SlideShare a Scribd company logo

Single Sign On Across Drupal 8 - DrupalCon Global 2020

I
Iwantha Lekamge

In today’s digitally-driven world, connecting multiple systems is a must for any organization. As organizations use different systems, websites and much more, a single authentication mechanism is highly beneficial.

Technology
1 of 30
Download to read offline
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
HOW SAML WORKS
STEPS INVOLVED IN SAML
● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
TEST CONFIGURED AUTHENTICATION RESOURCES
● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
FEDERATED LOGIN
OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
.THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge

Recommended

Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTPradeep Mishra
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Habilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioHabilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioAndré Luiz Cunha
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Mori Tetsuya
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 

Recommended

Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTPradeep Mishra
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightningwremes
 
Habilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioHabilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioAndré Luiz Cunha
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Mori Tetsuya
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerCisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity ManagementInSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationDan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentKurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartITimothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basicsJuan Vicente Herrera Ruiz de Alejo
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwaresWorteks
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11Richard Conway
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11clarendonint
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例Simon Su
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

More Related Content

Similar to Single Sign On Across Drupal 8 - DrupalCon Global 2020

Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerCisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity ManagementInSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10Peter McLarty
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationDan Barr
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentKurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartITimothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An IntroductionForgeRock
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwaresWorteks
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11Richard Conway
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11clarendonint
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例Simon Su
 

Similar to Single Sign On Across Drupal 8 - DrupalCon Global 2020 (20)

Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Single Sign On Across Drupal 8 - DrupalCon Global 2020

  • 1. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
  • 2. In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
  • 3.
  • 4. Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
  • 5. Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
  • 6.
  • 7. ● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
  • 8. ● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
  • 9. ● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
  • 10. Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
  • 11. ● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
  • 14. ● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
  • 15. ● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
  • 16. ● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
  • 17.
  • 18. ● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
  • 19.
  • 20. ● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
  • 21.
  • 22. ● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
  • 24. ● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
  • 26. OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
  • 27. CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
  • 28. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
  • 29. ● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
  • 30. .THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge