Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
The authentication_service module provides a framework for integrating remote authentication services into Drupal. When a user attempts to log in they are authenticated against the remote service; if they do not yet have a local user account one is created for them.
OpenAM and Drupal plugins are included, but it is extensible to other authentication mechanisms (OpenId, Oauth, etc.)
This module was developed by Capgemini UK, and is a work in progress.
Global
Configuration settings are available at Configuration >> System >> Authentication service.
Here you can activate the plugins you want to use. If more than one plugin is active, the system will fall through them until it finds a successful login.
Each plugin has a separate tab with plugin-specific settings.
Cache expiry is the maximum length of time attributes pulled from the server are cached. (Only the user's email address is currently used by this module, but all available attributes are cached.)
OpenAM
OpenAM plugin settings are available at Configuration >> System >> Authentication service >> OpenAM.
Base URI
Enter the base URI for connecting to the OpenAM server. (The trailing slash is REQUIRED.)
Communication with the server is done via JSON.
Ignore SSL certificate errors
Do not enable this unless you are absolutely sure you know what you are doing.
This ignores SSL certificate errors when connecting to OpenAM; enabling it is a security risk. It is provided for test environments where certificates may be invalid.
Test connection
Attempt to authenticate a user. This is the simplest way to prove that everything is set up correctly. You will need the credentials of a user who already exists on the OpenAM server.
Drupal
Drupal plugin settings are available at Configuration >> System >> Authentication service >> Drupal.
The Drupal plugin wraps Drupal's local database and treats it as just another remote authentication mechanism. This is useful if you have users who only exist locally - for example CMS administrator accounts.
Creating users
You can either create user on the OpenAM server or use existing OpenAM users. Once a user is created on the OpenAM server they can log in to the Drupal site using their OpenAM user name and password. The user will be given role of authenticated user.
You can create users via Drupal if you install the companion identity_service module. (@TODO - link to the module)
Adding another authentication plugin
@TODO
Future enhancements
Give the plugins weights, so the order they are called in can be changed
Allow for multiple services of each type, eg more than one OpenAM server
OpenID authentication
Developed by Capgemini.
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Project categories: Access control
- Created by adub on , updated
