generic_sso

This is a generic authentication provider for SSO (or similar) backend modules which trusts a named SERVER variable (such as REMOTE_USER). It is based on the ldap_sso module to which it owes its name and much of its code.

This module is designed to be a minimal implementation of an authentication layer which automatically trusts the underlying web server. For example on apache this would permit the use of mod_auth_kerb or mode_auth_openidc which expose a SERVER variable such as REMOTE_USER when the remote user had been authenticated.

Post-Installation

Using this module should involve configuring it to read the appropriate SERVER variable, and then protecting some or all of your website such that the variable is passed up to Drupal. So for example on Apache with mode_auth_openidc you should configure:

Additional Requirements

The module is designed to have no special dependencies. It was based heavily on ldap_sso from the LDAP project, but by design has stripped out all of its dependencies. If you need any other sort of features from your auth module, you should look elsewhere.

Similar projects

The sole reason for this project is that I have not been able to find anything which simply trusts REMOTE_USER without adding complexity. If you were to find a similar module I'd encourage you to let me know such that I can deprecate this one!

Supporting this Module

Contributions and bug fixes are welcome but I'm very unlikely accept feature requests even as merge requests, and I extra-specially will not be able to handle LLM-generated bug reports, as I simply haven't the bandwidth. You are more than welcome to fork the project - in fact I'd jump at the chance to let this project wither and be replaced by your fork.