Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Configure the module as a Service Provider (SP)

On the Service Provider Setup tab of the module, you can add third-party identity providers (IdP), such as Azure AD, Okta, ADFS, and Salesforce so that users can log in to Drupal using their IdP credentials. For detailed instructions to configure your IdPs, you can refer to this guide.

Available Options:

Identity Provider Name: The name of your Identity Provider (IdP) such as Okta, ADFS, Google, etc.
IdP Entity ID or Issuer: It is the identifier used by the ServiceProvider to uniquely identify the Identity Provider. You can find the EntityID in Your IdP-Metadata XML file enclosed in the EntityDescriptor tag having the attribute as entityID.
NameID Format: NameID Format decides how the users at identity providers are mapped to users at service providers during single sign-on. Possible formats of the NameID are
a. urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
b. urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
c. urn:oasis:names:tc:SAML:2.0:nameid-format:transient
d. urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
e. urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
f. urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
HTTP Binding of SSO Request:

The HTTP binding defines how the SAML request is transmitted to the identity provider. There are two types of HTTP bindings for SSO request in SAML: HTTP Redirect binding and HTTP POST binding. The HTTP binding used for the SAML request should be supported by both the service provider and the identity provider.
- HTTP-Redirect Binding: In the HTTP Redirect binding, the SAML request is encoded as a URL parameter and sent as an HTTP redirect response from the service provider to the identity provider. The length of the SAML request by this binding type is limited by the maximum length of the URL that the browser can handle.
- HTTP POST Binding: In the HTTP POST binding, the SAML request is sent as an HTTP POST request from the service provider to the identity provider. The advantage of this binding is that it can handle larger SAML request messages as the message is not limited by the URL length. Also, the SAML request is hidden from the user and not visible in the browser's address bar.

SAML Login URL: It is the URL of the Identity Provider that a Service Provider uses to initiate the Single Sign-On (SSO) process. You can find the SAML Login URL in Your IdP-Metadata XML file enclosed in the SingleSignOnService tag.
HTTP Binding of SLO Request: It defines how the SAML Logout request is transmitted over HTTP to the identity provider. For more information, you can refer to the HTTP Binding of SSO Request mentioned above.
SAML Logout URL: The SAML logout request is sent to this URL by the service provider. You can find the SAML Logout URL in Your IdP-Metadata XML file enclosed in the SingleLogoutService tag.
X.509 Certificate: The X.509 certificate of the Identity Provider (IdP) is used for secure communication and to establish trust between the IdP and the Service Provider (SP). This certificate is used to sign SAML assertions and responses, as well as to encrypt sensitive data.
Signature algorithm: The signature algorithm in SAML is used to sign SAML requests. The signature algorithm used by the signer must be supported by the IdP iin order for the message to be successfully verified. The following signature algorithms are supported by the module:
- SHA256
- SHA384
- SHA512
- SHA1

Before you begin you should have your Identity Providers (IdP) metadata.
Navigate to the Service Provider Setup tab of the module.
Provide your Ide Identity Providers (IdP) metadata by
- Uploading metadata file: Go to the Upload IDP Metadata > Upload Metadata file and click on the Upload button.
- Uploading Metadata URL: Go to the Upload IDP Metadata > Upload Metadata URL and click on the Fetch Metadata button.
- Manual Configuration: With this option, you can manually enter your IdP metadata in the appropriate form fields on the same tab.
After entering metadata scroll down to the bottom and click on the Save Configuration button.
To ensure that your configuration is correct click on the Test Configuration button at the bottom of the page. You will see a success message in the test configuration window if your configurations are correct.

On the same tab, you can find additional settings at the bottom of the page. This will allow you to configure some additional functionalities
- Sign SSO and SLO SAML Request: Enable this option if you want to sign your SSO and SLO requests.
- Enable login with SAML: You should enable this option if you want to perform SSO with this module. This option creates an SSO link on the user login form of Drupal. You may uncheck this option if you want to disable SSO authentication.
- Character Encoding: If you are getting an error due to the character encoding of the certificate then by enabling this option your X.509 certificate is converted into the correct encoding.

If you get an error message on the test configuration window, there might be an error during SSO. You can use the following methods to debug your issue.
- Read the error message on the test configuration window and make changes to the configuration accordingly.
- You can click on the SAML Request and SAML Response buttons at the bottom to check the parameters in the SAML request and response.
- If you are unable to debug your issue please contact us at drupalsupport@xecurify.com. We are happy to assist you.