This project is not covered by Drupal’s security advisory policy.

The SAML SP module allows Drupal to function as a Service Provider. This means that users can authenticate to Drupal (without a username or password) via a SAML IDP (Identity Provider) that has been pre-registered with Drupal.


To configure an IDP, you need:

  • The SAML Login URL of the IDP
  • The x.509 certificate of the IDP

Alternative modules

The SimpleSAMLphp authentication module is similar, but has several differences.

  • The simplesaml_php module requires the SimpleSamlPHP framework. The framework is a full-stack framework: you need a vhost, data-storage, docroot, etc. It is not a simple component library.
  • The Saml SP module uses the OneLogin PHP-SAML toolkit, which is a minimal component library.
  • The Saml SP module only functions as a Service Provider. It won't act as an IDP.
  • Saml SP is configured entirely in Drupal (/admin/config/people/saml_sp).
  • Saml SP allows multiple IDPs and an API to work with them
  • Saml SP has a Drupal Login module which lets users automatically login/register using the Saml SP API

8.x-2.x version

This version is a partial rewrite, this includes moving to a Drupal 8 Object Oriented framework.

Installation of the dependencies is covered in README.txt and is managed by Composer.

The 8.x-2.x Alpha versions are still a little messy. There are many pieces of code that still need to be cleaned up from the 7.x-2.x version as well as features that were in the 7.x-2.x version like updating the Drupal user attributes from the SAML assertion and Single Log Out (SLO).

Installation 7.x-2.x

  1. Install the module files on your Drupal site
  2. Checkout the OneLogin PHP-SAML toolkit into sites/all/libraries
    cd sites/all/libraries
    git clone .
  3. Download the XMLSecLibs library from
    cd site/all/libraries
    tar xvzf xmlseclibs-1.3.1.tar.gz
  4. Configure the module at admin/config/people/saml_sp.
  5. Enable the Saml SP Drupal Login module, if you want users to be able to automatically log in via Saml SP authentication.

Project information