Drupal Gluu Server Integration | SSO into Drupal using Gluu Server

Drupal Gluu Server Integration | SSO into Drupal using Gluu Server


Drupal SAML Gluu Server SSO setup will allow your user to login to your Drupal site using their Gluu Server Credentials. Drupal SAML module gives the ability to enable SAML Single Sign-On for Drupal. This module is compatible with all SAML Identity Providers ( IDP ). Here we will go through a guide to configure SAML SSO between Drupal and Gluu Server Idp. By the end of this guide, users from your Identity Provider should be able to login into the Drupal site.

If you have any doubts or queries, you can contact us at drupalsupport@xecurify.com. We will help you to configure the module.

1. Configuring Gluu Server as Identity Provider

Follow the steps below to configure Gluu Server as IdP

miniorange img Configure Gluu Server as IdP
  • In the miniOrange SAML SP SSO module, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • Drupal saml upload metadata
    Note: In order to support SAML SSO, the Gluu Server must include the Shibboleth SAML IDP.

  • Login to Gluu server Admin Console.
  • From the navigation panel, click on SAMLAdd Trust Relationships.
  • Gluu Server SSO Add Trust Relationships

  • Configure the following in Trust Relationship Form:
    • Display Name: Drupal SAML App (Enter any name for identifying the application)
    • Description: Provide a suitable description for you application
    • Entity Type: Single SP
    • Metadata Location: File
    • Gluu Server Trust Relationship Form
  • From the Service Provider Metadata tab in the module, download the Metadata XML File.
  • Upload the Metadata file in SP Metadata File.
  • Now tick the Configure Relying Party checkbox and click on Configure Relying Party link.
  • Gluu Server Configure Relying Party
  • You will be shown the Relying Party Configurations page.
  • From Available Profile Configurations, select SAML 2.0 SSO and click on Add to add SAML2SSO to Selected Profile Configurations.
  • In SAML 2.0 SSO Profile, configure the following:
    signAssertions Never
    signRequests Conditional
    encryptAssertions Conditional
    defaultAuthenticationMethods None
    Support Unspecified NameId Format Tick the checkbox
  • From Available NamedId Formats, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and add it to the Selected NamedId Formats.
  • Click on Save button.
  • Gluu Server Available NamedId Formats
  • From the Release Additional Attributes section on the right, add the attributes you want to send to the Service Provider.
  • Click on Update button.
  • Gluu Server Additional Attributes
  • Gluu's SAML IDP metadata can be found at https://HOSTNAME/idp/shibboleth. This will be required to configure the module in Service Provider.
  • 2. Configuring Drupal as Service Provider

      In miniOrange SAML module, go to Service Provider Setup tab of the module. There are two ways to configure the module:

      A. By uploading IDP metadata:

      • Click on Upload IDP metadata button.
      • Enter the Identity Provider Name
      • You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.
      • drupal saml upload metadata

      B. Manual Configuration:

      • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.

    Additional Resources


    Our Other Module

    If you are looking for anything which you cannot find, please drop us an email on drupalsupport@xecurify.com

    Hello there!

    Need Help? We are right here!

    support
    Contact miniOrange Support
    success

    Thanks for your inquiry.

    If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com