I am currently creating a Drupal site in an Active Directory environment. One of the requirements for the site is Single Sign On, which today seems impossible, because for drupal there is no Kerberos SPNEGO / GSSAPI authentication module. I came up with how SSO can be undertaken in IIS. Because IIS has the ability to require Kerberos authentication, we can allow IIS to handle authentication and use the AUTH_USER server variable to pass the authorized username to the "enhanced" LDAP_auth module. Then the LDAP_auth module checks the username (but not the password, because it does not know or does not know the password) for LDAP to get the user roles. (AD groups) Does anyone know if this is possible? If so, does anyone have any ideas on how to implement this?
source
share