Drupal SAML Shibboleth 2 SSO ( Single Sign-on ) setup will allow your user to login to your Drupal site using their Shibboleth 3 Credentials.
Drupal SAML module gives the ability to enable SAML Single Sign-on for Drupal. This module
is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML Single Sign on - Service Provider module which is compatible with Drupal 7, Drupal 8 and Drupal 9. Here we will go through a guide to configure SAML SSO between
Drupal and Shibboleth 2 Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal SAML Single Sign on - Service Provider SSO Login module.
Know more about Drupal SAML Single Sign On - Service Provider module from here.
You can download the SAML Single Sign On - Service Provider module from here.
Composer require drupal/miniorange_saml
{BaseURL}/admin/config/people/miniorange_saml/idp_setup
drush dl drupal/miniorange_saml
drush en drupal/miniorange_saml
drush cr
{BaseURL}/admin/config/people/miniorange_saml/idp_setup
{BaseURL}/admin/config/people/miniorange_saml/idp_setup
Identity Provider Name | Enter name of Identity Provider |
Idp Entity ID or Issuer | Copy Idp Entity ID / Issuer from Shibboleth 2 Dashboard and paste it. |
SAML Login URL | Copy Single Sign On URL from Shibboleth 2 Dashboard and paste it. |
X.509 Certificate | Copy and Download Signing certificate from Shibboleth 2 Dashboard and paste it. |
Follow the following steps to Configure Shibboleth 2 as IdP
<MetadataProviderxsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" i
d="MyInlineMetadata">
<EntitiesDescriptorxmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<md:EntityDescriptorxmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" e
ntityID="<ENTITY_ID_FROM_PLUGIN>">
<md:SPSSODescriptorAuthnRequestsSigned="false" WantAssert
ionsSigned="true" protocolSupportEnumeration=
"urn:oasis:names:tc:SAML:2.0:protoco
l">
<urn:oasis:names:tc:SAM
L:1.1:nameidformat:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oas
is:names:tc:SAML:2.0:bindings:https-POST"
Location="<ACS_URL_FROM_PLUGIN
>" index="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
</EntitiesDescriptor>
</MetadataProvider>
<resolver:AttributeDefinitionxsi:type="ad:Simple" id="email" sourceAttributeID="mail">
<resolver:Dependency ref="ldapConnector" />
<resolver:AttributeEncoderxsi:type="enc:SAML2StringNameID" nameFormat="urn:
oasis:names:tc:SAML:1.1:
nameid-format:emailAddress"/>
</resolver:AttributeDefinition>
<afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
<afp:PolicyRequirementRulexsi:type="basic:ANY"/>
<afp:AttributeRuleattributeID="email">
<afp:PermitValueRulexsi:type="basic:ANY"/>
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
IDP Entity ID | https://<your_domain>/idp/shibboleth |
Single Login URL | https://<your_domain>/idp/profile/SAML2/ Redirect/SSO |
X.509 Certificate | The public key certificate of your Shibboleth server |
You have successfully configured Shibboleth 2 as SAML IdP (Identity Provider) for achieving Office 365 SSO login into your Drupal Site.
In this Guide, you have successfully configured Shibboleth 2 SAML Single Sign-On ( Shibboleth 2 Login ) choosing Shibboleth 2 as IdP and Drupal as SP using miniOrange SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider Login module. This solution ensures that you are ready to roll out secure access to your Drupal site using CyberArk login credentials within secound.
If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP Single Sign On (SSO) module.
Need Help? We are right here!
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com