This project is not covered by Drupal’s security advisory policy.

This module allows single sign-on to Drupal using external HTTP authentication. Current version only supports basic authentication method and users must have matching REMOTE_USER header from external system and in Drupal username. This means you will have to manually manage both Drupal users and user accounts on your external system. Future versions of the module may include option of automatically creating new users to Drupal with preset user roles.

The module is intended for running a intranet site that is fully protected with HTTP basic authentication or a separate admin site from your public Drupal site. Connections to the admin site should be SSL encrypted and it can use any external system for authentication. Usual configuration on public sites is to redirect all admin pages to the admin site and possibly also require a VPN connection to access the admin site.

Goal for this project is to provide yet another simple way to integrate Drupal with existing single sign-on systems that already have an Apache (or any other web server) module for HTTP basic Auth. If you are looking for way to just protect your site with HTTP authentication without any existing authentication system you may want to have a look at Secure Site module instead. This module requires that your site is already protected with HTTP authentication, IT WILL NOT PROTECT YOUR SITE by itself.

Project information