Search Results :

×

AppStream 2 SAML Single Sign-On (SSO) Integration with Drupal as IdP

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and AppStream 2 as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

  • Download the module:
    Composer require 'drupal/miniorange_saml_idp'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Install the module:
    drush en miniorange_saml_idp
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml_idp/idp_setup
  • After installing the module on your Drupal site, in the Administration menu → navigate to Configuration → People → miniOrange SAML IDP Configuration. (/admin/config/people/miniorange_saml_idp/idp_setup)
Drupal-SAML-IDP-Single-Sign-On-Click-on-Drupal-SAML-IDP-Configuration
  • Under the IDP Metadata tab, click on the Download Metadata button. Open it on the notepad and copy the IdP information. Keep it handy. (This information is required to configure AppStream 2 as SAML SP.)
Drupal-SAML-IDP-Single-Sign-On-download-the-metadata
  • Login into your AWS Administrator console.
  • Navigate to Services -> Security, Identity & Compliances -> IAM (Identity and Access Management).
aws appstream saml single sign on - select services and click on security, identity
  • Select Identity Providers from the left-hand menu bar and then click Add provider button.
amazon appstream saml single sign on - select identoty providers and create providers button
  • Select SAML as a provider. Enter the name of provider in the Provider Name text field and in the Metadata document, upload the metadata file that you downloaded from the Drupal site.
aws appstream 2.0 - In Configure Provider tab enter the following information
  • Scroll down and click on Add provider button.
  • In the next screen, you will be shown your entered provider information. Verify it and click on the Create button. The SAML Provider is created and it should be listed in the Provider table.
aws appstream 2.0 saml single sign on - verify and check it information that you have entered to configure drupal as idp
  • In the left side menu bar, select Roles and click on Create role button.
  • Navigate to Create Role section and select SAML 2.0 federation.
  • Under Choose SAML 2.0 Provider, select the SAML Provider that you have created previously i.e., miniOrange
aws appstream saml single sign on - create role
  • After that, choose Allow programmatic access only radio option.
  • Select SAML:aud option from the Attributedrop-down list.
  • Enter the value as https://signin.aws.amazon.com/saml.
  • Then, click on Next: Permissions button.
  • Check the Policy Name AmazonEC2ReadOnlyAccess and click on Next: Tagsbutton.
amazon appstream saml single sign on - choose policy name
  • Then, skip step Add Tags (Optional) by clicking on Next: Preview button.
  • In the next step, enter Role name and click on CreateRole button.
amazon appstream saml single sign on - review role
  • Click on your Created role name.
  • In the Summary section, click on the Trusted relationship tab and copy Role ARN and Trusted Entities value.
  • Keep the values with you in comma separated format. For example- [arn:aws:iam::656620318436:role/SSORole,arn:aws:iam::656620318436:saml-provider/miniOrange](It will needed in further configuration of Drupal as SAML Identity Provider).
amazon appstream 2.0 saml single sign on - copy two value
  • Enter the value https://aws.amazon.com/SAML/Attributes/RoleSessionName in the Attribute Name field and select E-Mail Address from the Attribute Value dropdown list.
  • Click on the '+' icon besides Additional User Attributes to add another set of attributes and enter the value https://aws.amazon.com/SAML/Attributes/Role in the Attribute Name field and enter the machine name whose value here (arn:aws:iam::656620318436:role/SSORole,arn:aws:iam::656620318436:saml-provider/miniOrange) you want to send to SP.
  • select Custom Attribute Value from the Attribute Value list and in the Custom Attribute Value, enter comma separated value that created in step 3 e.g.[arn:aws:iam::656620318436:role/SSORole,arn:aws:iam::656620318436:saml-provider/miniOrange].
  • Navigate to the Drupal site and switch to the Service Provider Setup tab of the miniOrange SAML IDP module and click on the Upload SP metadata to expand it.
Drupal-Service-Provider-Setup-Click-on-Upload-SP-Metadata
  • Now, paste the Role ARN which was copied earlier from Amazon AppStream 2, in the Enter Metadata URL text field and click Fetch Metadata button.
Drupal-Upload-the-Salesforce-SP-metadata-into-the-Upload-Metadata-field
  • Once the configuration is successfully saved you will get a success message. Now, click on the Test link.
Drupal-Click-on-Test-link-to-check-the-connection

You have successfully set up Amazon AppStream 2.0 as Service Provider and Drupal as Identity Provider.

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.


[MO_CONTACT_US]
ADFS_sso ×
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com