Drupal Moodle SSO | Login to Moodle using Drupal as IDP

Step 1: Configure Drupal Site as an identity provider ( IDP ):

• Go to Moodle site.
• Install and activate the miniOrange SAML SP module on your Moodle site, which acts as a Service Provider.
• Go to the miniOrange SAML SP module, navigate to the Service Provider Metadata tab. Here, you can find the Service Provider metadata such as SP Entity ID , ACS (Assertion Consumer Service) URL, Audience URI and NameID format which is required to configure the Identity Provider.


 Instructions:

• Go to Drupal site.
• Install and activate the miniOrange SAML IDP module ( Drupal as SAML IDP ) on your Drupal site which is acts as an Identity Provider.
• Go to the Drupal SAML IDP module, navigate to the Service Provider tab.
• Enter the values corresponding to the information from the Service Provider. Refer to the table below.




Service Provider Name	Name of your Service Provider.
SP Entity ID or Issuer	Copy the SP EntityID from the Service Provider Setup tab in miniorange SAML SP module from your moodle site.
ACS URL	Copy the ACS URL from the Service Provider Setup tab in miniorange SAML SP module from your moodle site.
NameID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Assertion Signed	Checked



• Click on the Save Configuration button to save your configurations.
• Go to the IDP Metadata tab. Here you can find information for configuring the Service Provider ( SP ).
• You can also download the metadata XML file, by clicking on the download link.

In the miniOrange SAML SP module, go to the Service Provider tab of the module. There are two ways to configure the module:

A. By uploading IDP metadata:

• Click on Upload IDP metadata button.
• Enter the Identity Provider Name
• You can copy and paste IdP metadata XML file download in the last step and click on Upload Metadata button or use a metadata URL copied in the last step and click on Fetch Metadata.

B.Manual Configuration:

• Provide the required settings ( i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate ) as provided by your Identity Provider as shown in the last step.
• Click on the Save Configuration button to save your configuration.

Step 3: Attribute Mapping in the Moodle SAML SP module:

• When the user performs SSO, the NameID value is sent by the Identity Provider ( IDP ). This value is unique for every user.
• To assign by which attribute value user should be created or authenticate himself. for that select Email or Username in "Login/Create Moodle account by" dropdown.
• For the module to access these attributes assign the Email and Username attribute in the required field.
• Click on the Save configuration button to save your configuration.

Step 4: Role Mapping in the Moodle SAML SP module:

• In the free plugin, you can choose a default role that will be assigned to all the non-admin users when they perform SSO. [NOTE: Roles will be assigned to new users created by SSO. Existing Moodle users’ roles will not be affected.]
• Go to Attribute/Role mapping tab and navigate to Role Mapping section.
• Select the Default Role and click on the Save button to save your configuration.

Step 5: SSO Settings in the Moodle SAML SP SSO module:

• In the plugin you can add a login widget to enable SP-initiated SSO on your site.
• Go to the plugins >> Authentication >> Manage authentication.
• Click on the to enble the plugin visibility.
• Click on the ⬆ to set plugin preference.