SAML Single Sign On (SSO) into Drupal using Gluu Server as IDP

SAML Single Sign On (SSO) into Drupal using Gluu Server as IDP

Drupal SAML Gluu Server SSO setup will allow your user to login to your Drupal site using their Gluu Server Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. Drupal module is compatible with all SAML Identity Providers. Here we will go through a guide to configure SAML SSO between Drupal and Gluu Server. By the end of this guide, users from Gluu Server should be able to login into the Drupal site, you can download the module from here.

Step 1: Setup Gluu Server as Identity Provider

    Follow the steps below to configure Gluu Server as IdP

    miniorange img Configure Gluu Server as IdP

    • In the miniOrange SAML SP SSO module, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
    • Drupal saml upload metadata
      Note: In order to support SAML SSO, the Gluu Server must include the Shibboleth SAML IDP.

    • Login to Gluu server Admin Console.
    • From the navigation panel, click on SAMLAdd Trust Relationships.
    • Gluu Server SSO

    • Configure the following in Trust Relationship Form:
      • Display Name: WordPress SAML App (Enter any name for identifying the application)
      • Description: Provide a suitable description for you application
      • Entity Type: Single SP
      • Metadata Location: File
      • Gluu Server SSO
    • From the Service Provider Metadata tab in the module, download the Metadata XML File.
    • Upload the Metadata file in SP Metadata File.
    • Now tick the Configure Relying Party checkbox and click on Configure Relying Party link.
    • Gluu Server SSO
    • You will be shown the Relying Party Configurations page.
    • From Available Profile Configurations, select SAML2SSO and click on Add to add SAML2SSO to Selected Profile Configurations.
    • In SAML 2 SSO Profile, configure the following:
      signAssertions Never
      signRequests Conditional
      encryptAssertions Conditional
      defaultAuthenticationMethods None
      Support Unspecified NameId Format Tick the checkbox
  • From Available NamedId Formats, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and add it to the Selected NamedId Formats.
  • Click on Save button.
  • Gluu Server SSO
  • From the Release Additional Attributes section on the right, add the attributes you want to send to the Service Provider.
  • Click on Update button.
  • Gluu Server SSO
  • Gluu's SAML IDP metadata can be found at https://HOSTNAME/idp/shibboleth. This will be required to configure the module in Service Provider.

Step 2: Configuring Drupal as Service Provider (SP)


    A. By uploading IDP metadata:

    • Click on Upload IDP metadata button.
    • Enter the Identity Provider Name
    • You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.
    • drupal saml upload metadata

    B. Manual Configuration:

    • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.






If you are looking for anything which you cannot find, please drop us an email on drupalsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com