Hey All,

I am new to Drupal and creating a solution for my company where we use SSO (SAML protocol) and also a role based setup.

From what I know, we will need to configure simpleSAMLphp module to allow SSO. RSA (IdP) will perform the authentication and send attributes to our Drupal site.

Post authentication, how is the authorisation performed i.e. a certain user can only perform certain duties based on their role?

Does Drupal read the userid attribute and checks with internal DB for the users role? If so, is this OOTB?
or
Is another module required?

Thanks in advance
:)