ILS Authentication allows library patrons to use their library account information to log into a Drupal site. It only supports authentication against a single Integrated Library System at a time, and each ILS requires a driver to work with this module. The 'sample' driver is enabled by default.
ILS Authentication doesn't touch 'local' accounts (accounts created by Drupal's built-in user module) or accounts created by other contributed modules.
Please note that ILS Authentication will create accounts for users if they authenticate against the configured ILS, regardless of whether the site administrator has chosen "Visitors can create accounts and no administrator approval is "required" under "Public registrations" at admin/user/settings. Local accounts are governed by the this setting as usual.
Included Drivers
- SirsiDynix Symphony
- Innovative Interfaces Millennium
- Evergreen
- SIP2
The SIP2 driver can work with many systems. To date, it has been tested with Koha and Biblionix Apollo, but any ILS that claims SIP2 support should work. If you're using the SIP2 driver with another ILS, let us know how it goes!
Features
- Supports ILSs through drivers; this approach allow new drivers to be added without needing to modify the module itself.
- Allows drivers to
- Add their own admin settings
- Modify Drupal forms for their own purposes, such as the login form or the module settings form
- Perform their own validation on the login form
- Allows site admins to
- Define custom messages for library users logged into Drupal, for tasks such as:
- Informing users upon login that they must add an email address to their profile if the ILS was unable to provide an email address for them.
- Displaying a link to library users' ILS account page when they request a new password, instead of sending them a password reset email. Drupal's default behavior of emailing password reset requests still applies to local accounts.
- Define default roles for user accounts created with this module. The SIP2 module is capable of more advanced role management
- Log usernames routed to the ILS (off by default). This feature is intended to assist driver developers and should be turned off unless debugging.
Prerequisites
The module itself has no particular PHP, database, or Drupal requirements, other than it only works with Drupal 7.x. A Drupal 6.x backport is in the works.
Certain PHP configuration options must be enabled to allow drivers to connect to their authentication targets. For example, if a driver connects using a URL, file_get_contents or cURL must be enabled, depending on how the driver is written.
Uninstallation
Upon uninstallation, all accounts created using this module are converted to local accounts. Users will be able to log into the Drupal site with the password that they used the last time they logged in before the module was disabled.
Security
ILS Authentication does not require or add any specific security measures beyond those provided by Drupal itself. Passwords for accounts managed by ILS Authentication are stored and encrypted in exactly the same way as regular Drupal passwords.
Since the sample.inc driver contains credentials in ilsauthen_driver_connect() that anyone can use to log into your site (provided they know those credentials, you have this module enabled, and you have enabled left the sample driver enabled),
you may want to change the sample password. If you enable another driver, this is not an issue. DO NOT DELETE sample.inc.
If you write a driver for an external authentication service, you need to secure the connection between Drupal and the service yourself. Since most drivers will use some sort of web service to connect to authentication services, you should consider using the standard technologies that other web clients and servers use, such as HTTPS, restricting access to your external service to localhost (where possible) or to a specific IP address, etc.
As stated above, this module provides an option to log usernames routed to external sources. This feature is intended to assist driver developers and should be turned off at all times other then during testing and debugging.
Known Issues/Limitations
- This module only populates the username, password, and (optionally) the email address fields in the local Drupal database. Currently it does not support populating fields managed by Drupal's profile module or by contrib modules that replace the core profile module.
- When an external user requests a new password, the core message "Further instructions have been sent to your e-mail address" is displayed along with the active driver's password request message.
- Should the user change her password on the remote ILS after the module is disabled but before attempting to log into Drupal again, her attempt will fail because the remote and local passwords are no longer the same, and she will be presented with the standard Drupal response to unrecognized passwords.
Project information
Unsupported
Not supported (i.e. abandoned), and no longer being developed. Learn more about dealing with unsupported (abandoned) projects- No further development
No longer developed by its maintainers. - Project categories: Access control
1 site reports using this module- Created by jsherman on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
