Online Help

SafeNet Trusted Access for Drupal

Overview

Configuring SafeNet Trusted Access for Drupal is a three-step process:

1.Drupal setup

2.SafeNet Trusted Access setup

3.Verify Authentication

Drupal Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking on the Download metadata file button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Drupal:

1.In a web browser, open the following URL to download the SimpleSAMLphp module(in the .zip format):

https://simplesamlphp.org/download

2.Extract the SimpleSAMLphp package that you download in previous step in the /var directory, and then rename it to simplesamlphp.

3.In the /etc/httpd/conf directory, open the httpd.conf file, and then add the following content at the end of the file:

<VirtualHost *:80>
ServerName <IP/FQDN of Drupal Machine where your simplesamlphp package is installed>
DocumentRoot /var/www/html/
Alias /simplesaml /var/simplesamlphp/www
<Directory /var/simplesamlphp/www>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
 
 

4.Save the httpd.conf file.

5.If SELinux is running on the server, run the following command to change the security context of SimpleSAMLphp:

chcon -Rt httpd_sys_content_t /var/simplesamlphp/

6.Log into MySQL (which you already installed) as a root account, and then run the following command to create a database:

CREATE DATABASE <Database name>;

7.In the /var/simplesamlphp/config directory, open the config.php file.

8.In the config.php file, search and modify the following parameters:

Field Value to be Set
baseurlpath

Enter the following base URL for simplesamlphp.

http://<IP/FQDN of server:port>/simplesaml/

 

Where,

<IP/FQDN of server> is the server IP/FQDN, where simplesamlphp module is deployed.

<port> is 80 for http, 443 for https.

auth.adminpassword

Enter the administrator password that is required to access

your simpleSAMLphp module web interface.

secretsalt

Enter a random string.

To generate the random string, you need to open a duplicate terminal on the same machine and then run the following command:

tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz'</dev/urandom | dd bs=32 count=1 2>/dev/null;echo

store.type Enter sql as the store type.
store.sql.dsn

Enter 'mysql:host=<Hostname/IP Address of your MySQL server>;dbname=<Database name>'

 

Where, <Datebase name> is the name of the database (for example, drupal) that you created eariler in step 6 of this section".

store.sql.username

Enter the MySQL username.

store.sql.password

Enter the MySQL password.

 
 

9.Save the config.php file.

10.Restart the apache server (already installed on the machine) using the following command:

service httpd restart

11.In a web browser, open the following simplesamlphp URL:

http://<IP/FQDN of server:port>/simplesaml

If simplesamlphp is successfully installed, the simpleSAMLphp installation page window is displayed.

Configure SimpleSAMLphp as a Service Provider

Perform the following steps to configure SimpleSAMLphp as a Service Provider:

1.In the /var/simplesamlphp/config directory, open the authsources.php file.

2.In the the authsources.php file, search, and then modify the following parameters:

Field Value to be Set
entityID

Enter an entity ID for SimpleSAMLphp.

For example:

http://<IP/FQDN of Drupal Server>/instance

idp

Enter the Entity ID that is provided on the SafeNet Trusted Access console.

You can copy the entity ID by clicking on the Copy to Clipboard icon available next to the Entity ID field.

3.After the idp parameter that you modified in the previous step, add the following line :

‘NameIDPolicy’ => ‘urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress’

4.In a web browser, open the following URL:

http://<IP/FQDN of server>/simplesaml/admin/metadata-converter.php

5.The Metadata parser window is displayed. Click Choose File to search for and select the the metadata file that you downloaded earlier from the SafeNet Trusted Access console.

6.On the Converted metadata window, copy the converted metadata.

 

7.Paste the metadata in the notepad and then save it on your local machine.

8.Open the metatadata file that you saved in the previous step, and then copy the entire content of the file.

9.In the /var/simplesamlphp/metadata directory, open the saml20-idp-remote.php file, and then paste the entire content that you copied in the previous step.

Configure Drupal for SAML Authentication

Perform the following steps to configure Drupal for SAML authentication:

1.In a web browser, open the following URL to download the simplesamlphp_auth module:

https://www.drupal.org/project/simplesamlphp_auth

The simplesamlphp_auth module is used to integrate drupal with the SimpleSAMLphp service provider.

2.Extract the simplesamlphp_auth package that you download in the previous step and then move it into the Drupal modules directory (../Drupal/modules).

3.In a web browser, open the Drupal URL (For example: http://testdrupal.com), and then log in to Drupal as an administrator.

4.On the Drupal home page, click the Modules tab.

5.At the bottom of the page, under OTHER, enable the simpleSAMLphp authentication module, and then click Save configuration.

 

6.On the Configuration tab, under PEOPLE, click SimpleSAMLphp Auth Settings.

7.Under People, under BASIC SETUP, complete the following fields:

Field Value to be Set
Activate authentication via SimpleSAMLphp

Select this option to enable SAML authentication.

Installation directory

Enter the complete path of the simplesamlphp directory if simplesamlphp is installed at a location other than the default location (/var/simplesamlphp).

8.Under USER INFO AND SYNCING, complete the following fields:

Field Value to be Set
Which attribute from simpleSAMLphp should be used as user's name

Enter

http://schemas.xmlsoap.org/claims/CommonName

Which attribute from simpleSAMLphp should be used as unique identifier for the usery

Enter

http://schemas.microsoft.com/ws/2008/06/identity/claims

/uid

Which attribute from simpleSAMLphp should be used as user mail address (Optional) Enter http://schemas.xmlsoap.org/claims/EmailAddress
 

9.Expand USER PROVIONING and then select Register Users (i.e., auto-provisioning).

10.Expand DRUPAL AUTHENTICATION, and then perform the following configuration:

Field Value to be Set
Allow SAML users to set Drupal passwords

Select this option if you want to allow SAML users to set Drupal password.

Allow authentication with local Drupal accounts

Select this option if you do not want to enforce SAML authentication for users.

 
 

11.Click Save configuration.

12.In the /var/simplesamlphp/cert directory, copy the PEM Certificate (for example, my.pem file), and save it in your local machine.

Obtaining Metadata

In a web browser, open the following URL to download the Drupal metadata:

http://<IP Address or FQDN of Drupal Server>/simplesaml/module.php/saml/sp/metadata.php/default

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Drupal, the second step is to activate the Drupal application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Drupal application that you added previously is currently in inactive state by default. To configure and activate this application, click the application (for example, Drupal) and proceed to the next step.

2.Under STA Setup, click Upload Drupal Metadata.

3.On the Metadata upload window, click Browse to search and select the Drupal metadata that you obtained earlier in the Obtaining Metadata section.

4.Under Account Details, the service provider metadata information is displayed.

 

5.Click Save Configuration to save the details and activate the Drupal application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Drupal URL, https://<IP Address or FQDN of drupal server>/default, click Federated Log In. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Drupal user account after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Drupal application icon, you should be redirected to the Drupal user account after authentication.

 

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.