The SAML SP module allows Drupal to function as a Service Provider. This means that users can authenticate to Drupal (without a username or password) via a SAML IDP (Identity Provider) that has been pre-registered with Drupal.
To configure an IDP, you need:
- The SAML Login URL of the IDP
- The x.509 certificate of the IDP
The SimpleSAMLphp authentication module is similar, but has several differences.
- The simplesaml_php module requires the SimpleSamlPHP framework. The framework is a full-stack framework: you need a vhost, data-storage, docroot, etc. It is not a simple component library.
- The Saml SP module uses the OneLogin PHP-SAML toolkit, which is a minimal component library.
- The Saml SP module only functions as a Service Provider. It won't act as an IDP.
- Saml SP is configured entirely in Drupal (
- Saml SP allows multiple IDPs and an API to work with them
- Saml SP has a Drupal Login module which lets users automatically login/register using the Saml SP API
- Install the module files on your drupal site
- Checkout the OneLogin PHP-SAML toolkit into sites/all/libraries
cd sites/all/libraries git clone https://github.com/onelogin/php-saml.git .
- Download the XMLSecLibs library from https://code.google.com/p/xmlseclibs/
cd site/all/libraries wget https://xmlseclibs.googlecode.com/files/xmlseclibs-1.3.1.tar.gz tar xvzf xmlseclibs-1.3.1.tar.gz
- Configure the module at
- Enable the Saml SP Drupal Login module, if you want users to be able to automatically log in via Saml SP authentication.