Drupal SAML Keycloak SSO ( Single Sign-on ) setup will allow your user to login to your Drupal site using their Keycloak Credentials.
Drupal SAML module gives the ability to enable SAML Single Sign-on for Drupal. This module
is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML Single Sign on - Service Provider module which is compatible with Drupal 7, Drupal 8 and Drupal 9. Here we will go through a guide to configure SAML SSO between
Drupal and Keycloak Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal SAML Single Sign on - Service Provider SSO Login module.
Know more about Drupal SAML Single Sign On - Service Provider module from here.
You can download the SAML Single Sign On - Service Provider module from here.
This detailed Handbook for the SAML Single Sign On - Service Provider module, gives an in depth explanation of the features of the module. You can refer to the handbook at anytime - it is always available to you, either via This link, or directly from the module for quicker access.
Composer require drupal/miniorange_saml
{BaseURL}/admin/config/people/miniorange_saml/idp_setupdrush dl drupal/miniorange_saml
drush en drupal/miniorange_saml
drush cr
{BaseURL}/admin/config/people/miniorange_saml/idp_setup{BaseURL}/admin/config/people/miniorange_saml/idp_setup
| Identity Provider Name | Enter name of Identity Provider |
| Idp Entity ID or Issuer | Copy Idp Entity ID / Issuer from Keycloak Dashboard and paste it. |
| SAML Login URL | Copy Single Sign On URL from Keycloak Dashboard and paste it. |
| X.509 Certificate | Copy and Download Signing certificate from Keycloak Dashboard and paste it. |
Follow the following steps to Configure Keycloak as IdP
Configure Keycloak as IdP
| Client ID | SP-EntityID/Issuer from Service Provider Metadata |
|---|---|
| Client Protocol | SAML |
| Client SAML Endpoint (optional) | The ACS (Assertion Consumer Service) URL from Service Provider Metadata |
| Name | Provide a name for this client (Eg. Drupal 8) |
|---|---|
| Description (optional) | Provide a description |
| Enabled | ON |
| Consent Required | OFF |
| Client Protocol | SAML |
| Include AuthnStatement | ON |
| Sign Documents | ON |
| Optimize Redirect signing key lookup | OFF |
| Sign Assertions | ON |
| Signature Algorithm | RSA_SHA256 |
| Encrypt Assertion | OFF |
| Client Signature Required | OFF |
| Canonicalization Method | EXCLUSIVE |
| Force Name ID Format | ON |
| Name ID Format | |
| Root URL | Leave empty or Base URL of Service Provider |
| Valid Redirect URIs | The ACS (Assertion Consumer Service) URL from Service Provider Metadata |
| Assertion Consumer Service POST Binding UR | The ACS (Assertion Consumer Service) URL from Service Provider Metadata |
|---|---|
| Logout Service Redirect Binding URL | The Single Logout URL from Service Provider Metadata |
Add Mappers
Add User
You have successfully configured Keycloak as SAML IdP (Identity Provider) for achieving Keycloak SSO login into your Drupal Site.
In this Guide, you have successfully configured Keycloak SAML Single Sign-On ( Keycloak Login ) choosing Keycloak as IdP and Drupal as SP using miniOrange SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider Login module. This solution ensures that you are ready to roll out secure access to your Drupal site using OpenAM login credentials within secound.
If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP Single Sign On (SSO) module.
Need Help? We are right here!
