Site Factory supports single sign-on (SSO) for websites running all supported versions of Drupal. Applications running Drupal 9 or later on Site Factory use Security Assertion Markup Language (SAML) for SSO, while Drupal 7 websites use OpenID.
Setting up SSO for websites running Drupal 9 or later hosted on Site Factory enables users to sign in to those websites by using the actions menu in the Site Factory Management Console.
Using SSO requires a SAML service provider, either Cloud Platform or an external provider. Although you can use any SAML service provider compatible with your codebase running Drupal 9 or later, Site Factory directly supports the use of the SAML Authentication module (version 8.x-2.x or 8.x-3.x). Site Factory doesn’t recommend to use SAML Authentication module version 8.x-3.3.
To configure SSO for your Site Factory platform, select one of the following methods:
Important
Complete the following steps to use the SAML Authentication module with SSO:
acsf_sso
module packaged with the
Site Factory Connector module.You can now use SSO with your Site Factory-hosted websites.
When installing the Site Factory SSO module or staging your
websites for testing,
Site Factory changes the samlauth.authentication
configuration value to sign your users in to the appropriate staged or live
websites.
Do not change the values for samlauth.authentication
in active
configuration from those set by Site Factory. For instance,
ensure you do not import stale or incorrect values for
samlauth.authentication
from configuration files stored in your codebase
when installing or staging a website.
Modifying samlauth.authentication
in active configuration may cause
sign-in attempts to fail, or to sign users in to an environment other than the
one you intended.
Implementing SSO with the simpleSAMLphp Authentication module for use with the
acsf_sso
module (packaged with the Site Factory Connector
module), requires an Acquia Professional Services engagement.
During your Professional Services engagement, after Acquia provides you with the Service Provider (SP) data, you will perform the following actions:
config.php
file to
use /mnt/gfs/mydocroot.env/files-private/sites.json
instead
of the default creds.json
path.