CILogon Auth module provides Single SignOn (SSO) capability with following features to Higher Education Drupal sites by integrating with freely available CILogon service that integrates with over 3000+ organizations as of Jan 2020 (test here).
Features
Many existing Oauth2 modules do not include the following capabilities.
- Override site-wide registration and account activation settings for users logging in via SSO
- Assign predefined role on first user login via SSO
- Connect existing Drupal accounts with IDP based on email
- Generate custom usernames on first user login via SSO e.g. based on email prefix
- Role based permission to set local password, not enabling it disables editing the account fields for those roles.
- Customize and style ClLogin login block easily.
- Store organization information (IDP) for the SSO user
- Optional integration with the User Restrictions module that further enables the sites to add custom restrictions. (e.g. whitelist certain users or domains to login to the site via SSO and block others).
About CILogon:
CILogon service provides an integrated open source identity and access management platform for research collaborations from a large number of academic institutions and other organizations around the world.
- Test and check availability of your preferred Identify Provider among 3000+ organizations as of Jan 2020.
Support this module
Please add a back link from your site to DOI: 10.5281/zenodo.2578262
Module requirements
- Your site must use HTTPS
- Register your website to use CILogon at https://cilogon.org/oauth2/register (Authentication service is free)
- Callback URL: https://example.com/cilogon-auth/cilogon (where example.com is your site's base path).
-
Scopes
- OpenID (Required)
- Email (Recommended): Module provides an option to generate Drupal accounts with email address prefix rather than non human friendly long hash strings used by default.
- org.cilogon.userinfo (Recommended): Module provides an option to store organization information that is associated with the Drupal user account, the may be useful on sites where multiple institutions are permitted for SSO.
- Lastly, you may request CILogon to limit identity provider for your website to one or more organization as noted here
Optional requirements
This module also integrates the User Restriction module, which allows a high degree of automation and control for user registration and subsequent sign-in.
Acknowledgements
Developed by the San Diego Supercomputer Center (SDSC) at the University of California at San Diego (UCSD) and funded by the National Science Foundation (NSF) under Grant No. 1443083.
Supporting organizations:
Conceived and developed the module
Project information
Seeking new maintainer
The current maintainers are looking for new people to take ownership.- Project categories: Access control
- Ecosystem: FolderShare, OpenID Connect / OAuth client
12 sites report using this module- Created by toamit on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
