Services Single Sign-On Client
Jan 18 2012
*Services Single Sign-on Client* The beauty of "single sign-on":http://en.wikipedia.org/wiki/Single_sign-on (SSO) user authentication is that users to have one username and one password to access numerous sites, systems and computers. This is beneficial for larger organizations as it eliminates the need for multiple user names and passwords for multiple sites and sub-sites. The current Drupal SSO solution is the "share tables across instances":http://drupal.org/node/22267 module but it is not recommended due to issues with broken version updates and security holes. This module requires that all sites and sub-sites are on the same servers. But what if they aren't? The "Services single sign-on client":http://drupal.org/project/services_sso_client module addresses this need by leveraging the existing Drupal core and contrib modules to provide a simpler and cleaner single sign-on workflow. *The Workflow* *Highlights and benefits of the Services single sign-on client* * It's as simple to setup as the standalone SSO * Profile avatars automatically transfer to client sites (sub-sites) using "Imagecache external":http://drupal.org/project/imagecache_external or the "Media":http://drupal.org/documentation/modules/media module. * Each SSO session is verified to ensure that accounts and user information remains valid and up-to-date across all sites. * Users can change their profile information from any SSO Client site through a profile-editing interface that connects to the SSO Server site. Their new profile information automatically updates on the server and across all sites. *More features* * The Services SSO acts as the middleman for additional sign-on or single sign-on functionality on the SSO Server instead of "LDAP":http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol or email sign-ons etc. * A mapped profile field from which user information can be transferred from the SSO Server to SSO Client site. * Automatic, timed account propagation from the SSO server site to the SSO client site allows for simple generation of items like directory listings. * Classification (taxonomy) terms can be attached to user accounts on the SSO Server as ‘profile flags’, this allows for ‘profile flag actions’ such as adding/removing user roles on the SSO Client site or adding/removing people from "Organic Groups":http://drupal.org/project/og etc. There are already a lot of modules that rely on commercial services such as "janrain":http://www.janrain.com/ or "Facebook Connect":https://www.facebook.com/blog.php?post=41735647130. This solution puts everything in Drupal allowing for full control the of the SSO. Many developers and organizations are beginning to see the benefits of having Drupal act as the SSO rather than Drupal in combination with other services. h3. Basic SSO Server site and SSO Client site Setup Tutorial *Terminology:* SSO Server (site): The Drupal 7 website running "Services 3.x":http://drupal.org/node/736522 on which user accounts and profiles are centrally stored. SSO Client (site): The Drupal 6 or Drupal 7 website that allows end users to login with credentials stored on the SSO Server site. *Modules needed for SSOC:* * "Services single sign-on client":http://drupal.org/project/services_sso_client This module provides the sign-on functionality on the SSO Client site. * "Services single sign-on server helper":http://drupal.org/project/services_sso_server_helper This module provides profile editing capability on the SSO Server site * (Optional) "Services user login methods":http://drupal.org/sandbox/branana/1300714 This module allows additional login methods such as LDAP, email logins etc to work with Services 3.x *Core functionality used:* * Drupal "external user login system":http://api.drupal.org/api/drupal/modules--user--user.module/function/user_external_load/7 * Drupal "authmap table":http://api.drupal.org/api/search/7/authmap * Drupal session based login system *Contrib modules used:* * "Services 3.0":http://drupal.org/project/services (SSO Server) JSON REST * "Imagecache external":http://drupal.org/project/imagecache_external (SSO Client, D6) * "Media internet":http://drupal.org/project/media (SSO Client, D7) *Basic setup:* 1. Setting up the SSO Server site. * Setup a Drupal 7.x install. * Install "Services 3.x":http://drupal.org/project/services and enable the main Services module plus the REST server. * Install "Services single sign-on server helper":http://drupal.org/project/services_sso_server_helper * (Optional/advanced) Install "Services user login methods":http://drupal.org/sandbox/branana/1300714 if you need additional login methods to be supported, or plan on developing your own. * Set up an endpoint in _Structure > Services_ with the following settings: Server: REST, Authentication: Session authentication * Under the “server” tab of the endpoint, make sure response formatters: json and request parsing: application/json application/x-www-form-urlencoded are checked. * Under the “resources” tab of the endpoint, enable user.retrieve, user.index, user.login and user.logout Edit Thurs, Jan 19, 2012, 9:04AM PST Create an account on the SSO server with the username of "api" and give that account the "Administer users" permission. You might need to create a separate role for this account. This account will serve as the "API" account, and the password to this account will be the "API Key". This "API Key" will be needed when you configure the SSO client website. Congratulations, you have now configured your Drupal 7.x site to act as the SSO Server! 2. Setting up your SSO Client site. NOTE: For this tutorial we will cover setting up a SSO Client site using a Drupal 7.x install. Drupal 6.x is supported, but has different dependencies (imagecache external instead of media). * Setup or use an existing Drupal 7.x install. This will be our SSO Client site. * Install the "Services single sign-on client module":http://drupal.org/project/services_sso_client * Under _Configuration > Web services > Services single sign-on client settings_, fill in the server address of the SSO Server website we setup earlier. Fill in the Endpoint name you have configured for the Services 3.x REST endpoint from earlier. After you click on “Save configuration” it will validate the existence of a Services 3.x end point at the combined URL you provided, and if you have set it up right, you are now ready to login on this SSO Client site with user credentials from the SSO Server site. ImageX is an award winning open source web design and development firm with offices in Vancouver, BC and Los Angeles, CA. If you'd like to learn more about ImageX and our "Drupal development services":http://www.imagexmedia.com/services/web-development, contact us and "get started today":http://www.imagexmedia.com/contact.
Learn from us
Sign up and receive our monthly insights directly in your inbox!