Don’t Let SimpleSAMLphp Block Your Drupal Upgrade

At the root of the problem is Symfony. The SimpleSAMLphp library and its corresponding Drupal module depend on Symfony versions that collide with those used by Drupal core. As a result, sites that use SimpleSAMLphp cannot move to Drupal 11 without removing this dependency or waiting for upstream changes.

Robert suggests replacing SimpleSAMLphp with the SAML Authentication module, which uses the OneLogin SAML toolkit and integrates cleanly with Drupal without creating dependency issues. A sandbox helper module created by Jay Beaton is also available to assist with configuration migration between the two modules.

The guide walks through composer setup, configuration mapping, and common caveats related to environment-specific settings. While SAML Authentication simplifies many aspects of configuration, it does not support remote certificate linking, which may require users to manually manage certificate files within their deployment directories.

Robert also discusses testing challenges specific to hosting environments. On Pantheon, for example, native routing prevents the helper module from intercepting test URLs. The guide recommends local DNS overrides for testing under these conditions. On other platforms, such as Acquia and Platform.sh (now Upsun), the helper module performs as expected.

After configuration is complete, teams must review any custom code that depends on SimpleSAMLphp. Function calls and hooks related to authentication must be updated to use the event‑based system provided by SAML Authentication. Robert includes examples for adapting service calls and event subscribers to complete the migration.