SAML Single Sign On ( SSO ) into Drupal using CA Identity as IDP


Drupal SAML CA Identity SSO ( Single Sign-on ) setup will allow your user to login to your Drupal site using their CA Identity Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-on for Drupal. This module is compatible with all SAML Identity Providers ( IDP ). We provide Drupal SAML Single Sign on - Service Provider module which is compatible with Drupal 7, Drupal 8 and Drupal 9. Here we will go through a guide to configure SAML SSO between Drupal and CA Identity Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.

If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal SAML Single Sign on - Service Provider SSO Login module.

Features and Pricing

Know more about Drupal SAML Single Sign On - Service Provider module from here.

Pre-requisites: Download

You can download the SAML Single Sign On - Service Provider module from here.

Module Handbook

This detailed Handbook for the SAML Single Sign On - Service Provider module, gives an in depth explanation of the features of the module. You can refer to the handbook at anytime - it is always available to you, either via This link, or directly from the module for quicker access.

1. Install Drupal SAML SP 2.0 Single Sign On (SSO) module

    1.1. Using Composer:

    • Composer require drupal/miniorange_saml
    • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Service Provider using the search box.
    • Enable the module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.2. Using Drush:

    • Download the module:
      drush dl drupal/miniorange_saml
    • Install the module:
      drush en drupal/miniorange_saml
    • Clear the cache:
       drush cr
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

    1.3. Manual installation:

    • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
    • Install the Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider module either by downloading the zip or from the URL of the package (tar/zip).
    • Click on Enable newly added modules.
    • Enable this module by checking the checkbox and click on install button.
    • Configure the module at
      {BaseURL}/admin/config/people/miniorange_saml/idp_setup

Steps to configure Drupal SAML Single Sign-On ( SSO ) Login into CA Identity

2. Configuring Drupal as Service Provider

    In miniOrange SAML module, go to Service Provider Setup tab of the module. There are two ways to configure the module:

    A. By uploading IDP metadata:

    • Click on Upload IDP metadata button.
    • Enter the Identity Provider Name
    • You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.
    • drupal saml upload metadata

    B. Manual Configuration:

    • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.
    • drupal saml idp service provider configuration

3. Configuring CA Identity as Identity Provider

Follow the steps below to configure CA Identity as IdP

miniorange img Configure CA Identity as IdP
  • In the miniOrange SAML SP SSO module, navigate to f Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • Drupal saml upload metadata

    Note: For Single Sign On, make sure to install and setup CA SSO (formerly known as SiteMinder) with CA Identity Manager.

  • Log in to your CA SSO portal as a CA Single Sign-On administrator.
  • Click on Federation tab.
  • Now go to Partnership FederationEntities.
  • Drupal CA identity entities class=


    miniorange img Create a Local Identity Provider

    • Click on Create Entity.
    • CA Identity sso-1

    • To create a local entity, configure the following:

      Entity Location Local
      Entity Type SAML2 IDP
      Entity ID Enter an ID for your local identity provider for identification.
      Entity Name Create a name for your local identity provider.
      Base URL Enter the fully-qualified domain name for the host service CA SSO Federation Web Services.
      Signed Authentication Requests Required No
      Supported NameID format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
      urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
      CA Identity sso-2

    miniorange img Create a Remote Service Provider

    • Download Metadata XML File from the Service Provider Metadata Tab of the miniOrange SAML SSO module .
    • Click on Import Metadata and upload the downloaded XML metadata file.
    • drupal saml CA Identity import metadata
    • For Import As, select Remote Entity.
    • Provide a name for the Remote Service Provider Entity.
    • drupal saml CA Identity remote service provider

    miniorange img Create a Partnership between SP and IDP

    • For creating a partnership, configure the following:

      Add Partnership Name Enter a name for your partnership.
      (Optional) Description Enter a relevant description for your partnership.
      Local IDP ID Enter the Local Identity Provider ID created while adding a Local Entity.
      Remote SP ID Enter the Remote Service Provider ID created while adding a Remote Entity.
      Base URL This field will be pre-populated.
      Skew Time Enter any skew time required by your environment.
      User Directories and Search Order Select the required directories in the required search order.
  • On the Federation Users page, add the users you want to include in the partnership.
  • In the Assertion Configuration section, configure following:
    • Name ID Format: Email Address
    • Name ID Type: User Attribute
    • Value: mail
    • (Optional) Assertion Attributes: Specify any application or group attributes that you want to map to users
  • drupal saml CA Identity assertion attribute
  • In the SSO and SLO section, perform the following steps:
    • SSO Binding: HTTP-POST
    • Transactions Allowed: Both IDP and SP initiated
  • drupal saml ca-identity sso
  • In the Signature and Encryption section, select Post Signature as Sign Both.

  • miniorange img Activate Partnership

    • In the Federation Partnership List, expand the Action dropdown for your partnership and click Activate.
    • To get the IDP metadata, Click the Action button and click Export Metadata. This data will be used to configure the module.

24*7 Active Support:

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SAML SP modules.


Additional Resources


Our Other Module

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com