SlideShare a Scribd company logo

Single Sign On Across Drupal 8 - DrupalCon Global 2020

I
Iwantha Lekamge

In today’s digitally-driven world, connecting multiple systems is a must for any organization. As organizations use different systems, websites and much more, a single authentication mechanism is highly beneficial.

1 of 30
Download to read offline
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
Single Sign On Across Drupal 8 - DrupalCon Global 2020
Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
Single Sign On Across Drupal 8 - DrupalCon Global 2020
● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
HOW SAML WORKS
STEPS INVOLVED IN SAML
● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
Single Sign On Across Drupal 8 - DrupalCon Global 2020
● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
Single Sign On Across Drupal 8 - DrupalCon Global 2020
● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
Single Sign On Across Drupal 8 - DrupalCon Global 2020
● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
TEST CONFIGURED AUTHENTICATION RESOURCES
● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
FEDERATED LOGIN
OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
.THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge
Ad

Recommended

Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8
Iwantha Lekamge
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured REST
Pradeep Mishra
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Habilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioHabilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuario
André Luiz Cunha
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介
Mori Tetsuya
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
MongoDB
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
Iwantha Lekamge
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OS
Cisco DevNet
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
Dan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
Timothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
CertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdfCertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdf
Dumpcollection
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
Simon Su
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Ad

More Related Content

Similar to Single Sign On Across Drupal 8 - DrupalCon Global 2020 (20)

Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
Dan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
Timothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
CertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdfCertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdf
Dumpcollection
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
Simon Su
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
Dan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
Timothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
CertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdfCertsOut Checkpoint-156-587 exam dumps pdf
CertsOut Checkpoint-156-587 exam dumps pdf
Dumpcollection
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
Simon Su
 

Recently uploaded (20)

Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Ad

Single Sign On Across Drupal 8 - DrupalCon Global 2020

  • 1. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
  • 2. In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
  • 4. Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
  • 5. Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
  • 7. ● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
  • 8. ● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
  • 9. ● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
  • 10. Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
  • 11. ● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
  • 14. ● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
  • 15. ● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
  • 16. ● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
  • 18. ● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
  • 20. ● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
  • 22. ● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
  • 24. ● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
  • 26. OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
  • 27. CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
  • 28. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
  • 29. ● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
  • 30. .THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge