Search Results :

×

SAML Single Sign-On (SSO) into Drupal using ADFS as IdP

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between ADFS and the Drupal site. The users will be able to log in to the Drupal site using their ADFS credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and ADFS as an Identity Provider (IdP). The module is compatible with with Drupal 7, Drupal 8, Drupal 9, Drupal 10 and Drupal 11.

  • Download the module:
    Composer require 'drupal/miniorange_saml'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Install the module:
    drush en drupal/miniorange_saml
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at
    {BaseURL}/admin/config/people/miniorange_saml/idp_setup
  • Go to ConfigurationPeopleSAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)
Configuration-Drupal-Select-miniOrange-SAML-Login-Configuration

  • Navigate to the Service Provider Metadata and copy the metadata URL. (This is required in configuring the Delinea as a SAML IdP)
Drupal-miniOrange-SAML-Copy-the-Metadata-URL-from-Service-Provider-Metadata-tab

  • In Server Manager, click on Tools and then select ADFS Management.
ADFS-SAML-Single-Sign-On-Service-Manager-Tools

  • From the right side panel select Add Relying Party Trust under the ADFS section.
ADFS-Single-Sign-On-Click-on-Add-Relaying-Party-Trust

  • To proceed, click the Start button on the Welcome screen.
Microsoft-Azure-Create-your-own-applicationADFS-SAML-Single-Sign-On-Click-on-Start-btn

  • Select the Import data about the relying party from a file option. Upload the SP metadata file from Drupal. Click on the Next button to continue.
ADFS-SAML-Single-Sign-On-Choose-Import-data

  • In the Display Name, enter the name of the application and then click the Next button.
ADFS-Single-Sign-On-Enter-name-of-the-Application-as-Drupal

  • Select Permit everyone on the Choose Access Control Policy page, then click on the Next button.
ADFS-SAML-SSO-Select-Permit-everyone

  • From the Ready to Add Trust page click on the Next button.
Drupal-ADFS-SAML-Single-Sign-On-Click-on-Next-button-to-proceed

  • From the Finish page verify that the checkbox next to Configure claims issuance policy for this application is selected, then click Close.
ADFS-SAML-SSO-Click-on-the-Close-button

  • You can find the application under Relay Party Trust in ADFS once it's been created.
  • On the right-side panel, click Edit Claim Issuance Policy from the dropdown menu of the application you created in ADFS (In this case, DrupalSAML).
ADFS-SAML-SSO-edit-claim-policy

  • Click the Add Rule button on the Issuance Transform Rules tab.
Drupal-ADFS-SAML-Add-Rule-btn
  • On the Select Rule Template page click on the Next button.
Drupal-ADFS-SAML-Single-Sign-On-Click-on-Next-button
  • Enter the given information on the Configure Rule page:
  • Claim rule name Enter the Claim rule name (any), for example, Attribute
    Attribute store Active Directory from dropdown
  • Map the outgoing LDAP attribute as follows:
    LDAP Attribute (Select or type to add more) Outgoing Claim Type (Select or type to add more)
    E-Mail-Addresses Name ID
    Display-Name Name
  • To continue, click the Finish button.
ADFS-SAML-Single-Sign-On-Under-Configure-Rule-provide-the-information
  • On the Issuance Transform Rules tab, click Apply, and then click OK to continue.
ADFS-SAML-Single-Sign-On-Click-on-Apply-button
  • As shown in the below image, select Edit Federation Service Properties from the AD FS dropdown.
ADFS-SAML-Edit-Federation-Service-Properti
  • On the Federation Service Properties window, go to the General tab and copy the Federation Service name.
ADFS-SAML-Single-Sign-On-Copy-the-Federation-service-name
  • Replace "<your_ADFS_domain>" in the URL https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xm> with your actual "Federation Service name." For instance, if your Federation Service name is "example.com," the updated metadata URL should be https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml.
  • Next, simply copy the "ADFS IdP metadata URL," which is in the form - https://<your_ADFS_domain>/federationmetadata/2007-06/federationmetadata.xml. (This will be required for further configuration of Drupal)
  • Open your Drupal site. Go to the Service Provider Setup tab of the module.
  • Click on Upload IDP Metadata Section
  • Now paste the metadata URL from the ADFS IdP.
Drupal-SAML-Paste-the-Federation-Metadata-URL-into-the-Upload-Metadata-URL
  • Click the Test link to verify the connection between Drupal and ADFS.
Drupal SAML Service Provider - Check connection between Drupal and ADFS
  • In the test configuration window, a success message with SAML response attributes will appear if the configurations are correct; otherwise, error messages with additional troubleshooting instructions will appear. Click on Done.
Drupal SAML Service Provider - Test configuartion

Congratulations! You have successfully configured ADFS as an Identity Provider and Drupal as a Service Provider.

  • Open a new browser/private window and navigate to the Drupal site login page.
  • Click the Login using Identity Provider (ADFS) link.
  • You will be redirected to the ADFS login page. Enter the ADFS credentials. After successful authentication, the user will be redirected back to the Drupal site.

Additional Features:

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security. 
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
ADFS_sso ×
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com