Salesforce SSO Login into Drupal OAuth Client using OAuth / OpenID connect

Drupal Salesforce SSO integration will allow the users to log in to the Drupal site using the Salesforce Credentials. This SSO integration is achieved by the miniOrange OAuth Client module which uses the OAuth 2.0 and OpenID Connect (OIDC) Protocol.
In this document, we will help you to configure the single Sign-on login using the OAuth protocol between the Drupal site and the Salesforce.

Setup Drupal as OAuth Client:

• After installing the module, navigate to the Configuration -> miniOrange OAuth Client Configuration -> Configure OAuth tab and select Salesforce from the Select Application dropdown list.
• Copy the Callback/Redirect URL and keep it handy.

  Please Note: If you have an HTTP Drupal site, and Salesforce enforces the HTTPS Redirect URI. Please navigate to the Sign In Settings tab of the module and set the base URL of the site with HTTPS in the Base URL text field.

• In the Display Name text field, enter the name of the application. For example, Salesforce.

Configure SSO Application in Salesforce:

• Sign in to your Salesforce Admin console.
• Once logged in, locate the Profile Icon in the top right corner of the screen and click on it. Select the Switch to Salesforce Classic link.

• Navigate to the top header of the screen and select Setup.

• On the left, under Build, select Create, and then Apps.

• Click on the New button in the Connected Apps section.

• Provide the following details in the New Connected App panel's Basic Information section:
• Name of the connected app: In the Connected App Name text field, enter the name of the application.
• Enter the email address in the Contact Email text field.

• Under API (Enable OAuth Settings), enter the required details:
• To enable OAuth Settings, by clicking on the checkbox.
• In the Callback URL text field, paste the previously copied Callback/Redirect URL.
• Select the OAuth scopes required for your Connected App. Check that your Drupal site has the same scopes. This signifies your Connected App has the necessary permissions to access Salesforce data.
• Save the changes by clicking on Save button.

• On the next screen, click the Continue button.

• Then, click on the Manage Consumer Details button.

Integrating Drupal with Salesforce:

• Salesforce assigns a unique Application ID to your application. Copy the Consumers Key from the Consumers Details section.

• Paste the copied Consumer Key into the Client ID text field in Drupal's Configure OAuth tab.

• Go back to the Salesforce portal.
• Copies the Consumer secret from the Consumer Details section.

• Paste the copied Consumer secret into the Client Secret text field in Drupal's Configure OAuth tab.
• Please confirm the Scope & Endpoints and then click on Save Configuration button.

You can also refer to the Salesforce Endpoints and scope from the table given below:

Test connection between Drupal and Salesforce:

• Click on the Perform Test Configuration button to test the connection.

• On a Test Configuration popup, if you don't have any active sessions on the same browser, you will be requested to login into the Salesforce. After successfully logging into the Salesforce CRM, you will be provided a list of attributes received from the Salesforce.
• Select the Email Attribute from the dropdown menu in which the user's email ID is obtained and click on the Done button.

• On the Attribute & Role Mapping tab, please select the Username Attribute from the dropdown list and click on the Save Configuration button.

Please note: Mapping the Email Attribute is mandatory for Single Sign-On.

Congratulations! You have successfully configured Salesforce as OAuth/OpenID Provider and Drupal as an OAuth Client.

How to perform the SSO?

• Now, open a new browser/private window and go to your Drupal site login page.
• Click on the Login using the Salesforce link to initiate the SSO from Drupal.
• If you want to add the SSO link to other pages as well, please follow the steps given in the image below: