Has anyone gotten SSO to work with Acquia's platform?

Has anyone gotten SSO to work with Acquia's platform?

6 posts / 0 new
Last post
lorcz@uwec.edu's picture
lorcz
Points: 3
Has anyone gotten SSO to work with Acquia's platform?

Has anyone gotten single sign on using simplesamlphp to work with Acquia's platform? I kept getting the error "This site can’t be reached dev.example.com unexpectedly closed the connection." when tried to login with the local drupal admin account. With any other domain user, simplesamlphp_auth would failed to authenticate with "Unrecognized username or password." It seemed that login to /saml_login/ should redirect to our IdP shibboleth authentication but it's not. Instead it redirects to /user/login/ for login.

I've created the issue in Drupal module simplesamlphp_auth.

Status: 
Unresolved
dmyburgh's picture
david.myburgh
Points: 99

Afaik, simplesaml won't work on a local setup. We have it running on a site on Acquia and I have to disable it when I work locally.

lorcz@uwec.edu's picture
lorcz
Points: 3

Thank you for the response. I am testing on Acquia's platform and it's not working. When I type in mysitedev.prod.acquia-sites.com/saml_login it suppose to redirect me to our on-prem authentication, correct? If so, our is not even doing that. Will you give me some advice as to how I would go about troubleshooting this issue? Thanks a bunch!

dmyburgh's picture
david.myburgh
Points: 99

Unfortunately I don't have access to the setup for this. Our setup redirects to a centralized login system called Okta. We seem to redirect user/login to / and I think saml will have a place to send the login in its settings.

lorcz@uwec.edu's picture
lorcz
Points: 3

All the instructions I've found and provided by Acquia have similar settings to this and I think this could be the issue but I just couldn't get it to work. The users in our AD would end up with a "Unrecognized username or password" because and I believed, it's not passed to our shibboleth authentication; thus the message.

$config['simplesamlphp_auth.settings'] = [
// Basic settings.
'activate' => TRUE, // Enable or Disable SAML login.
'auth_source' => 'default-sp',
'login_link_display_name' => 'Login with your SSO account',
'register_users' => TRUE,
'debug' => FALSE,
// Local authentication.
'allow' => [
'default_login' => TRUE,
'set_drupal_pwd' => TRUE,
'default_login_users' => '',
'default_login_roles' => [
'authenticated' => FALSE,
'administrator' => 'administrator',
],
],
'logout_goto_url' => '',
// User info and syncing.g
// `unique_id` is specified in Transient format, otherwise this should be `UPN`
// Please talk to your SSO adminsitrators about which format you should be using.
'unique_id' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
'user_name' => 'uid',
'mail_attr' => 'mail',
'sync' => [
'mail' => FALSE,
'user_name' => FALSE,
],
];

Status Change: 
Unresolved
lorcz@uwec.edu's picture
lorcz
Points: 3

This documentation from Acquia is also very similar to the documentation they provided me but none of them helped me to get it working. This is another very good step by step instruction but it seemed somewhere in my settings/configuration is not quite right. I am able to authenticate/verify via mysitedev.prod.acquia-sites.com/simplesaml but not when I tried mysitedev.prod.acquia-sites.com/saml_login.

Hopefully someone is able to help me out. Thanks!