SAML and JWT for SSO as part of Enterprise Drupal implementations

For all the many use cases that Drupal serves in the Enterprise, be it Central Content Hub, Marketing Portal, Learning Platforms and such, the one requirement that is part of each of these implementation is SAML SSO implementation. SAML/JWT implementation, helps to integrate the existing authentication mechanism within the Enterprise to the Drupal platform to create an SSO. An Editor/User can use his existing enterprise login credentials to logon to Drupal.

 

Single Sign-On is "a property of access control of multiple related, but independent software systems". In this context, Drupal is most often the service provider, the system on which the user wishes to access resources that may be restricted based on the user's identity (roles, permissions, per user access control etc). Note that SSO is different than OpenID, Facebook Connect, etc that simply provide the authentication mechanism with which a login attempt on a site that uses these technologies will be processed. With SSO, a user, once logged in on one of the cooperating sites, is immediately logged in on the others site as well. SAML/JWT protocol for SSO is the standard today.

 

The aim of this session will be to:

 

  1. Introduction to SSO and the various terminologies

  2. Introduction to SAML/JWT

  3. Different types of SAML/JWT implementations, Cloud services

  4. Advanced topics like Configuration Templates, Authentication methods, Metadata Templates & Specific Mechanisms for JWT

  5. Real life scenarios, managing users, roles, user data and more...

  6. Typical challenges in implementing SAML and JWT Solutions

  7. A live demo of how to configure Drupal 8 site both as Service Provider (SP), Identity Provider (IDP) and JWT implementations.

 

We wish to share with you our learnings over the last year, implementing varied SSO solutions for the enterprise using SAML/JWT. At the end of the session, you will be able to install and configure SAML/JWT with Drupal 8 and create your SSO network.