The Drupal OpenID-Single-Sign-On solution (we call it all together Drupal Omniauth) is an easy log-in Single-Sign-On solution for Drupal websites, which can work with other systems as long as they implement the official OpenID specifications.
Usually, it consists of one (Drupal) provider instance which allows an authentication to an unlimited number of relying parties in one group. This is suitable for big companies, NGOs, and other groups who manage a number of (Drupal and other) websites and want to have one single log-in provider.
Out-of-the-box it synchronizes email address changes on the provider to all relying parties' accounts of this user and therefore it disables the possibility of changing email address and user name on the relying parties.
A quick overview of the basic modules:
- Drupal core's OpenID module
- OpenID Single Sign On Relying Party
Synchronization of user data
Together with more extensive modules, based on OpenID's official Attribute Exchange specifications it can be configured to synchronize any field on a user (profile) to be synchronized to the OpenID-SSO provider and then back to all relying parties.
The modules needed for the more advanced data synchronization:
The Drupal Distribution
To make it easier to set-up the whole system we created Features that help administrators to get started faster:
To complete all components of a "Drupal Distribution" there are installation profiles and makefiles available: