SAML Single Sign-On (SSO) into Drupal using Oracle as IdP

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Oracle and the Drupal site. The users will be able to log in to the Drupal site using their Oracle credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Oracle as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Drupal SAML SP Metadata:

• Go to Configuration → People → SAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)

• Navigate to the Service Provider Metadata and download the metadata. (This is required in configuring the Oracle as a SAML IdP)

Configure SAML Single Sign-On Application in Oracle:

• Sign in to your Oracle Access Manager (OAM) as an administrator. The format of the URL is https://adminhost:adminport/oamconsole
• From the Launch pad go to Configuration → Available Services and enable the Identity Federation. (Re-authenticate if required.)

• Go to the Launch Pad → Identity Federation → Identity Provider Administration

• Click on Create Service Provider Partner.

• Enter any relevant name (here we entered Oracle Cloud SP) and make sure that Enable Partner is checked.

• Select the default SAML 2.0 protocol.
• Select Load from Provider Metadata and upload the metadata downloaded from Drupal.

• Select the NameID Format
  • Name ID Format → Email Address
  • Name ID Value → User ID Store Attribute
  • Enter the user's email address attribute in the LDAP user record. For instance, if you're using Oracle Internet Directory or Oracle Unified Directory, use the attribute mail.
  • Click on the Save button.

• To view your Service Provider (Drupal), click the Identity Provider Administration tab in the OAM Console and then click Search for your application name (here Oracle Cloud SP) under Search Service Provider Partners.

Get the metadata of Oracle:

• Access the Oracle Access Management federation IdP metadata. The metadata URL of the Oracle is in the following format:

  https://oam-runtime-host:oam-runtime-port/oamfed/idp/metadata

• Copy the above metadata URL. (This will be required for further configuration of Drupal)

Configure Drupal as SAML Service Provider:

• Open your Drupal site. Go to the Service Provider Setup tab of the module.
• Click on Upload IDP Metadata Section.
• Now upload the metadata file downloaded from the Oracle IdP.

• Click on the Test link to test the connection between Drupal and Oracle.

• In the test configuration window, a success message with SAML response attributes will appear if the configurations are correct; otherwise, error messages with additional troubleshooting instructions will appear. Click on Done.

Congratulations! You have successfully configured Oracle as an Identity Provider and Drupal as a Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (Oracle) link.
• You will be redirected to the Oracle login page. Enter the Oracle credentials. After successful authentication, the user will be redirected back to the Drupal site.