You are here

Home » API reference » LDAP Single Sign On 6

README.txt in LDAP Single Sign On 6

Same filename and directory in other branches
  1. 7.2 README.txt
  2. 7 README.txt
The LDAP Single Sign-On module provides an administrator with the ability to
configure a Drupal site to use either NTLMSSP (e.g. seamless automatic login 
using LDAP / Active Directory credentials passed automatically by supported 
and properly configured browsers) or basic digest authentication as a fallback 
to authenticate Drupal users. The net effect is that either automatically, or
by visiting a link, a user is authenticated and logged into a Drupal site 
without requiring the user to manually enter credentials on suitably configured
installations.

The module was created to provide Drupal intranet applications full integration
with Active Directory and Windows workstations in enterprise environments. It 
leverages the LDAP integration module for all Drupal to LDAP/Active Directory
communications, while relies on a web server to provide a $_SERVER 
variable containing an authenticated user's login name; this name is queried
by Drupal to allow or deny access to the system. 

For more information on configuring Apache to provide NTLM / LDAP 
authentication, see INSTALL.txt. 

This module requires that the LDAP integration module be installed and fully
configured for proper operation.

After enabling the LDAP Single Sign-On module, it can be configured by 
visiting the path admin/settings/ldap/sso as an administrator. Available 
options include:

"Turn on automated single sign-on": 
    Automatically redirects unauthenticated visitors to the sign on page upon 
    visiting the site, providing a seamless login for browsers configured to
    pass NTLM credentials automatically.
    
"Cookie lifetime":
    To ensure users aren't automatically logged back in after logging out, a 
    cookie is set to ensure no automatic redirection occurs if automated single
    sign-on is enabled. This sets the lifetime of the cookie.
    
"Authentication mechanism":
    If different server variables or other authentication mechanisms are used,
    they will be selected here. Currently, only mod_auth_sspi is supported, but
    other implementations of NTLM authentications can be supported in the 
    future.

After enabling the LDAP SSO module, a new menu item will be available in the 
navigation menu titled "Log In", pointing to user/login/sso. If the 
administrator does not wish to use seamless login, they can place this menu
item in a menu accessible to anonymous visitors, and visitors can log in by
visiting this path.

File

README.txt
View source 
  1. The LDAP Single Sign-On module provides an administrator with the ability to

  2. configure a Drupal site to use either NTLMSSP (e.g. seamless automatic login 

  3. using LDAP / Active Directory credentials passed automatically by supported 

  4. and properly configured browsers) or basic digest authentication as a fallback 

  5. to authenticate Drupal users. The net effect is that either automatically, or

  6. by visiting a link, a user is authenticated and logged into a Drupal site 

  7. without requiring the user to manually enter credentials on suitably configured

  8. installations.

  9. 

  10. The module was created to provide Drupal intranet applications full integration

  11. with Active Directory and Windows workstations in enterprise environments. It 

  12. leverages the LDAP integration module for all Drupal to LDAP/Active Directory

  13. communications, while relies on a web server to provide a $_SERVER 

  14. variable containing an authenticated user's login name; this name is queried

  15. by Drupal to allow or deny access to the system. 

  16. 

  17. For more information on configuring Apache to provide NTLM / LDAP 

  18. authentication, see INSTALL.txt. 

  19. 

  20. This module requires that the LDAP integration module be installed and fully

  21. configured for proper operation.

  22. 

  23. After enabling the LDAP Single Sign-On module, it can be configured by 

  24. visiting the path admin/settings/ldap/sso as an administrator. Available 

  25. options include:

  26. 

  27. "Turn on automated single sign-on": 

  28.     Automatically redirects unauthenticated visitors to the sign on page upon 

  29.     visiting the site, providing a seamless login for browsers configured to

  30.     pass NTLM credentials automatically.

  31.     

  32. "Cookie lifetime":

  33.     To ensure users aren't automatically logged back in after logging out, a 

  34.     cookie is set to ensure no automatic redirection occurs if automated single

  35.     sign-on is enabled. This sets the lifetime of the cookie.

  36.     

  37. "Authentication mechanism":

  38.     If different server variables or other authentication mechanisms are used,

  39.     they will be selected here. Currently, only mod_auth_sspi is supported, but

  40.     other implementations of NTLM authentications can be supported in the 

  41.     future.

  42. 

  43. After enabling the LDAP SSO module, a new menu item will be available in the 

  44. navigation menu titled "Log In", pointing to user/login/sso. If the 

  45. administrator does not wish to use seamless login, they can place this menu

  46. item in a menu accessible to anonymous visitors, and visitors can log in by

  47. visiting this path. 

  48.