How to install and configure the samlauth module? | Cloud Platform | Acquia Product Documentation
How to install and configure the samlauth module?
Date Published: February 6, 2025
Important Note: This document is in progress. We are working on document to improve it.
This module(samlauth) allows users to authenticate against a SAML Identity Provider (IdP) to log in to a Drupal application. Essential basics of SAML, tuned to our situation: The IdP is the remote system which users are directed to upon login, which authorizes the user to log into our site. The Service Provider (SP) is a standalone piece of code (implemented by the SAML PHP Toolkit) which takes care of the SAML communication / validating the assertions sent back by the IdP. https://git.drupalcode.org/project/samlauth#introduction https://www.drupal.org/project/samlauth
Since simplesamlphp_auth is not compatible/no stable release for Drupal 10 yet the samlauth is a good replacement.
If you are using simplesamlphp_auth module and you have plans to update your Drupal core, you should first uninstall this module for installing the samlauth module. If you have already uninstalled the module please review `Installing the samlauth module` section.
Uninstalling the simplesamlphp_auth module:
Here are the steps to remove the simplesamlphp_auth module completely from your code base:
1- Uninstall the simplesamlphp_auth module from the Drupal Admin UI or use the following command and please consider your site name, if you have a Drupal multisite:
2- In order to remove the simplesamlphp_auth from your code base we recommend to you to first remove simplesamlphp/composer-module-installer (dependency) and then remove the actual module using composer by running the following commands:
2- Install the samlauth module from the Drupal Admin UI or use the following command and please consider your site name, if you have a Drupal multisite:
3- After logging in to the Drupal admin using your credentials or using the following Drush command navigate to the “SAML authentication”. Configuration->People->SAML authentication
$ drush uli --uri=default --uid=1
4- In the SAML authentication page you have the following sections:
Login / Logout
Service Provider
Identity Provider
User Info and Syncing
SAML Message Construction
SAML Message Validation
Other
Debugging
You can collapse other sections and navigate to the “Service Provider” section. 5- In “Service Provider” section update the following fields:
Entity ID: https://yourdomain.com/saml/metadata
Set the “Type of values to save for the key/certificate” to Configuration or file
Private Key: Look for your private key on your current/previous branch and copy the key into this section.
Important Note: If you are looking for generating a new key, please visit samlauth module documentation for more information: https://git.drupalcode.org/project/samlauth#requirements
X.509 Certificate: Look for your certificate on your current/previous branch and copy the cert into this section.
6- In the “Identity Provider” section update the following fields:
Entity ID: Look for ‘$metadata’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add the ‘entityid’ url to this field(see the image)
Single Sign On Service:Look for ‘SingleSignOnService’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add 'Location' url into this field.
Important note: This URL is different from the previous URL.
Set the “Type of values to save for the certificate(s)” to Configuration or file
X.509 Certificate(s):Look for ‘X509Certificate’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add cert into this field.
7- In your Google Admin console you need to update the ‘ACS URL’ and ’Entity ID` based on the information in the “Service Provider” section from the SAML authentication page.
You should see your “Service Provider” like the following:
8- In this method we have stored the data in Database which you can also store it in a file. In order to store in files you need to install the dev version of the module at the moment.
Cloud Platform