--- title: "How to install and configure the samlauth module?" date: "2025-02-06T01:06:50+00:00" summary: image: type: "article" url: "/acquia-cloud-platform/help/94341-how-install-and-configure-samlauth-module" id: "42eb705c-81ee-49e1-9f81-26d7806765e2" --- **Important Note: This document is in progress. We are working on document to improve it.**  This module(samlauth) allows users to authenticate against a SAML Identity Provider (IdP) to log in to a Drupal application. Essential basics of SAML, tuned to our situation: The IdP is the remote system which users are directed to upon login, which authorizes the user to log into our site. The Service Provider (SP) is a standalone piece of code (implemented by the SAML PHP Toolkit) which takes care of the SAML communication / validating the assertions sent back by the IdP. https://git.drupalcode.org/project/samlauth#introduction https://www.drupal.org/project/samlauth Since simplesamlphp\_auth is not compatible/no stable release for Drupal 10 yet the samlauth is a good replacement. If you are using simplesamlphp\_auth module and you have plans to update your Drupal core, you should first uninstall this module for installing the samlauth module. If you have already uninstalled the module please review \`Installing the samlauth module\` section. **Uninstalling the simplesamlphp\_auth module:** ------------------------------------------------ Here are the steps to remove the simplesamlphp\_auth module completely from your code base: 1- Uninstall the [simplesamlphp\_auth](https://www.drupal.org/project/simplesamlphp_auth) module from the Drupal Admin UI or use the following command and please consider your site name, if you have a Drupal multisite: $  drush pm:uninstall simplesamlphp_auth --uri=default  [success] Successfully uninstalled: simplesamlphp_auth 2- In order to remove the simplesamlphp\_auth from your code base we recommend to you to first remove simplesamlphp/composer-module-installer (dependency) and then remove the actual module using composer by running the following commands: $ composer remove simplesamlphp/composer-module-installer --update-with-all-dependencies $ composer remove drupal/simplesamlphp_auth --update-with-all-dependencies 3- Clean up your \`scripts\`, \`allow-plugins\` section in you composer.json  Remove the following as an example: "simplesamlphp/composer-module-installer": false "scripts": {         "post-install-cmd": [             "rm -rf ./vendor/simplesamlphp/simplesamlphp/config",             "rm -rf ./vendor/simplesamlphp/simplesamlphp/metadata", 4- Make sure your composer.lock is up to date by running the following command: $ composer update --lock 5- If you have a symlink and the certificate/metadata folder in above the docroot, you should remove it now: $ rm -rf simplesamlphp $ rm -rf docroot/simplesaml 6- You may have a Drupal menu link for the simplesamlphp\_auth login that you should remove or update it for samlauth module to \`/saml/login\`.  7- Running \`drush pm:uninstall simplesamlphp\_auth --uri=default\` should remove the simplesaml tables from the database but it worth to verify it:  $ drush sqlc --uri=default mysql> To check the table:  mysql> show tables like "sim%"; +-----------------------------+ | Tables_in_cs2d8stg (sim%)   | +-----------------------------+ | simplesaml_kvstore          | | simplesaml_saml_LogoutStore | | simplesaml_tableVersion     | +-----------------------------+ 3 rows in set (0.00 sec) To delete the tables: mysql> drop table simplesaml_kvstore; mysql> drop table simplesaml_saml_LogoutStore; mysql> drop table simplesaml_tableVersion; Now you can continue to the following section to install the samlauth module: **Installing the samlauth module:** ----------------------------------- 1- To install samlauth in your code base, please run the following command: $ composer require drupal/samlauth --update-with-all-dependencies 2- Install the samlauth module from the Drupal Admin UI or use the following command and please consider your site name, if you have a Drupal multisite: $ drush enable samlauth  --uri=default  [success] Successfully enabled: samlauth 3- After logging in to the Drupal admin using your credentials or using the following Drush command navigate to the “SAML authentication”. Configuration->People->SAML authentication $ drush uli --uri=default  --uid=1 ![Admin toolbar interface with dropdown menus for configuration, people, and reports. Options include account settings, automated logout, and SAML authentication.](https://acquia.widen.net/content/a76ef73c-be16-40f1-88c6-86c83c9c2593/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005MbjG.png) 4- In the SAML authentication page you have the following sections:  * Login / Logout * Service Provider * Identity Provider * User Info and Syncing * SAML Message Construction * SAML Message Validation * Other * Debugging You can collapse other sections and navigate to the “Service Provider” section. 5- In “Service Provider” section update the following fields: * Entity ID: https://yourdomain.com/saml/metadata * Set the “Type of values to save for the key/certificate” to Configuration or file * Private Key: Look for your private key on your current/previous branch and copy the key into this section. $ cat simplesamlphp/cert/saml.pem -----BEGIN RSA PRIVATE KEY----- XXXX -----END RSA PRIVATE KEY----- **Important Note: If you are looking for generating a new key, please visit samlauth module documentation for more information: https://git.drupalcode.org/project/samlauth#requirements** * X.509 Certificate: Look for your certificate on your current/previous branch and copy the cert into this section.   $ cat simplesamlphp/cert/saml.crt -----BEGIN CERTIFICATE----- XXXX -----END CERTIFICATE----- 6- In the “Identity Provider” section update the following fields: * Entity ID: Look for ‘$metadata’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add the ‘entityid’ url to this field(see the image) ![Code snippet showing Google IdP metadata configuration with URLs partially redacted for security.](https://acquia.widen.net/content/a55be760-4c9c-4f42-a6d0-c1bb7e88e8e5/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005Mblq.png) * Single Sign On Service: Look for ‘SingleSignOnService’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add 'Location' url into this field. ** ![Highlighted code snippet showing a Google SAML single sign-on service URL with an obscured ID.](https://acquia.widen.net/content/873477d5-a9d3-4a7c-a557-0a652ae60797/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005Mbm0.png) Important note: This URL is different from the previous URL.** * Set the “Type of values to save for the certificate(s)” to Configuration or file * X.509 Certificate(s): Look for ‘X509Certificate’ in the simplesamlphp/metadata/saml20-idp-remote.php file and add cert into this field. ![Code snippet displaying an X509 certificate with encoded data in a terminal window.](https://acquia.widen.net/content/5cf511eb-55b1-458f-b543-310653bfd66c/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005MbmP.png) 7- In your Google Admin console you need to update the ‘ACS URL’ and ’Entity ID\` based on the information in the “Service Provider” section from the SAML authentication page. ![Admin panel showing service provider details for "Acquia Test," including ACS URL and Entity ID with sample domain links.](https://acquia.widen.net/content/aa02a1b1-4245-4fc0-a17b-ba0eb42a91f5/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005MbmU.png) You should see your “Service Provider” like the following: ![Service provider configuration showing metadata, assertion consumer, and single logout URLs, with two red arrows pointing to the first two URLs.](https://acquia.widen.net/content/3e7c1ec1-8a40-40ea-b22c-9ae07ca47565/web/ka0Pb0000008hxR00N6g00000VCdgi0EM6g000005MbnN.png) 8- In this method we have stored the data in Database which you can also store it in a file. In order to store in files you need to install the dev version of the module at the moment.