Last updated January 17, 2011. Created by ebeyrent on March 31, 2010.
Edited by silverwing. Log in to edit this page.
Overview
The Crowd SSO module provides single sign-on and single sign-off functionality in Drupal for users authenticated against Atlassian Crowd. When a user has authenticated against Crowd, an authentication token is set via browser cookie. When a user with that cookie visits the Drupal website, the authentication token is extracted from the cookie and is validated against Crowd. Upon successful validation, the user is automatically logged into Drupal, and a user account is created in Drupal if the account did not already exist.
If the visiting user does not have the Crowd authentication token, he or she is presented with the standard Drupal authentication form. Upon submission of the login form, the user's credentials are passed to Crowd for authentication. Successful authentication results in Crowd setting the browser cookie.
Crowd Configuration
In order for Drupal to authenticate against Crowd, it must be added as a new application in Crowd. Please refer to the Atlassian Crowd documentation for instructions regarding adding applications.
Crowd administrators must also correctly configure the SSO cookie domain, to ensure that all applications on the domain will be able to read the authentication cookie. Please refer to the Atlassian Crowd documentation for instructions regarding how to configure this.
Drupal Configuration
- Install the Crowd module by navigating to admin/build/modules.
- Configure the Crowd module by navigating to admin/settings/crowd
Drupal administrators must provide the base location of the Crowd server, port, and path to the WSDL file served by Crowd. Administrators also must enter the Crowd cookie SSO domain that was configured in Atlassian Crowd, along with the name of the application and password as defined in Crowd. Please refer to the previous section of this document for instructions regarding how to add applications in Atlassian Crowd.
Cache the Atlassian Crowd WSDL
Due to documented defects in PHP 5, the native PHP SOAP client is unable to parse WSDL files that are served via secure protocol. To get around this issue, the Crowd module provides a mechanism for caching the WSDL file locally to crowdsoapservice.wsdl in the Drupal files directory. To cache the WSDL file, navigate to admin/settings/crowd/cache-wsdl.
The Crowd WSDL file will automatically be cached on the local server.
NOTE: This must be done before authenticating any users in Drupal via Crowd.
Comments
Corwd PEAR package location
http://pear.php.net/package/Services_Atlassian_Crowd/download
to manually install the PEAR package.
Clarifications needed
What's a "base location"? Do you mean an IP address or a resolvable fully-qualified hostname? Or do you mean the URL for the Crowd installation?
How about a hint as the common path used? Is it the base path for the Crowd installation, or does Crowd typically add some additional path components to the URL for the WSDL file?
Does the Drupal install have to be in the same cookie domain as the Crowd and other Atlassian services? Or will this module make use of any domain, as long as it is correctly specified in the module config?
When Crowd asks for the URL of the application to be added, what path should be used? The base URL for the drupal installation, e.g. http://drupal.example.com/ or is there a path component to get to the crowd module that should probably be used, e.g. http://drupal.example.com/crowd.