OpenSSO Single Sign-on Module for Drupal

Drupal is one of the leading open source content management systems – some would say the leading open source CMS. We’ve had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.

It turns out that, thanks to Drupal’s extensibility through modules and OpenSSO’s identity services, it’s pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Sourcealso available via Subversion]. I’m no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user’s OpenSSO profile before setting up the user’s Drupal session.

If there’s sufficient demand, I’ll look at going through the process to contribute this to Drupal under GPL, until then, it’s available under CDDL as an OpenSSO Extension.

12 Replies to “OpenSSO Single Sign-on Module for Drupal”

  1. Great job, Pat!

    Just FYI, drupal has shib_auth module which has many features, including automatic role assignment based on regular expression matching on attributes, and so on. Since Shibboleth SP is pretty much the same as OpenSSO from the application perspective, most of its features can easily be adopted.

  2. Ramoonus – I’ll be taking a look at Joomla/Wordpress in the near future. The tricky bit is figuring out the right extension point that gives me access to the OpenSSO cookie and allows me to log the user in on the fly.

    Adam – I’ll take a look at shib_auth, thanks for the tip! Of course, now that the OpenSSO-related bits are working, anyone with better Drupal/PHP skills than me (99.99% of Drupal hackers!) can build on this initial version.

    Darren – Glad to be of service! 🙂

  3. Awesome work Pat! I may take a look at extending this to support IDP Discovery via XRI. If I get ambitious, I may even work at getting this into a more generalized federated authN module, which i have been fiddling with for a while.

Leave a Reply

Your email address will not be published. Required fields are marked *