Secure SSO with Drupal

SimpleSAMLphp in Drupal is great, but documentation around a secure setup is lacking. So, here's that.

tldr;

1. Set a SIMPLESAMLPHP_CONFIG_DIR environment variable to point to a committed config directory (typically, I set it to config/simplesaml/config).
2. In that config directory, copy the the appropriate template config files with the sensitive data set to look at environment variables (e.g. Replace the original saml20-idp-remote.php hash value with getenv('SIMEPLE_SAML_METADATA_CERT_KEY')).
3. supply saml.crt and saml.pem SSL uncommitted certs to the certdir configured in config/simplesamlphp/config/config.php.