Module Description
This module integrates Drupal with SimpleSAMLphp, the most robust and complete implementation of SAML in PHP. It makes it possible for Drupal to communicate with SAML or Shibboleth identity providers (IdP) for authenticating users. The resulting Drupal site can effectively act as a SAML or Shibboleth service provider (SP).

Drupal core and SimpleSAMLphp compatibility Drupal 9 is based on Symfony 4, Drupal 10 is based on Symfony 6. SimpleSAMLphp 1.x is compatible with Symfony 4, 2.x is compatible with Symfony 5. Version 2.x is therefore not compatible with any Drupal core version and can not be used with this module. Version 8.x-3.x of this module requires SimpleSAMLphp 1.x and can not be Drupal 10 compatible.

SimpleSAMLphp has a dev-master branch that is compatible with Symfony 6, this module has a 4.x development release that is based on that and can be used on Drupal 10. There is currently no published roadmap for when the current dev-master branch will be merged into a release, see https://github.com/simplesamlphp/simplesamlphp/milestone/9. 4.x will not be released as a stable release until SimpleSAMLphp has a stable Symfony 6 compatible release. Once more real-life testing is done, alpha releases will be created.

See #3349278: 4.0.0-alpha1 release compatible with D10/Symfony6.

Prerequisites
* SimpleSAMLphp - you must have SimpleSAMLphp version 1.6 or newer installed and configured to operate as a service provider (SP).

NOTE: Your SimpleSAMLphp SP must be configured to use something other than "phpsession" (the default) for session storage. The alternatives are memcache or sql. The sql option was added in SimpleSAMLphp version 1.7. The simplest solution for folks running SimpleSAMLphp version 1.7 or higher is to edit the SimpleSAMLphp config/config.php by setting store.type => 'sql' and 'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3'

Features
* Just-in-time provisioning of Drupal user accounts based on SAML attributes (configurable).
* Automatic role assignment based on SAML attributes (configurable).
* Dual mode - support for traditional Drupal accounts and SAML-authenticated accounts at the same time (configurable).
* Support for multiple authentication protocols (thanks to SimpleSAMLphp)
* OpenID (e.g., Google, Yahoo)
* Facebook
* OAuth (e.g., Twitter)
* SAML 1.1, SAML 2.0
* Shibboleth 1.3
* A-Select
* X509 Client Certificates
* Radius



Example Use Cases
* Enterprise single sign-on - connect a Drupal site to your organization's IdP (like connecting Google Apps to your IdP)
* Single sign-on across Drupal sites on multiple servers - set all the sites up to use this module to authenticate users against one or more IdPs. (This can even be done with a multiple sites using a single SimpleSAMLphp service provider.)
* Federated Drupal site - allow people from multiple organizations to access the site using their organization's IdP.

Credits This module is based on the original work done by Andreas Åkre Solberg and Snorre Løvås, from whom I (Steve Moitozo) inherited maintenance duties.

Contributors include:


* Josh Lind
* Matt Pasiewicz
* Thomas Kulvik
* Balazs Dianiska
* Sven Decabooter
* Janak Singh (dakku)

Installation Overview
* Install SimpleSAMLphp
* Configure SimpleSAMLphp as a Service Provider
* Install Drupal (if you haven't already)
* Install simplesamlphp_auth module
* Configure simplesamlphp_auth module
* Activate the simplesamlphp_auth module

Installation Instructions For installation and configuration of your SimpleSAMLphp SP you should follow the instructions at both of the following URLs:


* SimpleSAMLphp Installation
* Configuration of SimpleSAMLphp SP

Assuming you've followed the instructions above, the first thing you should do is test your SimpleSAMLphp installation and configuration to ensure that you can authenticate against any configured IdPs. You can do this by going to the SimpleSAMLphp application in your browser (e.g., http://www.example.com/simplesaml) and clicking on the "Authentication" tab. Then click "Test configured authentication sources" and then the appropriate SP (e.g., default-sp). If you are properly directed to the IdP and returned to SimpleSAMLphp after authentication with the appropriate attributes then you can move on and look at your simplesamlphp_auth module configuration.

Please note that SimpleSAMLphp must be configured to use something other than "phpsession" as the value for "store.type" in simplesamlphp/config/config.php; memcache or SQL are the other choices.

Assuming the above tests indicate that your SimpleSAMLphp installation is working properly then you need to install the simplesamlphp_auth module, like you would any other Drupal module. Then configure the module, making sure you point to the right directory for simplesamlphp (e.g., /var/simplesamlphp) and that you've mapped attributes that the IdP(s) will be sending; etc.

At this point you can turn on SAML by checking the box next at the top of the configuration page.

If all these things look good then you can attempt to log into Drupal using saml by going to http://yourdrupal/saml_login

Want to use Drupal as a SAML Identity Provider? This module (simplesamlphp_auth) provides the ability to make a Drupal site into a SAML Service Provider (SP). But what if you want to make Drupal an Identity Provider (IdP)? It is possible using SimpleSAMLphp as the SAML IdP and the drupalauth module for simpleSAMLphp, which allows the SimpleSAMLphp IdP to authenticate users against the Drupal site. The Polder Consortium has a Public SAML 2.0 Identity Provider using this approach.

Alternative modules
* SAML Auth - https://www.drupal.org/project/samlauth

Project Usage
22256
Creation Date
Changed Date
Security Covered
Covered By Security Advisory
Version Available
DEV
Module Summary
This module integrates Drupal with SimpleSAMLphp to enable communication with SAML or Shibboleth identity providers for authenticating users.
Data Name
simplesamlphp_auth

OPENAI CHATBOT

OPENAI CHATBOT

15:59:11
Generic Chatbot
Hi, I'm a Drupal module expert powered by OpenAI, answering your questions about the Drupal module ecosystem. How can I be helpful today? Please note that we will log your question.