Single Sign on solutions?
dovry - September 20, 2007 - 07:49
Hello all,
I would like to integrate drupal with some existing applications I am maintaining. The big problem is that all of these have their own authentication scheme and code. So basically I have x applications requiring the user to log in at all of them! Are there any SSO solutions in drupal that works with non-drupal code (i.e. include files, code snippets one can use), so that it is possible to log in and authenticate at one place only?
Thanks for your help!
Facebook sign on/authenticated session
Along the same lines, has anybody figured out how to authenticate through facebook *either direction is fine*
Or since D6.0 utilizes OpenID, maybe one should think about OpenID with facebook? *then its not so relevant a discussion here, I know:) *
Any thoughts?
-- willing to compensate coder to create facebook/d5.* single sign-on, pls contact me
Kien M Lee
ThePopulus.net | Empowering Common People to Champion Common Causes
dignitas@thePopulus.net
+1.212.433.0632 NY
Yes
Yes, there are many.
Thanks for your reply and
Thanks for your reply and pointer, but from the listing, it looks like it is either public SSO services relying on interaction w/remote servers, or different solutions to log on several drupal sites at once. What I need, is simply to unify user tables and authentication code, so that I can reuse the same infrastructure across several applications - including drupal. Is it possible?
code examples
I was thinking of something along these lines
1) user logs in on drupal - session is established etc
2) all other pages external to drupal include code to check for valid login session
something like this
<?
include_once('/path/to/drupal/drupal_check_login.inc');
if (!is_drupal_logged_in()) {
// redirect to login
} else {
// OK!
}
?>
...possible?
XML
I don't know of any that work as you described. Your proposed solution would require that everything be on the same server, which often isn't possible, and if implemented properly (i.e. bootstrapping the Drupal API) could result in PHP namespace collisions in your "child" app.
The technique I've used is a REST interface. Plant an encrypted cookie containing a username plus some authentication tokens, then write code for the "child" app that reads the cookie, decrypts, and submits an auth request to Drupal using CURL and XML.
Everything on the Drupal side can be done with a dozen or so lines of code in a single module. The client side should be even shorter.
Or you could do the REST part using XMLRPC and one of the supported blogging protocols.
http://api.drupal.org/api/file/modules/blogapi/blogapi.module/5
curl
Thanks for your help!
As as understand it, using CURL and/or xmlrpc calls, would mean using server-to-server authentication and would not let the client establish a separate session with drupal and/or the other app? BTW My envisioned unified app would most likely exist on a single server.
If I set an encrypted cookie on login to the other app, would it be easy to hook into the drupal login stack so that the drupal session can be set according to the cookie, thereby avoiding the need for separate login?
From a quick look at the code it looks like I could modify the following function to get login info from a cookie instead of the form values. (The best would of course be to implement this as a module, but that might take more work :-) )
function user_login_validate($form_id, $form_values) {
// ** change $form_values if cookie is present**
if ($form_values['name']) {
found a solution
I found a solution by examining the session code more closely.
On login to the other system, I simply do an INSERT in the drupal session table with user and session info from the 'foreign' app, so that the sessions are synchronized. It works!
Perhaps in the future, I'll merge the session handling in the various apps, so that login/logout can be done from any app.