SSO Into Drupal Using Keycloak


Drupal SAML Keycloak SSO ( Single Sign-on ) setup will allow your user to login to your Drupal site using their Keycloak Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-on for Drupal. This module is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML Single Sign on - Service Provider module which is compatible with Drupal 7, Drupal 8 and Drupal 9. Here we will go through a guide to configure SAML SSO between Drupal and Keycloak Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal SAML Single Sign on - Service Provider SSO Login module.

Features and Pricing

Know more about Drupal SAML Single Sign On - Service Provider module from here.

Pre-requisites: Download

You can download the SAML Single Sign On - Service Provider module from here.

Module Handbook

This detailed Handbook for the SAML Single Sign On - Service Provider module, gives an in depth explanation of the features of the module. You can refer to the handbook at anytime - it is always available to you, either via This link, or directly from the module for quicker access.

1. Install Drupal SAML SP 2.0 Single Sign On (SSO) module

    1.1. Using Composer:

    • Composer require drupal/miniorange_saml
    • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
    • Enable the module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.2. Using Drush:

    • Download the module:
      drush dl drupal/miniorange_saml
    • Install the module:
      drush en drupal/miniorange_saml
    • Clear the cache:
       drush cr
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.3. Manual installation:

    • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
    • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
    • Click on Enable newly added modules.
    • Enable this module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

Steps to configure Keycloak SAML Single Sign-On ( SSO ) Login into Drupal site

2. Setup Drupal as Service Provider

  • In the miniOrage SAML Service Provider module, go to Service Provider Setup tab of the module. There are two way to configure Drupal SAML Service Provider SSO module:
    • A. By Uploading IDP Metadata
    • Click on Upload IDP Metadata link.
    • Click on Upload Metadata File and click on Upload File to fetch your information.
    • You can either Upload Metadata URLand click on Fetch Metadata button.
    • Drupal SAML Service Provider - upload idp metadata
      B. Manual Configuartion
    • Provide the required settings (i.e. Identity Provider Name, Idp Entity ID or Issuer, SAML Login URL and X.509 Certificate ) find to your Identity Provider Keycloak and click on Save Configuration button to save your configuration.
    • Identity Provider Name Enter name of Identity Provider
      Idp Entity ID or Issuer Copy Idp Entity ID / Issuer from Keycloak Dashboard and paste it.
      SAML Login URL Copy Single Sign On URL from Keycloak Dashboard and paste it.
      X.509 Certificate Copy and Download Signing certificate from Keycloak Dashboard and paste it.
      Drupal SAML Service Provider - Manual configuartion

3. Setup Keycloak as Identity Provider

Follow the following steps to Configure Keycloak as IdP

miniorange img Configure Keycloak as IdP
  • In your Keycloak admin console, select the realm that you want to use.
  • Keycloak add realm
  • Click on the Clients from the left navigation bar.
  • Click on create button at the top right corner and enter the following values to create a new client/application.
  • Client ID SP-EntityID/Issuer from Service Provider Metadata
    Client Protocol SAML
    Client SAML Endpoint (optional) The ACS (Assertion Consumer Service) URL from Service Provider Metadata
    Create Client Add Client
  • Click on Save.
  • Configure the following
  • Name Provide a name for this client (Eg. Drupal 8)
    Description (optional) Provide a description
    Enabled ON
    Consent Required OFF
    Client Protocol SAML
    Include AuthnStatement ON
    Sign Documents ON
    Optimize Redirect signing key lookup OFF
    Sign Assertions ON
    Signature Algorithm RSA_SHA256
    Encrypt Assertion OFF
    Client Signature Required OFF
    Canonicalization Method EXCLUSIVE
    Force Name ID Format ON
    Name ID Format Email
    Root URL Leave empty or Base URL of Service Provider
    Valid Redirect URIs The ACS (Assertion Consumer Service) URL from Service Provider Metadata
  • Under Fine Grain SAML Endpoint Configuration, configure the following:
  • Assertion Consumer Service POST Binding UR The ACS (Assertion Consumer Service) URL from Service Provider Metadata
    Logout Service Redirect Binding URL The Single Logout URL from Service Provider Metadata
  • Click on Save.
  • App Settings

     Add Mappers

    • Add the following attributes in the Mappers tab.
    • Click on Add Built-in and add the following option.
    • Add Mappers

     Add User

    • Click on the Users from the left nav bar.
    • Add a new user/view all users.
    • Add Mappers
    • Enter the username, valid email address and check on User Enabled.
    • Add Mappers
    • Click on Save.

You have successfully configured Keycloak as SAML IdP (Identity Provider) for achieving Keycloak SSO login into your Drupal Site.

In this Guide, you have successfully configured Keycloak SAML Single Sign-On ( Keycloak Login ) choosing Keycloak as IdP and Drupal as SP using miniOrange SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider Login module. This solution ensures that you are ready to roll out secure access to your Drupal site using OpenAM login credentials within secound.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP Single Sign On (SSO) module.

Additional Resources

Our Other modules

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com