Posted by lambic on November 19, 2009 at 5:07pm
Hi,
We're looking at SSO solutions to replace the system we currently use which was built in-house. Our requirements (for now) are:
- Works with Drupal
- Works with WordPress
- Works with custom PHP applications
- Supports LDAP, Kerberos and optionally SPNEGO
- Ideally Open Source
- High Availability
We've narrowed down our choices to four options:
- CAS
- CoSign
- OpenSSO
- Shibboleth
Does anyone have experience with these? Are there any others we should be considering? What does your institution use for SSO and why? Any comments or feedback would be appreciated.
Comments
We use CAS. I think cas
We use CAS. I think cas maybe the easiest to implement and as of CAS 3 provides an easy way to do attribute release. phpCAS although it seems sometimes a moving target once you have it implemented in one place it's easy to replicate the steps on other apps.
CooooooSign
PSU uses CoSign and Shibboleth. We're fully integrated with CoSign. Very easy implementation, could give you the "webaccess" module that's used internally if you wanted something you could hack apart to meet your needs. It probably would get you most of the way there though. It's a hack of an earlier version of this module -- http://drupal.org/project/webserver_auth
Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/
Shibb experience?
btopro,
Have you guys done the Shibboleth/Drupal integration, or is that a bridge still yet to be crossed? We're looking at a possible Shibboleth integration to an existing Drupal app and are trying to gather reqs and establish a timeline/budget. If you have already done this and have some time, would you be open to a quick phone call to talk about some of your experiences?
Thanks,
Seth
never done shibb
We haven't done shibboleth authentication yet but I'd imagine that webserver_auth with some minor modifications would be able to handle it. We'll be crossing the bridge eventually but that's probably year(s) out still.
Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/
CAS or SSO
can anyone help me which is the best and how ? Central Authentication Services or Single Shared On in drupal. please help me, i m also new to drupal.
SSO (the module) is very easy
SSO (the module) is very easy to implement. You need to make sure you share your users table and some others across sites for it to work but it's relatively easy to implement. Just look through the sso documentation at http://drupal.org/project/sso
Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/
Ubilogin
We have implemented SSO for some clients using Ubilogin. Ubilogin is a commercial product, but was chosen since it already had existing integration for Apache and was extremely easy to implement for Drupal. We are also likely to release a Drupal integration module on D.o some time early 2010, current integration is done with the Apache module. More info on Ubilogin can be found on Ubisecure site: http://ubisecure.com/products/ubilogin-sso
Thanks
Thanks for the responses guys, I'll pass them on to the "committee".
drupal 5 with sso upgrade to 6
i have drupal 5 system with sso for synch with moodle(lms system), now i want to upgrade drupal 5 to drupal 6. i heard that sso not compatible with drupal 6. do you have a solution for this? what tables the sso uses?
simpleSAML module
I would recommend the simpleSAML module for handling SSO in Drupal 6: http://drupal.org/project/simplesamlphp_auth
The LDAP module it also an option: http://drupal.org/project/ldap_integration
Do tell...
@doublejosh: can you tell me/us a bit more about the requirements for this setup?
The main advantage of the OpenID SSO setup is that it doesn't require any external stuff. Just some modules and config and BAM!
Check this discussion:
Check this discussion: http://groups.drupal.org/node/154879 on OpenID SSO
has anyone setup simplesaml for use with drupal
anyone have a step by step for configuring simplesamlphp to act as a service for drupal 7 modules to use as SSO.
thanks
openam + simplesamlphp + drupal
The blog link is perfect for the above setup :- http://www.zaizi.com/blog/configure-drupal-openam