Drupal SSO integration will allow the users to log in to the Salesforce using the Drupal site Credentials. This SSO integration is achieved by the miniOrange OAuth / OpenID Connect server module which uses the OAuth 2.0 and OpenID Connect protocol. The module is compatible with all OAuth / OpenID Connect clients and is available for Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

In this setup guide, we will help you configure the Single Sign-on login using the OAuth protocol between the Drupal site and the Salesforce.

Configure Application in Salesforce:

• Login to your Salesforce account.
• Switch to the Salesforce Classic mode from the profile menu.

• Navigate to the Setup page.

• Search for Auth under the search bar in the left navigation panel.
• Click on Auth Provider.

• Click on the New button.

• From the Provider Type dropdown, select Open ID Connect.

• Enter the Application name under the Name text field and copy the generated URL Suffix.

Configure Drupal as an OAuth Server:

• Navigate to the Drupal site and go to the Configuration -> miniOrange OAuth server configuration -> OAuth Client tab.
• Click on the Add Client button to add a new application.

• Enter the name of your application under the Application Name text field.
• Enter the Callback URL (https://{yoursubdomain}/services/authcallback/{URL Suffix}) under the Callback/Redirect URL text field.
• You can add multiple Callback URLs by clicking on the Add More button next to the Callback/Redirect URL text field.

• Click on the Save button.
• Copy the generated Client ID and Client secret.

Configure Salesforce as OAuth Client:

• Navigate to the Salesforce dashboard and paste the copied Client ID under the Consumer Key text field.

• Paste the copied Client Secret into the Consumer Secret text field.


• Add the Scope and Endpoints as specified in the table below (You can also get the same from the Scope & Endpoints section of the Drupal site -> Configuration -> miniOrange OAuth server configuration -> OAuth Client):-

  Default Scopes	profile openid email
  Authorize Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/authorize
  Token Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/token
  User Info Endpoint URL	{base_url_of_the_drupal_site}/mo/oauth2/userinfo


• Click on the Automatically create a registration handler template link.

• Click on the Search icon next to the Execute Registration Handler As text box.

• Select the Admin account from the list of users.

• Click on the Save button.

• Now, click on the AutocreatedRegHandler link next to the Registration Handler.

• Click on the Edit button.

• Remove the existing code, paste the following code, and click on the Save button.

          global class AutocreatedRegHandlerMoDrupal implements Auth.RegistrationHandler{   
  
              global User createUser(Id portalId, Auth.UserData data){
                  User u = new User();
                  Profile p = [SELECT Id FROM profile WHERE name='Chatter Moderator User'];
                  u.username = data.email.split('@')[0] + '@miniorange_drupal.com';
                  u.email = data.email;
                  u.lastName = 'Unknown';
                  u.firstName = 'Unknown';
                  u.languagelocalekey ='en_US';
                  u.localesidkey = 'en_US';
                  u.emailEncodingKey = 'UTF-8';
                  u.alias = (data.email.split('@')[0].length() > 8) ? data.email.split('@')[0].substring(0, 8) : data.email.split('@')[0];
                  u.timeZoneSidKey = 'America/Los_Angeles';
                  u.profileId = p.Id;
                  insert u;
                  return u;
              }
          
              global void updateUser(Id userId, Id portalId, Auth.UserData data){
                    User u = new User(id=userId);
                    u.email = data.email;
                    update(u);
              }
          }        
      


• Please confirm that the Callback URL you previously entered in Drupal matches the one provided here. If there was a different configuration earlier, please update it to match the URL provided here.

• In the left navigation panel search for My Domain and click on it.

• Scroll down to the Authentication Configuration section and click on the Edit button.

• Enable the checkbox next to the Application configured under the Authentication Service section and click on the Save button.

You have successfully configured Salesforce as an OAuth Client and Drupal as an OAuth server.

Let’s see how it works:

• Open a new window/private browser and navigate to the login page of the Salesforce website.
• Click on the Login with Drupal button.

• Enter the Drupal credentials and click on the Log in button.

• You will be logged into Salesforce using Drupal credentials.

You have successfully performed the SSO between Salesforce and Drupal!