Search Results :


SAML Single Sign-On (SSO) into Drupal using ADFS as IdP

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between ADFS and the Drupal site. The users will be able to log in to the Drupal site using their ADFS credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and ADFS as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Installation Steps

  • Download the module:
    Composer require 'drupal/miniorange_saml'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
  • Install the module:
    drush en drupal/miniorange_saml
  • Clear the cache:
     drush cr
  • Configure the module at
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at

Drupal SAML SP Metadata

  • After installing the module on the Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)
  • Drupal SAML Single Sign-On - Select miniOrange SAML Login Configuration
  • Navigate to the Service Provider Metadata and download the metadata. (This is required in configuring the ADFS as a SAML IdP)
  • Drupal-SAML-Single-Sign-On-Click-on-Download-Metadata-button

Configure SAML Single Sign-On Application

  • In Server Manager, click on Tools and then select ADFS Management.
  • ADFS-SAML-Single-Sign-On-Service-Manager-Tools
  • From the right side panel select Add Relying Party Trust under the ADFS section
  • ADFS-Single-Sign-On-Click-on-Add-Relaying-Party-Trust
  • To proceed, click the Start button on the Welcome screen.
  • ADFS-SAML-Single-Sign-On-Click-on-Start-btn
  • Select the Import data about the relying party from a file option. Upload the SP metadata file from Drupal. Click on the Next button to continue.
  • ADFS-SAML-Single-Sign-On-Choose-Import-data
  • In the Display Name, enter the name of the application and then click the Next button.
  • ADFS-Single-Sign-On-Enter-name-of-the-Application-as-Drupal
  • Select Permit everyone on the Choose Access Control Policy page, then click on the Next button.
  • ADFS-SAML-SSO-Select-Permit-everyone
  • From the Ready to Add Trust page click on the Next button.
  • Drupal-ADFS-SAML-Single-Sign-On-Click-on-Next-button-to-proceed
  • From the Finish page verify that the checkbox next to Configure claims issuance policy for this application is selected, then click Close.
  • ADFS-SAML-SSO-Click-on-the-Close-button
  • You can find the application under Relay Party Trust in ADFS once it's been created.
  • On the right-side panel, click Edit Claim Issuance Policy from the dropdown menu of the application you created in ADFS (In this case, DrupalSAML).
  • Drupal-ADFS-SAML-Single-Sign-On-Select-Application-and-click-on-Edit-Claim-Issuance-Policy
  • Click the Add Rule button on the Issuance Transform Rules tab.
  • Drupal-ADFS-SAML-Single-Sign-On-Click-on-the-Add-Rule-btn
  • On the Select Rule Template page click on the Next button.
  • Drupal-ADFS-SAML-Single-Sign-On-Click-on-Next-button
  • Enter the given information on the Configure Rule page:
    Claim rule name Enter the Claim rule name (any), for example, Attribute
    Attribute store Active Directory from dropdown
  • Map the outgoing LDAP attribute as follows:
    LDAP Attribute (Select or type to add more) Outgoing Claim Type (Select or type to add more)
    E-Mail-Addresses Name ID
    Display-Name Name
  • To continue, click the Finish button.
  • ADFS-SAML-Single-Sign-On-Under-Configure-Rule-provide-the-information
  • On the Issuance Transform Rules tab, click Apply, and then click OK to continue.
  • ADFS-SAML-Single-Sign-On-Click-on-Apply-button-then-Ok-btn
  • As shown in the below image, select Edit Federation Service Properties from the AD FS dropdown.
  • ADFS-SAML-Single-Sign-On-from-the-right-side-click-on-Edit-Federation-Service-Properti

Get the metadata of ADFS:

  • On the Federation Service Properties window, go to the General tab and copy the Federation Service name.
  • ADFS-SAML-Single-Sign-On-Copy-the-Federation-service-name
  • Replace "<your_ADFS_domain>" in the URL https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xm> with your actual "Federation Service name." For instance, if your Federation Service name is "," the updated metadata URL should be https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml.
  • Next, simply copy the "ADFS IdP metadata URL," which is in the form - https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml. (This will be required for further configuration of Drupal)

Configure Drupal as SAML Service Provider:

  • Open your Drupal site. Go to the Service Provider Setup tab of the module.
  • Click on Upload IDP Metadata Section
  • Now paste the metadata URL from the ADFS IdP.
  • Drupal-SAML-Paste-the-Federation-Metadata-URL-into-the-Upload-Metadata-URL
  • Click the Test link to verify the connection between Drupal and ADFS.
  • Drupal SAML Service Provider - Check connection between Drupal and ADFS
  • In the test configuration window, a success message with SAML response attributes will appear if the configurations are correct; otherwise, error messages with additional troubleshooting instructions will appear. Click on Done
  • Drupal SAML Service Provider - Test configuartion

Congratulations! You have successfully configured ADFS as an Identity Provider and Drupal as a Service Provider.

How does SAML SSO login work?

  • Open a new browser/private window and navigate to the Drupal site login page.
  • Click the Login using Identity Provider (ADFS) link.
  • You will be redirected to the ADFS login page. Enter the ADFS credentials. After successful authentication, the user will be redirected back to the Drupal site.

Windows SSO

miniorange img Steps to configure ADFS for Windows Authentication

  • Open elevated Command Prompt on the ADFS Server and execute the following command on it:
    • miniorange img setspn -a HTTP/##ADFS Server FQDN## ##Domain Service Account##

      miniorange img FQDN is Fully Qualified Domain Name (Example :

      miniorange img Domain Service Account is the username of the account in AD.

      miniorange img Example : setspn -a HTTP/ username/domain

  • Open AD FS Management Console and go to Authentication Policies section, edit the Global Authentication Policies. Check Windows Authentication in Intranet zone.
  • SAML Single Sign-On (SSO) using ADFS Identity Provider (IdP), Management Application
  • Open Internet Explorer. Navigate to Security tab in Internet Options.
  • Add the FQDN of AD FS to the list of sites in Local Intranet and restart the browser.
  • Select Custom Level for the Security Zone. In the list of options, select Automatic Logon only in Intranet Zone.
  • SAML Single Sign-On (SSO) using ADFS Identity Provider(IdP),ADFS LOGIN - for the SAML 2.0 Wizard_Enable SAML
  • Open the powershell and execute following two commands to enable windows authentication in Chrome browser.
    • miniorange img Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome")

      miniorange img Get-AdfsProperties | Select -ExpandProperty WIASupportedUserAgents

  • You have configured ADFS for Windows Authentication. Now to add Relying Party for your Drupal you can follow these steps.

Additional Features:

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at for one-on-one assistance from Drupal expert.

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security. 
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to