SlideShare a Scribd company logo

Single Sign On Across Drupal 8 - DrupalCon Global 2020

I
Iwantha Lekamge

In today’s digitally-driven world, connecting multiple systems is a must for any organization. As organizations use different systems, websites and much more, a single authentication mechanism is highly beneficial.

Technology
1 of 30
Download to read offline
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
HOW SAML WORKS
STEPS INVOLVED IN SAML
● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
TEST CONFIGURED AUTHENTICATION RESOURCES
● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
FEDERATED LOGIN
OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
.THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge

Recommended

Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8
Iwantha Lekamge
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured REST
Pradeep Mishra
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Habilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioHabilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuario
André Luiz Cunha
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介
Mori Tetsuya
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
MongoDB
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
Iwantha Lekamge
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OS
Cisco DevNet
 

Recommended

Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8
Iwantha Lekamge
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured REST
Pradeep Mishra
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Habilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuarioHabilitar auditoria no office 365 por usuario
Habilitar auditoria no office 365 por usuario
André Luiz Cunha
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介
Mori Tetsuya
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
MongoDB
 
Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8Open source wso2 identity server sso with drupal 8
Open source wso2 identity server sso with drupal 8
Iwantha Lekamge
 
Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OS
Cisco DevNet
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
Dan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
Timothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
Leadex Systems
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
Simon Su
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 

More Related Content

Similar to Single Sign On Across Drupal 8 - DrupalCon Global 2020

Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
Tomislav Lulic
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
Takeshi Matsuzaki
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
Dan Barr
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
Jon Petter Hjulstad
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
Timothy Chen
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
ForgeRock
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
Leadex Systems
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
Worteks
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
Richard Conway
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Jim Czuprynski
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
Simon Su
 

Similar to Single Sign On Across Drupal 8 - DrupalCon Global 2020 (20)

Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
 
Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?Što danas zamjenjuje Small Business Server?
Što danas zamjenjuje Small Business Server?
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
 
Moodle + Adobe Connect
Moodle + Adobe Connect Moodle + Adobe Connect
Moodle + Adobe Connect
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
PSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS PresentationPSU Security Conference 2015 - LAPS Presentation
PSU Security Conference 2015 - LAPS Presentation
 
Booting Weblogic - OOW14
Booting Weblogic - OOW14Booting Weblogic - OOW14
Booting Weblogic - OOW14
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
 
OpenIDM: An Introduction
OpenIDM: An IntroductionOpenIDM: An Introduction
OpenIDM: An Introduction
 
Keycloak SSO basics
Keycloak SSO basicsKeycloak SSO basics
Keycloak SSO basics
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
[OW2con'21] Hosting Identity in the Cloud with OW2 free softwares
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
Autonomous Transaction Processing (ATP): In Heavy Traffic, Why Drive Stick?
 
Cloud api之應用與實例
Cloud api之應用與實例Cloud api之應用與實例
Cloud api之應用與實例
 

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Single Sign On Across Drupal 8 - DrupalCon Global 2020

  • 1. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2
  • 2. In today’s digitized world, connecting its systems is a must for any organization. DIGITALLY DRIVEN WORLD
  • 3.
  • 4. Given the number of systems, websites, and more, having a single authentication mechanism across all systems is highly beneficial. AUTHENTICATION
  • 5. Single Sign-On (SSO) is a user authentication service that permits a user to use one set of login credentials (for example, their name and password) to access multiple systems. WHAT IS SSO?
  • 6.
  • 7. ● Same user credentials used for multiple systems to simplify login benefits ● Automatic login to federated systems ● Single logout system (SLO) BENEFITS
  • 8. ● Centralized system to manage users and roles ● Lower operational costs ● Easy migration and configuration with a new system WHY ORGANIZATIONS NEED SSO
  • 9. ● SAML 2.0 ● WS-Federation ● WS-Trust ● OAuth 2.0 ● OpenID Connect ● SCIM SSO STANDARDS
  • 10. Security Assertion Markup Language (SAML) is an XML-based data format for exchanging authentication and authorization data between an identity provider and a service provider. SAML
  • 11. ● Identity Provider (IdP) The SAML authority that provides the identity assertion to authenticate a user ● Service Provider (SP) The SAML consumer that provides the service for users PROVIDERS
  • 14. ● SimpleSAMLphp Library ● Drupal 8 instances ● SimpleSAMLphp_auth Drupal module REQUIREMENTS
  • 15. ● Two Drupal instances ● One instance as SP ● Other instance as IdP SETTING UP SP AND IDP
  • 16. ● Set up a SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Configure config.php ● Generate certificates (Run this command inside cert folder) openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem SERVICE PROVIDER CONFIGURATIONS
  • 17.
  • 18. ● Set up SimpleSAMLphp library inside the docroot of the Drupal ● Create a symlink and update the .htaccess file ● Update config.php 'enable.saml20-idp' => true ● Enable exampleauth module cd modules/exampleauth touch enable ● Configure authsources.php IDP CONFIGURATIONS
  • 19.
  • 20. ● Generate certificates (Run this command inside cert folder) cd cert openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out server.crt -keyout server.pem ● SAML 2.0 IdP needs to be configured by the metadata stored in metadata/saml20-idp-hosted.php metadata/saml20-idp-hosted.php VERIFYING THE IDP
  • 21.
  • 22. ● Copy IdP metadata to the metadata/saml20-idp-remote.php file of the SP ● Copy SP metadata to the metadata/saml20-sp-remote.php file of the IdP ● Configure Service Provider with the IdP name METADATA
  • 24. ● Download and install the module ● Check ‘Activate authenticate via SimpleSAMLphp’ (Basic settings) ● Change ‘User info and Syncing’ ○ uid as the unique identifier for the user ○ uid as the username for the user ○ email as the email address for the user SIMPLESAMLPHP_AUTH MODULE
  • 26. OPEN SOURCE SSO ● Aerobase ● CAS ● Keycloak ● Shibboleth ● WSO2 Identity Server
  • 27. CONNECT WITH WSO2 IDENTITY SERVER ● Download WSO2 Identity Server ● Run/bin/wso2server.sh on terminal ● Open https://localhost:9443/carbon/ in web browser ● Login to the system ○ Username: admin ○ Password: admin
  • 28. SSO .SINGLE SIGN ON ACROSS DRUPAL 8. DEMONSTRATION
  • 29. ● https://medium.com/@iwantha/single-sign-on-across-drupal-8-e42db6a2e7f ● https://medium.com/@iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20 ● https://github.com/simplesamlphp/simplesamlphp ● https://www.drupal.org/project/simplesamlphp_auth ● https://wso2.com/identity-and-access-management RESOURCES
  • 30. .THANK YOU. I w a n t h a L e k a m g e | A s s o c i a t e T e c h n i c a l L e a d | W S O 2 E m a i l : i w a n t h a @ w s o 2 . c o m https://medium.com/@iwantha https://www.linkedin.com/in/iwantha-lekamge-5b90b629/ https://twitter.com/IwanthaLekamge