Atlassian Crowd

This module provides single sign-on integration between Drupal and an Atlassian Crowd server. It supports detection of the Crowd SSO cookie to provide automatic login of users already authenticated via Crowd. Drupal accounts are created automatically if the user account doesn't already exist. The module also hijacks the standard Drupal user login form validation handlers to authenticate directly against Crowd instead of Drupal.

Dependencies

You will of course need to be running an Atlassian Crowd server to use this module. Because the current versions of the module (i.e. 6.x-2.x and 7.x-2.x) communicate with Crowd through REST, no other special dependencies are required (you just need an open http link between your Crowd and Drupal servers).

For the 7.x-2.x version it is recommend, though not required, that you also install the Dynamic Cache module if you have page caching active for anonymous users. Dynamic cache provides an improved way to bypass Drupal caching during SSO activities and may help avoid conflicts with other modules that manipulate the Drupal bootstrap. SSO will still work for anonymous users without Dynamic Cache installed, but it may not be as reliable in certain situations.

Known Issues

This module does not (yet) fully support "validation factors", such as the validation of the user's IP address, when managing SSO sessions. This does not affect the module's overall functionality, but does have 2 main impacts:

  1. When a SSO session is started by a non-Drupal application, validation factors, such as the user's IP address, may be set. However, when Drupal authenticates a user based on their SSO token, these validation factors are not tested, and the user is logged-in so long as their SSO token is active in Crowd. If this introduces a security concern for you please consider getting involved in #1986258: Check validation factors (specifically IP address) during authentication.
  2. When a SSO session is started by Drupal (the user enters their username and password in Drupal), validation factors, such as the user's IP address, may not be set correctly when a reverse or forward proxy is involved. This could mean that other non-Drupal SSO applications will not honor the SSO session Drupal started. If you encounter this issue there are ways to get around it by adjusting your Crowd sever settings, though this may reduce overall security. If this impacts you please reference #1976846: Support IP validation when creating SSO session in Drupal (and proxies are involved) .

6.x-1.x and 7.x-1.x Branches

The 6.x-1.x and 7.x-1.x branches are not as feature rich and are no longer being developed or maintained. For these branch native SOAP client libraries are required along with the Services_Atlassian_Crowd PEAR package, which is available at http://pear.php.net/package/Services_Atlassian_Crowd/docs/0.9.5/.

Maintainer

This module was initially developed and maintained by Erich Beyrent
Originally sponsored by CommonPlaces e-Solutions, LLC and VoltDB

The 6.x-2.x and 7.x-2.x branches have been enhanced, and are currently largely maintained, by Ryan Jacobs (rjacobs) with support from the Center for Research Libraries.

Project Information

Downloads