SAML Single Sign-On (SSO) into Drupal using Absorb LMS as IdP
Overview
The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Absorb LMS and the Drupal site. The users will be able to log in to the Drupal site using their Absorb LMS credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Absorb LMS as an Identity Provider (IdP). The module is compatible with with Drupal 7, Drupal 8, Drupal 9, Drupal 10 and Drupal 11.
Installation Steps
- Using Composer
- Using Drush
- Manual Installation
Configuration Steps
Drupal SAML SP Metadata
- Go to Configuration → People → SAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)
- Navigate to the Service Provider Metadata and download the metadata. (This is required in configuring the Absorb LMS as a SAML IdP)
Configure SAML Single Sign-On Application in Absorb LMS
- Login to the Absorb LMS admin portal as a System Admin and navigate to Portal Settings. From Portal Settings, there is a button in the right-side menu labelled Manage SSO Settings. If you can't see this button, please contact your Absorb Client Success Manager to discuss enabling the feature.
- Click Add at the bottom of the page.
- Now in the Name field you can enter some descriptive connection name of your choice. This name is only visible to admins.
- In the Method field select SAML.
- In the Key field enter the Service provider certificate which you can get from the miniOrange SAML module under the Service Provider Setup tab.
- In the Id Property field select the Absorb user profile field that Absorb should send as the NameID in the SAML assertion. This should be a unique identifier for learners.
- The Assertion Consumer Service Url can be left blank as it should be provided to Absorb via the SAML Request. However if you are experiencing issues, you can hard code an ACS URL which you can get from the Service Provider Setup tab of the miniOrange SAML module.
- Set the Signature Type to SHA1.
- Include User Data: You can opt to send user data from the Absorb LMA to Drupal site in addition to the SAML Response by enabling this toggle.
- If OFF: No attributes will be included in the response.
- If ON: Absorb will append the following LMS attributes to the SAML Response in the AttributeStatement:
- FirstName
- LastName
- UserId
- Username
- UserExternalId
- EmployeeNumber
- JobTitle
- DepartmentId
- DepartmentName
- ExternalDepartmentId
- IsAdmin
- Include Custom Fields: You can select to include any custom user fields present in the Absorb LMS as part of the attributes returned in the SAML Response.
Note: This field is only visible if Include User Data is on.
Configure Drupal as Service Provider:
- Open your Drupal site. Go to the Service Provider Setup tab of the module.
- Click on Upload IDP Metadata Section.
- Now upload the metadata file downloaded from the Absorb LMS IdP.
- Click on the Test link to test the connection between Drupal and Absorb LMS.
- In the test configuration window, a success message with SAML response attributes will appear if the configurations are correct; otherwise, error messages with additional troubleshooting instructions will appear. Click on Done.
Congratulations! You have successfully configured Absorb LMS as an Identity Provider and Drupal as a Service Provider.
How does SAML SSO login work?
- Open a new browser/private window and navigate to the Drupal site login page.
- Click the Login using Identity Provider (Absorb LMS) link.
- You will be redirected to the Absorb LMS login page. Enter the Absorb LMS credentials. After successful authentication, the user will be redirected back to the Drupal site.
Contact us
