Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

SSO Bouncer

48 sites No security coverage
View on drupal.org

This module enhances OpenID Connect by ensuring that users logging in via Keycloak SSO have at least one group assigned, as defined in the role mapping. If a user's group is not authorized for the Drupal instance, access will be denied.

This module extends OpenID Connect functionality to check if a Keycloak SSO account login has at least one group as defined in OpenID Connects role mapping.

Requirements

  • Drupal >11
  • Existend Keycloak SSO Client
  • Drupal OpenID Connect with defined role mappings at /admin/config/people/openid-connect/settings

Installation

  1. Install with composer.
    composer require drupal/sso_bouncer
    
  2. Enable the module through the Drupal admin interface or using Drush:
    drush en sso_bouncer

Configuration

After installation, you can configure the module by navigating to:
Administration > Configuration > People > SSO Bouncer Settings or /admin/config/people/sso-bouncer

Settings

  • Enabled: If SSO Bouncer is enabled or not.
  • Client ID: Set the client id of which the role mappings for login check come from.

Usage

The module automatically validates user authentication by checking if the user has valid Keycloak groups for the Drupal instance. If the user's group is not authorized for the current instance, access is denied.

Drush Commands

The module provides several Drush commands for managing SSO Bouncer configuration:

drush sso_bouncer:enable [CLIENT_ID]
drush sso_bouncer:disable
drush sso_bouncer:status

License

This module is licensed under the GNU General Public License version 3.

Activity

Total releases
3
First release
Jun 2025
Latest release
7 months ago
Releases (12 mo)
1 ▼ from 2
Maintenance
Slowing

Release Timeline

Releases

Version Type Release date
1.0.0 Stable Nov 26, 2025
1.0.0-alpha1 Pre-release Jun 19, 2025
1.x-dev Dev Jun 19, 2025