Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

25Jul/099

OpenSSO Single Sign-on Module for Drupal

Drupal is one of the leading open source content management systems - some would say the leading open source CMS. We've had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.

It turns out that, thanks to Drupal's extensibility through modules and OpenSSO's identity services, it's pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Source - also available via Subversion]. I'm no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user's OpenSSO profile before setting up the user's Drupal session.

If there's sufficient demand, I'll look at going through the process to contribute this to Drupal under GPL, until then, it's available under CDDL as an OpenSSO Extension.

Filed under: OpenSSO Leave a comment
Comments (9) Trackbacks (3)
  1. Can`t wait for a WordPress or Joomla OpenSSO plugin…

  2. Great job, Pat!

    Just FYI, drupal has shib_auth module which has many features, including automatic role assignment based on regular expression matching on attributes, and so on. Since Shibboleth SP is pretty much the same as OpenSSO from the application perspective, most of its features can easily be adopted.

  3. Ah, excellent. We are rolling out OpenSSO and drupal over the net from months. This may well save us some effort :)

    Cheers!

  4. Ramoonus – I’ll be taking a look at Joomla/Wordpress in the near future. The tricky bit is figuring out the right extension point that gives me access to the OpenSSO cookie and allows me to log the user in on the fly.

    Adam – I’ll take a look at shib_auth, thanks for the tip! Of course, now that the OpenSSO-related bits are working, anyone with better Drupal/PHP skills than me (99.99% of Drupal hackers!) can build on this initial version.

    Darren – Glad to be of service! :-)

  5. Thank you very much!
    I will be testing it straight away!

  6. Awesome work Pat! I may take a look at extending this to support IDP Discovery via XRI. If I get ambitious, I may even work at getting this into a more generalized federated authN module, which i have been fiddling with for a while.

  7. Hi Wim – thanks for the heads-up! Actually, an even better link is http://java.net/projects/opensso/sources/svn/show/trunk/extensions/drupalmodule – I’ll update the blog entry now.


Leave a comment