Drupal is a registered trademark of Dries Buytaert
drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! video_embed_field 3.1.0 Minor update available for module video_embed_field (3.1.0). bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). trash 3.0.27 Minor update available for module trash (3.0.27). twig_tweak 4.0.0-alpha2 New alpha version released for module twig_tweak (4.0.0-alpha2). twig_tweak 4.0.0-alpha1 First alpha version released for module twig_tweak (4.0.0-alpha1). node_revision_delete 2.1.1 Minor update available for module node_revision_delete (2.1.1). commerce_paypal 2.1.2 Minor update available for module commerce_paypal (2.1.2). ckeditor5_premium_features 1.8.1 Minor update available for module ckeditor5_premium_features (1.8.1). ckeditor5_plugin_pack 1.5.2 Minor update available for module ckeditor5_plugin_pack (1.5.2). node_revision_delete 2.1.0 Minor update available for module node_revision_delete (2.1.0).
← All modules

sso_connector

No security coverage
View on drupal.org

Introduction

SSO Connector provides a robust Single Sign-On (SSO) foundation for Drupal using an
Identity Provider (IdP) / Service Provider (SP) architecture. It is designed for multi-site
Drupal environments where users authenticate once and access connected sites securely.

This project page describes the core module only. Optional capabilities such as OAuth, SAML,
social login, advanced synchronization, and permissions orchestration will be maintained as separate submodules/projects.

Core Features

  • IdP/SP Role Model: Configure each site as Identity Provider or Service Provider from a single admin UI.
  • End-to-End Browser SSO Flow: Dedicated endpoints for login start, return-path, token return, and logout.
  • Secure Token Handling: Signed JWT tokens with encrypted payload transport and configurable expiration.
  • Hardened Token Endpoint: Machine token endpoint with optional IP allowlist and dedicated API key support.
  • No Shared Cross-Domain Cookie Dependency: SSO flow does not rely on a bakery-style shared cookie approach.
  • User Synchronization: Optional SP account auto-creation and controlled profile-field synchronization from IdP.
  • Redirect Safety: Internal destination sanitization and stricter flow validation to reduce redirect abuse risks.
  • Drupal 10/11 Ready: Modernized architecture, services, event subscribers, and maintained test coverage.

Post-Installation

Install and enable SSO Connector on both the IdP and all participating SP sites.

  • Configuration Path: Administration > Configuration > System > SSO Connector
  • IdP Site: Set role to IdP, generate a JWT secret, and allowlist SP base URLs.
  • SP Sites: Set role to SP, define the IdP URL, and use the same JWT secret as the IdP.
  • Security: Optionally configure token endpoint API key, allowed IPs, and token expiration policy.
  • User Sync (Optional): Enable synchronization and choose allowed profile fields according to your policy.

Supporting this Module

Contributions are welcome. Bug reports, patches, reviews, and documentation improvements help keep SSO Connector stable and secure for the Drupal community.

Activity

Total releases
1
First release
Apr 2026
Latest release
21 hours ago
Release cadence
Stability
0% stable

Releases

Version Type Release date
1.0.0-beta6 Pre-release Apr 25, 2026