Information for: DEVELOPERS   PARTNERS

Using SimpleSAMLphp with Acquia products

SimpleSAMLphp is a basic implementation of the SAML authentication protocol. When implementing single sign-on with SimpleSAMLphp, your users will request a service from the service provider (SP), which requests authentication information from your identity provider (IdP). Based on the information the IdP returns, the SP makes an access control decision.

Although SimpleSAMLphp supports several authentication identity provider (IdP) systems, Acquia supports only the SimpleSAMLphp service provider implementation.

Note

Attempting to use SimpleSAMLphp with PHP 7.2 will display error messages in log files. For more information, see this known issue.

If you’re an existing Acquia subscriber and you want help implementing SimpleSAMLphp, contact your Account Manager or the Acquia Sales Team for information about a Professional Services engagement.

Acquia Support provides limited help with checking the basic SimpleSAMLphp application setup against the following instructions. This includes the proper placement of SimpleSAMLphp files in your application and the required Drupal modules. Acquia Support may recommend a Professional Services engagement to address issues with the setup or external connections.

Preparing your application for SimpleSAMLphp

Installing and configuring simpleSAMLphp includes the following steps:

  1. Installing the SimpleSAMLphp library
  2. Configuring the config.php file for SimpleSAMLphp
  3. Configuring authentication sources for SimpleSAMLphp
  4. Configuring service provider metadata for SimpleSAMLphp
  5. Testing and completing SimpleSAMLphp setup

Note for Acquia Cloud Site Factory subscribers

Acquia Cloud Site Factory subscribers must work with Acquia to connect an external IdP to the Site Factory Management Console.

SimpleSAMLphp and Varnish caching

One feature generally expected from a single sign-on solution: if a visitor has already authenticated on a different website, they are then systematically authenticated when visiting the Drupal website. Single sign-on is a user-friendly feature ensuring a seamless transition between websites. However, the solution can come at the cost of decreased caching by the Varnish® layer.

The following issues in the simplesamlphp_auth module’s issue queue may cause problems due to session cookies invalidating Varnish caching. Acquia recommends determining the status of the following module issues before proceeding: