NZ iGovt Authentication Module

Events happening in the community are now at Drupal community events on www.drupal.org.
josh waihi's picture
Posted by josh waihi on October 19, 2010 at 10:40pm

Is there anyone out there who has done iGovt authentication with Drupal yet? (http://www.e.govt.nz/standards/authentication) Is there available source code for it out there somewhere?
We're about to do some for a client but figure this must have been done with Drupal before, so before we built and open source the module we're interested in if anyone has some previous experience to shed on the subject?

Categories: , ,

Comments

Not AFAIK, but interested -

Posted by dman on October 20, 2010 at 10:30pm
dman's picture

Not AFAIK, but interested - if anyone ever really gets around to it.
It's a nice-to-have for a few jobs I've got open at the moment.

I haven't worked with iGovt

Posted by jonathan_hunt on October 20, 2010 at 10:46pm
jonathan_hunt's picture

I haven't worked with iGovt auth yet but it would be of potential benefit to several projects I'm involved with so happy to beta test etc.

Had a meeting with DIA

Posted by josh waihi on October 20, 2010 at 11:39pm
josh waihi's picture

Had a meeting with DIA yesterday, looks like its gonna be more around the business logic than anything else as SimpleSAMLphp can be used here. So maybe iGovt integration is better off as a feature requiring the simpleSAMLphp module etc.

Mutual SSL might be an issue

Posted by jimmycav on October 28, 2010 at 10:34pm
jimmycav's picture

I've been involved with several igovt integrations (not PHP), and have had a look at SimpleSAMLphp. It looks like it supports the specific SAML configuration required by igovt (such as NameID policies and AuthnContextClassRef) so creating the AuthnRequests should be no problem.

The biggest concern I would have is that while SimpleSAMLphp supports the HTTP-Artifact profile, igovt requires the artifact resolution to be done over mutual SSL. I'm not sure if SimpleSAMLphp supports this. (You could maybe use a reverse proxy to make the mutual ssl connection instead...)

UPDATE
Turns out I was reading an old version of the docs. SimpleSAMLphp does support Mutual SSL and I was able to get a simple prototype working. There is a workaround to fetch the NameID from the assertion (using authproc filters), as SimpleSAMLphp doesn't have the ability for this in the current release

iGovt module sandbox created

Posted by josh waihi on April 11, 2011 at 11:34am
josh waihi's picture

@jimmycav, DIA have actually formulated a version of SimpleSAMLphp that works with their system. I've used it and made it work on MTS and UTE environments.

I've created an iGovt sandbox: http://drupal.org/sandbox/fiasco/1116412
Its contains as far as we got with a Govt project before the business put iGovt integration on hold.

We've got another client interested in making it work so I might get more time to spend on it.

So far it does low strength authentication out of the box and should (I haven't tested) to account synchronization also.

Interested

Posted by kylahuff on November 6, 2013 at 8:11pm
kylahuff's picture

Also interested in getting something.
If its a time and money issue, is it worth a few organisation getting together and getting help Josh Waihi finish the sandbox project?

Drupal Fund Us is perfect for

Posted by Bevan on November 6, 2013 at 8:20pm
Bevan's picture

Drupal Fund Us is perfect for such chip ins: https://www.drupalfund.us/

Bevan/

New Zealand

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.