The Crowd SSO module provides single sign-on and single sign-off functionality in Drupal for users authenticated against Atlassian Crowd. When a user has authenticated against Crowd, an authentication token is set via browser cookie. When a user with that cookie visits the Drupal website, the authentication token is extracted from the cookie and is validated against Crowd. Upon successful validation, the user is automatically logged into Drupal, and a user account is created in Drupal if the account did not already exist.
If the visiting user does not have the Crowd authentication token, he or she is presented with the standard Drupal authentication form. Upon submission of the login form, the user's credentials are passed to Crowd for authentication. Successful authentication results in Crowd setting the browser cookie.
In order for Drupal to authenticate against Crowd, it must be added as a new application in Crowd. Please refer to the Atlassian Crowd documentation for instructions regarding adding applications.
Crowd administrators must also correctly configure the SSO cookie domain, to ensure that all applications on the domain will be able to read the authentication cookie. Please refer to the Atlassian Crowd documentation for instructions regarding how to configure this.
- Install the Crowd module by navigating to admin/build/modules.
- Configure the Crowd module by navigating to admin/settings/crowd
Drupal administrators must provide the base location of the Crowd server, port, and path to the WSDL file served by Crowd. Administrators also must enter the Crowd cookie SSO domain that was configured in Atlassian Crowd, along with the name of the application and password as defined in Crowd. Please refer to the previous section of this document for instructions regarding how to add applications in Atlassian Crowd.
Cache the Atlassian Crowd WSDL
Due to documented defects in PHP 5, the native PHP SOAP client is unable to parse WSDL files that are served via secure protocol. To get around this issue, the Crowd module provides a mechanism for caching the WSDL file locally to crowdsoapservice.wsdl in the Drupal files directory. To cache the WSDL file, navigate to admin/settings/crowd/cache-wsdl.
The Crowd WSDL file will automatically be cached on the local server.
NOTE: This must be done before authenticating any users in Drupal via Crowd.