Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This project is not covered by Drupal’s security advisory policy.
Fierce SSO is a Single Sign-On module for Drupal. It is designed so that if users log in to any one of your sites, it will automatically log them in to all the sites in the "network". It works by embedding special, invisible GIF images on the Welcome screen that users get after they log in. These images connect to the other sites in the network and silently log you in.
Fierce SSO is an alternative to danielc's singlesignon module (which does some magic by manipulating session tables in the background instead of using invisible images). I think my module uses a simpler approach and is more seamless to users. However, it occasionally fails if users have images turned off or if they navigate to another page after logging in without waiting for the page to finish loading.
This software is still under development, but I believe it to be very secure against cross-site scripting and replay attacks. The tokens in the hidden images expire after a minute and furthermore, can only be used once per site. Bad guys sniffing your network traffic could theoretically steal your Fierce_SSO login token, but if bad guys are sniffing your network traffic, that's the least of your problems.
Be sure to choose a very long random string of letters and numbers as the Shared Secret (after all, you don't have to memorize it). See the included README.txt for installation instructions.
This module is Licensed under GPL v2.
Eli
Project information
- Module categories: Access Control
- Created by eli on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
