Information for: DEVELOPERS   PARTNERS

Using SimpleSAMLphp with Acquia products

SimpleSAMLphp is a basic implementation of the SAML authentication protocol. When implementing single sign-on with SimpleSAMLphp, your users will request a service from the service provider (SP), which requests authentication information from your identity provider (IdP). Based on the information the IdP returns, the SP makes an access control decision.

Although SimpleSAMLphp supports several authentication identity provider (IdP) systems, Acquia supports only the SimpleSAMLphp service provider implementation.

Note

Attempting to use SimpleSAMLphp with PHP 7.2 will display error messages in log files. For more information, see this known issue.

If you are an existing Acquia subscriber and you want help implementing SimpleSAMLphp, contact your Account Manager for information about how Acquia can assist you. For new SimpleSAMLphp installations on Acquia Cloud, a special engagement is available. Without a SimpleSAMLphp engagement, Acquia Support can provide limited help. If you aren’t a current Acquia subscriber, contact an Acquia sales team representative for help.

Preparing your application for SimpleSAMLphp

Installing and configuring simpleSAMLphp includes the following steps:

  1. Installing the SimpleSAMLphp library
  2. Configuring the config.php file for SimpleSAMLphp
  3. Configuring authentication sources for SimpleSAMLphp
  4. Configuring service provider metadata for SimpleSAMLphp
  5. Testing and completing SimpleSAMLphp setup

Note for Acquia Cloud Site Factory subscribers

Acquia Cloud Site Factory subscribers must work with Acquia to connect an external IdP to the Site Factory Management Console.

SimpleSAMLphp and Varnish caching

One feature generally expected from a single sign-on solution: if a visitor has already authenticated on a different website, they are then systematically authenticated when visiting the Drupal website. Single sign-on is a user-friendly feature ensuring a seamless transition between websites. However, the solution can come at the cost of decreased caching by the Varnish® layer.

The following issues in the simplesamlphp_auth module’s issue queue may cause problems due to session cookies invalidating Varnish caching. Acquia recommends determining the status of the following module issues before proceeding: