In this story, we’ll go over a use case with WebOps platform Pantheon, and a Drupal 8 site. Pantheon is a fantastic WebOps platform for a Drupal or Wordpress site. It’s deployment system is built. Drupal 8 Contributed modules Drupal Remote Dashboard Platform Integrations While you read this, Drupal has become better than it was a moment ago: every contribution makes a difference. Bohdan Artemchuk, Drupal Ukraine Community co-admin, Drupal Cafe Lutsk leader. Learn industry best practices for Drupal caching, how to take advantage of them on the platform, and troubleshooting common issues with help from the experts at Pantheon. Drupal 8 Performance Configuration Visit /admin/config/development/performance for Drupal's performance settings.
I've been exploring the workflow tools on the pantheon.io platform. This post describes our adventures in getting Drupal8/CiviCRM to work on Pantheon. If you have a pantheon.io account and if you have set up terminus https://pantheon.io/docs/terminus to interact with your pantheon projects then you should be able to follow along!
If you're not on Pantheon the steps are a little easier! First install Drupal - e.g.:
These follow these docs https://docs.civicrm.org/installation/en/latest/drupal8/ for the CiviCRM installation instructions.
1. Install the Drupal8/CiviCRM locally or on another server that you have command line access to
a) Create a designated directory, set your site_name to your project name (my project here is called citius88 -> the url is going to be citius88.ca) . Optional: hook it up to your organization account (if you have one on pantheon.io) and set your favourite region!
Head on over to your pantheon dashboard and you should see your new project! The following steps are required to get it up and functional:
b) Back in the shell on your local workspace: the next step is to remove the Continuous Integration bits. Delete the following directories and files:
c) Modify composer.json:
Remove all dependencies in the require-dev section.
Update the scripts section to remove the lint, code-sniff, and unit-test lines.
d) Modify pantheon.yml
Remove the following section:
e) Prepare for CiviCRM install
In composer.json -> update the requirement for minimum stability to:
f) Pull in CiviCRM! I'm using CiviCRM version 5.24.6 in this example - replace these digits with your favourite CiviCRM version. You can even use dev-master! When trying to composer require everything at once composer complained about memory_limit. I ended up having to set the php memory_limit to 3G! Here I'll describe the steps that work if you have less memory_limit to work with.
g) It's time to beam this up to Pantheon
h) It's time to install Drupal!
i) And now CiviCRM! Because the /sites/default directory is not writable on pantheon after installing Drupal -> we followed this workaround.
j) Visit your Drupal8/CiviCRM site! You'll likely need to clear the usual CiviCRM caches and possibly Drupal caches as well.
2. Setting up a local development environment for your pantheon site.
To bring your local site to live and have the ability to easily pull code, database or files - you can do so by using Lando. Below is a list of the specific tools I use:
- Docker Desktop on Mac: https://docs.docker.com/docker-for-mac/install/
- PhpStorm: https://www.jetbrains.com/phpstorm/
- Lando: https://docs.lando.dev/config/pantheon.html
- Xdebug with PhpStorm and Lando: https://www.drupaleasy.com/blogs/ultimike/2018/01/setting-xdebug-lando-and-phpstorm
Because you'll be switching environments between pantheon and lando the civicrm.settings.php and civicrm.settings.inc files from the original roundearth projects are super handy!
Thusfar, the only small edits I made to the civicrm.settings.inc are:
Let’s say that you have a collection of sites and instead of having a separate user database on each one, you want to manage logins from one centralized place, this is in essence what single sign-on means.
There are a number of articles detailing how to implement the SAML 2.0 protocol, but if you want to host your site on Pantheon and use Drupal 8 as your identity provider, there are a few details to take in account.
What we were able achieve in the end, is a Drupal 8 site working as the identity provider and a ASP.NET site working as the service provider, that’s the best part about SAML, both sites don’t need to be written on the same language. You could even connect your IdP with Google Apps.
1. Have a working Drupal 8 site.
2. Download the latest version of SimpleSamlPHP.
3. Download the Drupal module saml_idp (you’ll notice that this repo is a fork of this one this is because there were some changes necessary to make it work which are described here.)
The following tutorial assumes that you are on a linux based computer or a Mac.
Setting up SimpleSAMLphp
1-Place SimpleSAMLphp inside a /private folder
so the path is /private/simplesamlphp
In my case I also installed Drupal on the web subdirectory in order to have a cleaner structure.
2- Create a symlink on your project root
from /simplesaml to /private/simplesamlphp/www
Your project structure should be as follow:
3- Add a virtual host for your project:
Replace /var/www/myproject_com with your project folder location and local.myproject.com with your desired local domain name. Take in account that you’ll need mod_rewrite to be enabled. You’ll probably want to change the ErrorLog and CustomLog files locations as well.
4- Go to your drupal site and enable the saml_idp module
After this create the subdirectory /private/simplesamlphp/drupalauth and create an empty file with the name ‘default_enable’ in that directory in order to enable the Drupal 8 integration. You can also do this with Drush executing
5- Copy the folder
/simplesamlphp/config-templates to /simplesamlphp/config and edit config.php
6- Ensure SimpleSAMLphp can keep sessions on Pantheon.
Add the following lines to the top of config.php:
7- Set up the rest of Pantheon specific settings.
Add the following last at the bottom of config.php:
8- Change the following values on the same file (config.php):
A. technicalcontact_name and technicalcontact_email
B. secretsalt place any random hash here.
C. If you want the simpleSAMLphp administration page to be password protected, put the password you want to use on auth.adminpassword and change the values of admin.protectindexpage and admin.protectmetadata to true.
D. Put all the domains where this will be used on trusted.url.domains for instance array(local.myproject.com, dev.myproject.com, www.myproject.com)
E. enable.saml20-idp to true
F. store.type to ‘sql’
G. store.sql.dsn set your database connection string, for instance: ‘mysql:host=localhost;dbname=my_drupal_db’
H. store.sql.username and store.sql.password to your database credentials. This is just for your local machine, when this is running on Pantheon, these settings will be overwritten by the point 7 above.
9- Edit authsources.php and add the following below ‘default-sp’ block:
And at the end of the same file:
10- Set up the IdP and SP metadata configuration:
A- Copy the files saml20-idp-hosted.php and saml20-sp-remote.php from /private/simplesamlphp/metadata-templates to /private/simplesamlphp/metadata
B- saml20-sp-remote.php contains your service provider settings, this is the site that will authenticate against this IdP, this metadata should be generated from the SP itself and will look something like this:
C- Edit saml20-idp-hosted.php and change auth to drupal-userpass and below that put the following block:
‘Format’ will depend on your SP settings, in this case is using ‘uri’ which is the most common, but it could also be set as ‘unspecified’ or any other supported format, for instance: ‘urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified’
11- Now you need to create the certificate that will be used, this is a simply process:
First create the directory /private/simplesamlphp/cert and then open the console, go to that directory and execute:
12- In order for simpleSAMLphp to connect with the drupal module without issues, I had to edit /private/simplesamlphp/composer.json and add the saml_idp source folder to the autoload list:
Inside the ‘autoload’ section add
Once this is done refresh the autoload files from the console executing composer dump-autoload in the same directory.
12- Edit your Drupal settings.php so the Drupal module can locate SimpleSAMLphp:
This is it, if all went well you should see the simpleSAMLphp admin screen on your browser now:
You can test your IdP directly from there going to ‘authentication’ > ‘Test configured authentication sources’ Affinity photo download.
You can test your IdP directly from there going to ‘authentication’ > ‘Test configured authentication sources’
Resources and troubleshooting: