sso_bouncer
29 sites
No security coverage
This module extends OpenID Connect functionality to check if a Keycloak SSO account login has at least one group as defined in OpenID Connects role mapping.
Requirements
- Drupal >11
- Existend Keycloak SSO Client
- Drupal OpenID Connect with defined role mappings at
/admin/config/people/openid-connect/settings
Installation
- Install with composer.
composer require drupal/sso_bouncer - Enable the module through the Drupal admin interface or using Drush:
drush en sso_bouncer
Configuration
After installation, you can configure the module by navigating to:
Administration > Configuration > People > SSO Bouncer Settings or /admin/config/people/sso-bouncer
Settings
- Enabled: If SSO Bouncer is enabled or not.
- Client ID: Set the client id of which the role mappings for login check come from.
Usage
The module automatically validates user authentication by checking if the user has valid Keycloak groups for the Drupal instance. If the user's group is not authorized for the current instance, access is denied.
Drush Commands
The module provides several Drush commands for managing SSO Bouncer configuration:
drush sso_bouncer:enable [CLIENT_ID]
drush sso_bouncer:disable
drush sso_bouncer:status
License
This module is licensed under the GNU General Public License version 3.