Nextcloud SAML Single Sign-On (SSO) Integration with Drupal as IdP
Overview
This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and Nextcloud as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Installation Steps
- Using Composer
- Using Drush
- Manual Installation
Configuration Steps
Obtain SAML IDP Metadata from Drupal:
- After the successful module installation, navigate to the Configuration → People → Drupal SAML IDP Configuration.
- From the IDP Metadata tab, copy the IDP-Entity ID/Issuer and SAML Login URL. Optionally, download the Certificate (open in Notepad and copy). Keep these for configuring Nextcloud as a SAML SP.
Configure Nextcloud as a Service Provider:
- Login to your Nextcloud Web interface as admin.
- Navigate to the Profile Icon from the top right side and click on Apps.
- Under the search field, search for SSO & SAML authentication and click on the Download and Enable button.
- Again, navigate to the Profile icon and click on Administration settings.
- From the left panel, scroll down, and click SSO & SAML authentication, then select Use built-in SAML authentication.
- Under Global settings, enable the checkbox Allow the use of multiple user back-ends. (e.g. LDAP)
- In General, enter the following information in the corresponding text fields.
| Attribute to map the UID to | |
| Optional display name of the identity provider (default “SSO & SAML log in”) | Enter the Application name as Drupal |
- Provide the appropriate information in the Configure your IdP settings section of the Nextcloud Application from the IDP Metadata tab of the module.
| Nextcloud Field | Identity Provider Information (Drupal) |
|---|---|
| Identifier of the IdP entity | IDP-Entity ID / Issuer |
| URL Target of the IdP where the SP will send the Authentication Request Messag | SAML Login URL |
- Click Show optional Identity Provider settings, then paste the copied Certificate (from the Drupal site) into the Public X.509 certificate of the IdP textfield.
- Click on the Download Metadata XML button to download the Nextcloud metadata.
Configuring Drupal as SAML Identity Provider (IdP):
- Head towards the Drupal site and navigate to the Service Provider Setup tab of the miniOrange SAML IDP module ( /admin/config/people/miniorange_saml_idp/sp_setup). (/admin/config/people/miniorange_saml_idp/sp_setup)
- Click on the Upload SP Metadata.
- Upload the metadata file downloaded from the Nextcloud.
- Click on the Test button to test the SSO.
- If the Test is successful, a new window will appear in which you will be logged in to the Nextcloud dashboard.
- Setup Multiple Applications (Service Provider) with Drupal
- Share additional User Attribute/Roles to the Service Provider
- Dynamic Relay State (The URL to which users are redirected after successful authentication)
- IDP initiated SSO
You have successfully configured the SAML SSO between Nextcloud as SAML SP and Drupal as SAML IDP.
Additional Features:
Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.
Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly
flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using
this link.
Other Solutions
Feel free to explore other Drupal solutions that we offer here. The
popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.
24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you
from choosing the best solution for your use case to deploying and maintaining the solution.
