Setting up single sign-on

Applies only to Drupal 8-based websites hosted on Acquia Cloud Site Factory

Setting up single sign-on (SSO) for Drupal 8 websites hosted on Acquia Cloud Site Factory enables users to sign in those websites by using the actions menu in the Site Factory Management Console.

Using SSO requires that you have a SAML service provider, which may be either Acquia Cloud or an external provider. Although you can use any SAML service provider that works with your Drupal 8 codebase, Acquia Cloud Site Factory directly supports the use of the SAML Authentication module (version 8.x-2.x).

Note

If you do not use the SAML Authentication module to connect to your SAML service provider, you cannot use centralized role management.

Installing the module

Complete the following steps to use the SAML Authentication module with SSO:

  1. Download and add the following modules to your Drupal 8 codebase:
  2. Add the modules from the previous step to your installation profile, along with the acsf_sso module, which is included with the Acquia Cloud Site Factory Connector module.
  3. Commit your changes back to your repository.

You can now use single sign-on with your Acquia Cloud Site Factory-hosted websites.

Configuring authentication values

When installing the ACSF SSO module or staging your websites for testing, Acquia Cloud Site Factory changes the samlauth.authentication configuration value to sign your users in to the appropriate staged or live websites.

Do not modify the values for samlauth.authentication in active configuration from those set by Acquia Cloud Site Factory. For instance, ensure you do not import stale or incorrect values for samlauth.authentication from configuration files stored in your codebase when installing or staging a site.

Modifying samlauth.authentication in active configuration may cause sign-in attempts to fail, or to sign users in to an environment other than the one you intended.

SimpleSAMLphp and Acquia Cloud Site Factory

Implementing single sign-on with the simpleSAMLphp Authentication module for use with the acsf_sso module (included with the Acquia Cloud Site Factory Connector module), requires an Acquia Professional Services engagement.

During your Professional Services engagement, after Acquia provides you with the Service Provider (SP) data, you will perform the following actions:

  • Install the Service Provider (SP) metadata with your Identity Provider (IdP).
  • Collaborate with Acquia regarding the testing of your SimpleSAMLphp configuration.
  • Ensure that Acquia has access to and knowledge of your IdP, if you are not using Acquia Cloud as your IdP.
  • Own your website’s custom code.
  • Alter the config.php file to use /mnt/gfs/mydocroot.env/files-private/sites.json instead of the default creds.json path.
  • Test any custom workflows not provided by the simpleSAMLphp Authentication module and the SimpleSAMLphp library.
  • Own the testing and validation of all Drupal configurations and workflows that integrate with simpleSAMLphp Authentication module functionality.
  • Configure and activate the simpleSAMLphp Authenticationmodule for your website.

Contact supportStill need assistance? Contact Acquia Support

Acquia: Think Ahead

53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842

Map: Google Maps
View other locations