Mapping

This is one of the most important tabs of this plugin. It includes 2 features :

  • Attribute Mapping
    This feature can be used to map user attributes coming from Identity Provider with Drupal's user details.
    It provides the feature to map attributes like Username Attribute, Email Attribute. While auto registering the users in your Drupal site, these attributes will automatically get mapped to your Drupal user details.

  • Role Mapping
    This feature can be used to map different Drupal roles to different users based on their IDP roles/groups.
    This feature also allows managing single sign-on (sso) for users based on their roles/groups.

Attribute Mapping

Attributes are the user details that are stored in your Identity Providers. Attribute Mapping helps you to get user attributes from your IdP and map them to Drupal user attributes.

  • This feature can be used to map user attributes coming from Identity Provider with Drupal user details.

  • It provides the feature to map attributes like Username Attribute, Email Attribute. While auto registering the users in your Drupal site, these attributes will automatically get mapped to your Drupal user details.

  • You can see Username and Email are must. While auto registering the users in your Drupal site, these attributes will automatically get mapped to your Drupal user details.

    Drupal SAML single sign on Attribute mapping

  • Users also perform the Custom Attribute Mapping. Click on Add custom Attributes button to perform more than one mapping.

  • It provides an additional feature to Add Custom Attributes which means users can Add extra IdP attributes which they wanted to be included in their user profile.

    Drupal SAML single sign on Add Custom Attribute Mapping

  • Suppose, if you want to add attributes like Phone no., City, State, Department etc., you will simply have to add attributes and map them from Identity Provider.

  • In the below given image, it shows the attributes which are sent from the Identity Provider in the form of response.

Drupal SAML single sign on Add Attribute Value

  • If you want to map these attributes on your Drupal site, you just have to go to Add Custom Attributes and add those attributes by providing the attribute names from the IdP and give your names by which you want to store those attributes, selecting from the dropdown.

Drupal SAML single sign on Add Custom Attribute Mapping

Role Mapping

  • Role Mapping is created to assign roles to users based on their SAML attributes. Through this, the particular role will be assigned to users once they meet the specified conditions when logging into Drupal via authentication.

  • This feature can be used to map different Drupal roles to different users based on their IDP roles/groups.

  • This feature allows you to provide user capabilities based on their IdP attribute values.

  • Click on enable Role Mapping checkbox. You can select default group for new users.

  • Drupal has 2 pre-defined roles :

    • Authenticated user.
    • Administrator.

    Drupal SAML single sign on pre defined users

  • Your custom roles, if added any, will also be displayed in the role mapping section.To use this feature you have to map a Group/Role coming from your IdP in the Group/Role field.

  • In Role Key field you have to fill in The Attribute Name . Select SP Role from the dropdown and fill in corresponding IdP Role reflecting different values regarding that Role key / Attribute Name.

  • Click on the Save Configuration Button.

    Drupal SAML single sign on Custom Role Mapping