Single Sign-On choice

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
lambic's picture
Posted by lambic on November 19, 2009 at 5:07pm

Hi,

We're looking at SSO solutions to replace the system we currently use which was built in-house. Our requirements (for now) are:

  • Works with Drupal
  • Works with WordPress
  • Works with custom PHP applications
  • Supports LDAP, Kerberos and optionally SPNEGO
  • Ideally Open Source
  • High Availability

We've narrowed down our choices to four options:

  • CAS
  • CoSign
  • OpenSSO
  • Shibboleth

Does anyone have experience with these? Are there any others we should be considering? What does your institution use for SSO and why? Any comments or feedback would be appreciated.

Categories: , , , , , ,

Comments

We use CAS. I think cas

Posted by redndahead on November 19, 2009 at 5:24pm
redndahead's picture

We use CAS. I think cas maybe the easiest to implement and as of CAS 3 provides an easy way to do attribute release. phpCAS although it seems sometimes a moving target once you have it implemented in one place it's easy to replicate the steps on other apps.

CooooooSign

Posted by btopro on December 1, 2009 at 5:06pm
btopro's picture

PSU uses CoSign and Shibboleth. We're fully integrated with CoSign. Very easy implementation, could give you the "webaccess" module that's used internally if you wanted something you could hack apart to meet your needs. It probably would get you most of the way there though. It's a hack of an earlier version of this module -- http://drupal.org/project/webserver_auth

Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/

Shibb experience?

Posted by sethfreach on December 2, 2009 at 2:58pm
sethfreach's picture

btopro,

Have you guys done the Shibboleth/Drupal integration, or is that a bridge still yet to be crossed? We're looking at a possible Shibboleth integration to an existing Drupal app and are trying to gather reqs and establish a timeline/budget. If you have already done this and have some time, would you be open to a quick phone call to talk about some of your experiences?

Thanks,
Seth

never done shibb

Posted by btopro on December 9, 2009 at 7:52pm
btopro's picture

We haven't done shibboleth authentication yet but I'd imagine that webserver_auth with some minor modifications would be able to handle it. We'll be crossing the bridge eventually but that's probably year(s) out still.

Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/

CAS or SSO

Posted by Asmita Pathak on December 9, 2009 at 9:38am
Asmita Pathak's picture

can anyone help me which is the best and how ? Central Authentication Services or Single Shared On in drupal. please help me, i m also new to drupal.

SSO (the module) is very easy

Posted by btopro on December 14, 2009 at 6:15pm
btopro's picture

SSO (the module) is very easy to implement. You need to make sure you share your users table and some others across sites for it to work but it's relatively easy to implement. Just look through the sso documentation at http://drupal.org/project/sso

Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/

Ubilogin

Posted by vesapalmu on December 12, 2009 at 11:07am
vesapalmu's picture

We have implemented SSO for some clients using Ubilogin. Ubilogin is a commercial product, but was chosen since it already had existing integration for Apache and was extremely easy to implement for Drupal. We are also likely to release a Drupal integration module on D.o some time early 2010, current integration is done with the Apache module. More info on Ubilogin can be found on Ubisecure site: http://ubisecure.com/products/ubilogin-sso

Thanks

Posted by lambic on December 14, 2009 at 5:06pm
lambic's picture

Thanks for the responses guys, I'll pass them on to the "committee".

drupal 5 with sso upgrade to 6

Posted by nisan250 on January 24, 2010 at 10:24am
nisan250's picture

i have drupal 5 system with sso for synch with moodle(lms system), now i want to upgrade drupal 5 to drupal 6. i heard that sso not compatible with drupal 6. do you have a solution for this? what tables the sso uses?

simpleSAML module

Posted by doublejosh on November 22, 2011 at 11:45pm
doublejosh's picture

I would recommend the simpleSAML module for handling SSO in Drupal 6: http://drupal.org/project/simplesamlphp_auth
The LDAP module it also an option: http://drupal.org/project/ldap_integration

Do tell...

Posted by markwk on November 23, 2011 at 4:36am
markwk's picture

@doublejosh: can you tell me/us a bit more about the requirements for this setup?

The main advantage of the OpenID SSO setup is that it doesn't require any external stuff. Just some modules and config and BAM!

Check this discussion:

Posted by markwk on November 23, 2011 at 4:38am
markwk's picture

Check this discussion: http://groups.drupal.org/node/154879 on OpenID SSO

has anyone setup simplesaml for use with drupal

Posted by gmarcotte on February 16, 2012 at 3:56am
gmarcotte's picture

anyone have a step by step for configuring simplesamlphp to act as a service for drupal 7 modules to use as SSO.

thanks

openam + simplesamlphp + drupal

Posted by pkunwar on April 24, 2015 at 1:50pm
pkunwar's picture

The blog link is perfect for the above setup :- http://www.zaizi.com/blog/configure-drupal-openam

Drupal in Education

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.