Reputation: 777
Drupal-Tomcat Single Sign on
I have a Drupal 7 web site and a Java web application (running under Tomcat). They are in the same domain. I would like they participate in a Single Sign On.
Drupal should manage the user base (user registration, user roles... ). Authenticated Drupal users should be able to navigate to the Tomcat web site without being asked for authentication.
If an unauthenticated user (from a Drupal public area or with a direct link) go to the Tomcat website he should be redirected to Drupal to perform authentication.
Other characteristics of the solution i'm searching are:
- I don't want to implement a custom authentication schema from scratch (for security reasons).
- I would like to find some drupal plugin with an existing java counterpart (ex.Spring Security).
I've been trying Drupal OpenId SSO Provider (AX attribute exchange) but the user is required to type his OpenId url on the java site before he is redirected to Drupal to perform authentication.
Here is all the Drupal SSO plugins i've found: https://groups.drupal.org/node/182004
Can anybody advise me ?
Upvotes: 3
Views: 636
Answers (1)
Reputation: 777
Ok, now I've a working system based on a simpleSAMLphp IdP that uses a drupal session as a proof of authentication.
- Here are simpleSAMLphp installation instructions and some details on the IdP configuration
- Install php5-mcrypt php5-mysql
- Remember to configure session persistence on a database (necessary for next steps).
Then I installed drupalAuth (a simpleSAMLphp module). After some configuration steps (remember to copy the Drupal module contained in drupalAuth inside the Drupal modules directory and to activate the module) i've got it working.
You can test it going to the IdP page (mysimplesamlhost)/simplesaml/module.php/core/authenticate.php
At this point it is pretty easy to prepare a web application for tomcat that uses SAML for authentication. You can download the Spring Security SAML example web application and deploy it to your tomcat installation. After some tweaking in the configuration it should be able to work with the provided IdP.
If somebody is interested in this solution i can provide further details.
Upvotes: 1
Related Questions
- Single Sign on implementation in Tomcat
- Web Application and REST services SSO in tomcat and spring-security
- SSO using joomla and spring
- Java Spring Security with OpenId Provider
- JSP+Tomcat: Single Sign-On
- Emulate and/or Enable Single Sign On in Tomcat using AJP
- Single Sign-on through Spring Security
- Spring security openId support and user deauthentication
- Integrate Single Sign On using Spring Security
- Single Sign-On on Spring Application