How To Implement Azure AD For Single Sign-On In Drupal

author
By Shifali Baghel Oct 5, 2021

Your employees may find it painstaking to memorize several credentials for accessing multiple cloud-based web applications. However, your IT support team might find it even more exhausting, when flooded with support requests of setting up or resetting passwords.

It affects their productivity and involves the allocation of a number of IT resources, countless hours, and huge costs, all of which can be leveraged to resolve more pressing IT-related issues.

That is why Single Sign-on via SAML is the go-to solution to overcome such roadblocks. Its main objective is to provide users with the freedom to log on to internal portals and intranet applications by using their official credentials. Azure AD provides integration with Active Directory, either on-premise, hybrid, or cloud.

To achieve this implementation, you need to use a contributed module called miniOrange_saml. It is compatible with most of the SAML Identity Providers. 

This blog will help you to configure and use SAML in Drupal as a Service Provider and in Azure AD as an Identity Provider to enable the Single-Sign-On on the Drupal application. 

How To Create an Account on Microsoft Azure

Note:  You can use the Microsoft Azure trial version to test the SSO functionality; however, it is highly recommended to use the paid version on the production site.

How to configure the Drupal module

To download and install the miniOrange SAML module, perform the following procedure:

1.  Run the following command, through composer, to install the module:


Run: Composer require drupal/miniorange_saml

2.  Go to your Drupal site and install the downloaded module:

Screenshot 2022-04-19 at 1.14.02 PM

3.  Go to /admin/config and click miniOrange SAML login configuration:


Edited _ How To Implement Azure AD For Single Sign-On In Drupal (1)

 

4.  On the config page, copy the  /admin/config/people/miniorange_saml/idp_setup command and copy the following URLs:

    • SP Entity ID/Issuer
    • SP ACS URL

Screenshot 2022-04-19 at 1.15.57 PM

 

Note: The copied URLs will be used when configuring the SAML application in Azure AD.

How To Create a SAML Application for Single Sign-on

Now that you have successfully registered on the Azure portal, you need to create an Azure directory application: 

1.  Log on to the Azure portal. The home page is displayed:

Screenshot 2022-04-19 at 1.16.31 PM

2.  Click Azure Active Directory:

Screenshot 2022-04-19 at 1.17.34 PM

3.   Click Add > Enterprise Application Link:

Screenshot 2022-04-19 at 1.18.16 PM

4.  Click New application:

Screenshot 2022-04-19 at 1.08.03 PM

5.  Click Create your own application:

Screenshot 2022-04-19 at 1.18.53 PM

6. Type the name of the SAML application. Click Save:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (8)

7.  Type the application name and URL (SP ACS URL),  copied earlier from the Drupal module configuration page:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)

8.  The application is listed as shown below:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)
9. Click the Application ID URL link and set the SP Entity ID/Issuer URL, as copied earlier from the Drupal module configuration page:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)

10.  Click the Set link and paste the SP Entity ID/Issuer URL. Click Save:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)

 

Screenshot 2022-04-19 at 1.23.46 PM

11. Go to the overview page. Click the certificate and secrets link and generate one secret key:


Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)

12. When the secret key is generated, copy the key value. This secret key will be used in the Drupal Module configuration:

Edited _ How To Implement Azure AD For Single Sign-On In Drupal (9)

13.  Return to the overview page, click Endpoint, and copy the Federation metadata document. This metatag will also be used while configuring the Drupal module:


Screenshot 2022-04-19 at 1.25.56 PM

Screenshot 2022-04-19 at 1.26.50 PM
14.  The Azure AD configuration is now completed.

How to return to the Drupal Module configuration page

To return to the Drupal module configuration page, perform the following procedure:

1. Run the following command:



/admin/config/people/miniorange_saml/sp_setup

2.  Add the previously copied Federated Metadata Document  () URL in the Upload Metadata URL field (the URL has been copied from the Application endpoint in Azure AD), and click Fetch Metadata:


Screenshot 2022-04-19 at 1.27.24 PM
Example of metadata URL (Federated Metadata Document):
<https://login.microsoftonline.com/<tenant_id>/federationmetadata/2007-06/federationmetadata.xml>

Note: You can obtain the Tenant Id from your Azure application overview page.

3.  All the Azure related information is automatically added on the configuration page:

Screenshot 2022-04-19 at 1.27.55 PM

4.  Click the Service provider setup tab and then click Test configuration to test the configuration using your Azure AD credentials:


Edited _ How To Implement Azure AD For Single Sign-On In Drupal (20)5.  The Test Successful message is displayed:

Screenshot 2022-04-19 at 1.28.40 PM

6.  Now open a new window in the incognito mode. You can now view the Login via Identify Provider link:

Screenshot 2022-04-19 at 1.29.07 PM

7.  Users can now successfully log on to the Drupal site with their Azure AD credentials.

Testing with Azure AD

Now, you can view the SSO login link on your default Drupal login page. To test your credentials with Azure AD, perform the following procedure:

1.  When you click the  Azure login link via the Drupal login page, you will be redirected to the Microsoft login account:

Screenshot 2022-04-19 at 1.29.51 PM

2.  Type your AD credentials in the respective fields:

Screenshot 2022-04-19 at 1.30.24 PM

Screenshot 2022-04-19 at 1.31.20 PM

3.  If you have a Microsoft account application on your mobile, then type the code. If not, install the Microsoft account authentication app from the Microsoft app store:

Screenshot 2022-04-19 at 1.31.56 PM

4.  To remain signed in, click Yes:

Screenshot 2022-04-19 at 1.32.39 PM

5.  You can now log on with your Azure AD credentials:

Screenshot 2022-04-19 at 1.33.29 PM
Drupal will create a new user in the backend. You can ask your admin to check the people page.

Limitations of the Azure SAML module

Some of the limitations of the free version of the SAML module that were observed during the implementation process:

  • An open-source version of this module can only map basic attributes, such as Username and Email
  • This module does not provide IDP-based advanced role mapping. The free version does not provide Force Authentication. This feature provides forced authentication of an anonymous user before they can access the Drupal site. In the current scenario, a user is redirected to the SSO login page, if not logged in. 

To overcome the above-mentioned limitations, you can opt for the premium version of the module

Wrapping up

It is clearly evident that single sign-on enhances user experience, drives productivity, and provides cost-saving benefits. You should implement SSO to provide your customers and employees the flexibility to log on to different applications and services easily, quickly, and more securely.

Through the miniOrange SAML module, Azure users can use their credentials and log on successfully to the Drupal site. For more information about this module, click here.

Shared Success

Seamless relocation achieved through a hassle-free mobile app
Building a Drupal-based content collaboration tool
How We Helped a Leading Biopharma Company Streamline their Publishing Cycle with a Drupal CMS
How We Helped 8world Deliver New Digital Experiences Through A Hybrid CMS

Let’s start our conversation

  • Business Inquiry
  • Career
  • Others

Business Inquiry

Career

Others