Search Results :

×

SAML Single Sign On (SSO) into Drupal using ADFS as IDP


Drupal SAML ADFS SSO setup will allow your user to login to your Drupal site using their ADFS Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. This module is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML SP 2.0 Single Sign on (SSO) - SAML Service Provider module which is compatible with Drupal 7, Drupal 8 as well as Drupal 9. Here we will go through a guide to configure SAML SSO between Drupal and ADFS Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.

If you have any doubts or queries, you can contact us at drupalsupport@xecurify.com. We will help you to configure the module. If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP 2.0 Single Sign On (SSO) module.


Pre-requisite: Download and Installation 


  • Download the module:
    Composer require 'drupal/miniorange_saml'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Install the module:
    drush en drupal/miniorange_saml
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup

Setup Video ADFS as IDP

You can refer to the steps to Configure ADFS with the Drupal SAML SSO from the Video or Documentation given below


Steps to configure Window ADFS Single Sign-On (SSO) Login into Drupal website

1. Configuring ADFS as Identity Provider

  • Once you have installed the module, click on the Configuration tab in the top navigation panel of your Drupal site and select miniOrange SAML Login Configuration.
  • drupal saml single sign on login Go to Congifuration tab
  • Navigate to Service Provider Metadata tab in miniOrange SAML SP module. The SP metadata, such as the SP Entity ID / Issure, SP ACS URL (AssertionConsumerService) and X.509 Certificate, can be found here and are required to configure the Identity Provider.
  • drupal saml single sign on login - in the service provider metadata tab, here you can find the sp metadata to configure your identity provider
miniorange img Configure ADFS as IdP
  • In ADFS, click on Add Relying Party Trust .
  • drupal saml add relying party trust
  • Click on Start .
  • drupal saml sp click on start
  • In Select Data Source, select the data source for adding a relying party trust.

  • Navigate to Service Provider Metadata tab from the module and copy the Metadata URL.
  • Select Import data about the relying party published online or on the local network option and add the metadata URL in Federation metadata address.
  • Click on Next.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - support for the SAML 2.0 Wizard Metadata
miniorange img Specify Display Name
  • Enter Display Name and Click Next.

  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - SAML 2.0 Wizard_Metadata manual
miniorange img Configure Certificate (Premium feature)
  • Download the certificate from Service Provider Metadata Tab.
  • Upload the certificate and click on Next.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for Drupal - ADFS SSO Login - SAML 2.0 Wizard_Metadata manual
miniorange img Configure URL
  • Select Enable support for the SAML 2.0 WebSSO protocol option and enter ACS URLfrom the module's Service Provider Metadata Tab.
  • Click on Next.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - for the SAML 2.0 Wizard_Enable SAML
miniorange img Configure Identifiers
  • In the Relying party trust identifier, add the SP-EntityID / Issuer from the module's Service Provider Metadata tab.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - SAML 2.0 Wizard_URL
miniorange img Choose Access Control Policy
  • Select Permit everyone as an Access Control Policy and click on Next.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - for SAML 2.0 Wizard Multi-Factor
miniorange img Ready to Add Trust
  • In Ready to Add Trust click on Next and then Close.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - SAML 2.0 Wizard Edit Claim
miniorange img Edit Claim Issuance Policy
  • In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - SAML 2.0 Wizard Edit Claim
  • In Issuance Transform Rule tab click on Add Rule button.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - for SAML 2.0 Wizard Claim Rule
miniorange img Choose Rule Type
  • Select Send LDAP Attributes as Claims and click on Next.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - for SAML 2.0 Configure_LDAP Attributes
miniorange img Configure Claim Rule
  • Add a Claim Rule Name and select the Attribute Store as required from the dropdown.
  • Under Mapping of LDAP Attributes to outgoing claim types, Select LDAP Attribute as E-Mail-Addresses and Outgoing Claim Type as Name ID.
  • Configure ADFS as IDP -SAML Single Sign-On(SSO) for WordPress - ADFS SSO Login - for the SAML 2.0 Add Transform Claim Rule
  • Once you have configured the attributes, click on Finish.
  • After configuring ADFS as IDP, you will need the Federation Metadata to configure your Service Provider.
  • To get the ADFS Federation Metadata, you can use this URL
    https://< ADFS_Server_Name >/federationmetadata/2007-06/federationmetadata.xml
  • You have successfully configured ADFS as SAML IdP (Identity Provider) for achieving ADFS Single Sign-On (SSO) Login

2. Windows SSO

miniorange img Steps to configure ADFS for Windows Authentication

  • Open elevated Command Prompt on the ADFS Server and execute the following command on it:
    • miniorange img setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##

      miniorange img FQDN is Fully Qualified Domain Name (Example : adfs4.example.com)

      miniorange img Domain Service Account is the username of the account in AD.

      miniorange img Example : setspn -a HTTP/adfs.example.com username/domain

  • Open AD FS Management Console and go to Authentication Policies section, edit the Global Authentication Policies. Check Windows Authentication in Intranet zone.
  • SAML Single Sign-On (SSO) using ADFS Identity Provider (IdP), Management Application
  • Open Internet Explorer. Navigate to Security tab in Internet Options.
  • Add the FQDN of AD FS to the list of sites in Local Intranet and restart the browser.
  • Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
  • SAML Single Sign-On (SSO) using ADFS Identity Provider(IdP),ADFS LOGIN - for the SAML 2.0 Wizard_Enable SAML
  • Open the powershell and execute following two commands to enable windows authentication in Chrome browser.
    • miniorange img Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome")

      miniorange img Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents

  • You have configured ADFS for Windows Authentication. Now to add Relying Party for your Drupal you can follow these steps.

3. Configuring Drupal as Service Provider

  • In Drupal SAML Module, go to Service Provider Setup tab. There are two ways to configure the Module:
    • ADFS_sso By Uploading ADFS Metadata File :

      • Click on Upload IDP Metadata.
      • Upload metadata file and click on Upload.

      ADFS_sso By ADFS Metadata URL :

      • Click on Upload IDP Metadata.
      • Enter Metadata URL and click on Fetch Metadata.
      • You can provide this metadata url https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml
    • If you want Single logout then follow these steps:
    • Navigate to Relying Party Trusts => Properties
    • drupal saml sp unable to load image
    • Navigate to Endpoints => Add SAML
    • drupal saml sp endpoints
    • Select SAML Logout from Endpoint type dropdown.
    • Enter ACS URL in Trusted URL textfield and SAML Logout URL in Response URL textfield then click on OK button.
    • drupal-saml sp add endpoints

24*7 Active Support:

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP 2.0 Single Sign On (SSO) login module.

Free Trial:

If you would like to test out the module to ensure your business use case is fulfilled, we do provide a 7-day trial. Please drop us an email at drupalsupport@xecurify.com requesting a trial. You can create an account with us using this link.

Additional Resources

Our Other modules:

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com