SAML Single Sign-On (SSO) for Drupal using Oracle Access Manager as IDP

Drupal SAML Oracle SSO setup will allow your user to login to your Drupal site using their Oracle Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. Drupal module is compatible with all SAML Identity Providers. Here we will go through a guide to configure SAML SSO between Drupal and Oracle. By the end of this guide, users from Oracle should be able to login into the Drupal site, you can download the module click here

If you have any doubts or queries you can contact us at drupalsupport@xecurify.com. We will help you to configure the module.

Step 1: Obtain the IdP metadata for SP configuration

Step 2: Configuring Drupal as Service Provider(SP)

  • In Drupal SAML SP module, go to Service Provider Setup tab. There are three ways to configure the module:
    • ADFS_sso By Uploading Oracle Access Manager Metadata File:

      • Click on Upload Metadata URL button.
      • Upload metadata file and click on Upload.

      ADFS_sso By Oracle Access Manager Metadata URL:

      • Click on Upload Metadata URL
      • Enter Metadata URL and click on Fetch Metadata.(such as IdPmetadata.xml)
      • drupal saml sp configure service metadata

      ADFS_sso Manual Configuration :

      • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
      • Identity Provider Name Enter your IdP name. For Example : Oracle Access Manager (Any)
        IdP Entity ID or Issuer You can find the EntityID in Your IdP-Metadata XML file enclosed in EntityDescriptor tag having attribute as entityID.
        SAML Login URL You can find the SAML Login URL in Your IdP-Metadata XML file enclosed in SingleSignOnService tag
        X.509 Certificate Enter your IdP name. For Example : Oracle Access Manager (Any)You can find the X.509 Certificate value in your IdP-Metadata file enclosed in x509certificate tag
        drupal saml sp service setting

Step 3: Obtain the SP metadata for IdP configuration:

  • To obtain the Drupal SP metadata you need to provide when configuring Oracle Access Manager Suite Federation as an IdP, perform the following steps:
    • Go to the Service Provider Metadata tab of module and click on metadata URL and Save the metadata to a local file as spmeatadata.xml (you can put any name.)
    • drupal saml sp configure idp

Step 4: Enable Identity Federation in OAM Admin Console

  • Perform the following steps to enable Oracle Access Manager Federation:
  •        1) Go to the OAM Admin Console in a browser. The URL is of the form:                                                                 https://adminhost:adminport/oamconsole

           2) Authenticate using OAM Admin user credentials.

           3) From the Launch pad Navigate to: Configuration -> Available Services

           4) Enable Identity Federation.

    drupal saml sp oracle access management drupal saml sp available services

Step 5: Configure the IDP, using Metadata from Drupal SP

  • To configure the IdP, perform the following steps:
    • 1) If necessary, copy the metadata file (spmetadata.xml) you obtained from the Drupal SP to the     environment where you are configuring the IdP.

      2) Return to the browser page containing the OAM Console, where you enabled Federation.

      3) Authenticate again if necessary.

      4) Navigate to Launch Pad > Identity Federation > Identity Provider Administration

      drupal saml sp service provider administration 5) Click on Create Service Provider Partner.

      drupal saml sp service provider partner 6) Enter a name such as Drupal SP (You can enter any name).

      7) Ensure Enable Partner is selected.

      8) Select SAML 2.0 as the protocol (which is the default).

      9) Select Load from Provider Metadata and click Load the Metadata and upload the Drupal SP     metadata (spmetadata.xml) that you copied from the Drupal SP UI.

      10) Specify the NameID Format Settings. What you specify depends on which attribute you use to      define the user.

    • If you define the user by the email address, use Email Address as the format. Configure the settings as follows:

      • a) Select Email Address as the Name ID format

        b) Select User ID Store Attribute as the Name ID Value

        c) Enter the User Attribute in the LDAP user record containing the user's email address. For     example, if Oracle Internet Directory or Oracle Unified Directory is the User Data Store, the     attribute is mail.

        drupal saml sp loadmetadata d) Click on Save.

      11) Click on Identity Provider Administration tab within OAM Console and under Search Service Provider Partners click on Search to make sure you can view Drupal SP (or your SP name).

      drupal saml sp identity provider

Step 6: Test federation SSO between OAM Identity federation and Drupal SP

  • To complete the testing, proceed as follows:
    • Return to the browser window of Drupal SP containing the Service Provider Setup tab. Click on Test Configuration button to test whether the configuration is successful or not.
    • To do SSO make sure the Enable Login with SAML option must be enabled. This option is under Service Provider Setup tab of the module.

Free Trial

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com