Last updated 21 June 2015. Created on 6 January 2015.
Edited by Maesteri, widukind, snufkin. Log in to edit this page.

The SimpleSAML PHP Auth module integrates the simplesamlphp library into Drupal.

For a full description of the module, visit: https://www.drupal.org/project/simplesamlphp_auth

Installation

Installation instructions can be found on the module page at: https://www.drupal.org/project/simplesamlphp_auth

Versions

Recommended releases:
7.x-2.0-alpha2
6.x-2.7

Development releases:
7.x-3.x-dev
7.x-2.x-dev
6.x-3.x-dev

The 3.x branch of the module contains architectural changes from the 2.x branch.

Features

  • Just-in-time provisioning of Drupal user accounts based on SAML attributes (configurable).
  • Automatic role assignment based on SAML attributes (configurable).
  • Dual mode - support for traditional Drupal accounts and SAML-authenticated accounts at the same time (configurable).
  • Support for multiple authentication protocols (thanks to SimpleSAMLphp)
    • OpenID (e.g., Google, Yahoo)
    • Facebook
    • OAuth (e.g., Twitter)
    • SAML 1.1, SAML 2.0
    • Shibboleth 1.3
    • A-Select
    • X509 Client Certificates
    • Radius

Enforcing SSL

In the 3.x series the enforcing of the SSL on the authentication page is removed from the module. The following snippet applied to the .htaccess file can do the same thing:

# Force redirect to HTTPS for SimpleSAMLphp Auth module's login path
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^saml_login https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

Alternatively, this may be handled in-code by implementing hook_url_inbound_alter() in a custom module.
The following code snippet provides equivalent functionality to the mod_rewrite rule shown above:

/*
 * Implements hook_url_inbound_alter().
 */
function MYMODULE_url_inbound_alter(&$path, $original_path, $path_language) {
  if ('saml_login' === $path && !_MYMODULE_is_https_request()) {

    $options = array('absolute' => TRUE);
    if (isset($_GET['destination'])) {
      $options['query']['destination'] = $_GET['destination'];
      unset($_GET['destination']);
    }

    $url = url($path, $options);
    $url = str_replace('http://', 'https://', $url);

    drupal_goto($url);
  }
}

/**
 * Checks whether the current request has been received over HTTPS or not.
 *
 * @return TRUE if the current request has been received over HTTPS, FALSE otherwise.
 *
 * @link https://www.drupal.org/node/313145
 */
function _MYMODULE_is_https_request() {
  $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';

  if (!$is_https) {
    $reverse_proxy_proto_header = 'HTTP_X_FORWARDED_PROTO';
    $is_https = isset($_SERVER[$reverse_proxy_proto_header])
      && 'https' === strtolower($_SERVER[$reverse_proxy_proto_header]);
  }
  return $is_https;
}

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.