Allows users of a remote Services-enabled Drupal site to sign on with their credentials into this site.
- D6: imagecache_external (modified) https://github.com/bran/imagecache_external until the author adds the necessary fixes.
- D7: media
Requirements for SSO server:
- services_sso_server_helper-1.x http://drupal.org/project/services_sso_server_helper
- Valid endpoint setup with REST and user.login, user.retrieve enabled.
NOTE: For this tutorial we will cover setting up a SSO Client site using a Drupal 7.x install. Drupal 6.x is supported, but has different dependencies (imagecache external instead of media).
- Setup or use an existing Drupal 7.x install. This will be our SSO Client site.
- Install the "Services single sign-on client module":http://drupal.org/project/services_sso_client
- Under _Configuration > Web services > Services single sign-on client settings_, fill in the server address of the SSO Server website we setup earlier. Fill in the Endpoint name you have configured for the Services 3.x REST endpoint from earlier.
Create an account on the SSO server with the username of “api” and give that account the “Administer users” permission. You might need to create a separate role for this account. This account will serve as the “API” account, and the password to this account will be the “API Key”. This “API Key” will be needed when you configure the SSO client website.
After you click on “Save configuration” it will validate the existence of a Services 3.x end point at the combined URL you provided, and if you have set it up right, you are now ready to login on this SSO Client site with user credentials from the SSO Server site.
- Immediately logged out after logging in and clicking a link.
Make sure the user.retrieve and user.index resources are available on the auth endpoint.
In the works
Profile flag handling
This functionality is being fleshed out and supported by the Services single sign-on client profile flag handler. The goal of this module is to allow arbitrary taxonomy terms attached to the user accont on the SSO server to be translated into actions on the SSO client website such as being assigned certain roles and to organic groups for example based on the terms on the user account on the SSO server.
Additional login methods
I've also written the Services Login Methods module which expands Services to allow developers to hook into additional login-enabling modules like the LDAP module.
This is currently being test driven on some sites we are building.