The Drupal OpenID-Single-Sign-On solution (we call it all together Drupal Omniauth) is an easy log-in Single-Sign-On solution for Drupal websites, which can work with other systems as long as they implement the official OpenID specifications.

Basic functionality

Usually, it consists of one (Drupal) provider instance which allows an authentication to an unlimited number of relying parties in one group. This is suitable for big companies, NGOs, and other groups who manage a number of (Drupal and other) websites and want to have one single log-in provider.

Out-of-the-box it synchronizes email address changes on the provider to all relying parties' accounts of this user and therefore it disables the possibility of changing email address and user name on the relying parties.

A quick overview of the basic modules:

Provider

Relying Parties

Synchronization of user data

Together with more extensive modules, based on OpenID's official Attribute Exchange specifications it can be configured to synchronize any field on a user (profile) to be synchronized to the OpenID-SSO provider and then back to all relying parties.

The modules needed for the more advanced data synchronization:

Provider

Relying Parties

The Drupal Distribution

To make it easier to set-up the whole system we created Features that help administrators to get started faster:

Provider

Relying Parties

To complete all components of a "Drupal Distribution" there are installation profiles and makefiles available: