valiton/harbourmaster
Composer 安装命令:
composer require valiton/harbourmaster
包简介
Integrates Harbourmaster providing a single sign-on solution for Drupal.
README 文档
README
What does it do?
This plugin mainly contains an authentication provider that uses an HMS SSO cookie (containing a session token) to authenticate a user against the HMS SSO API.
It also provides configuration pages, a login page and blocks for all HMS User-Manager functions.
How does the authentication work?
Basically, the authentication provider will look for a valid SSO cookie on the current request. If it finds this token, it will be checked against the HMS SSO API endpoint. On a successful check, the endpoint returns session data for this user (this session data may then be cached for a certain amount of time, defaulting to 60s).
The HMS session data is then used to identify an existing Drupal user via its associated HMS user key. If none can be found, a new Drupal user will be created (using a random pasword), associating the HMS user key in the process. Already existing users may be updated with properties from the HMS session data.
At this point, Drupal's current_user will be set to the looked up user and a Drupal session will be created for this user. The SSO token is saved in that session. (Authentication would work without a session, but the Drupal CSRF protection on forms does not as it requires a session to save the CSRF token.)
The user is now logged in. On subsequent requests, the authentication provider will compare the current SSO token cookie with the SSO token saved in the Drupal session. Should the SSO token not match, have expired or the token cookie be missing, the Drupal session will be terminated and the user will be logged out.
If no token cookie is set on the request AND the current session (if existing) has no token associated, authentication will be handed to the standard Drupal "Cookie" authentication provider.
How does the User-Manager work?
The user manager provides widgets for all HMS SSO related functions like
- login
- registration
- password reset
It is included into Drupal by rendering a container with a specific id and including some Javascript from the User-Manager server.
When you login via the User-Manager, it will set the cookie containing the SSO token on its configured domain, usually ".domain.tld". This cookie will then always be sent to any subdomain of "domain.tld" and allow the authentication provider to work.
Logging out of the user manager destroys that cookie and subsequently the Drupal session.
Prerequisites:
- installed and properly configured HMS User-Manager on the same domain as the Drupal installation or any-level subdomain thereof
- installed and properly configured HMS SSO server (the actual "Harbourmaster")
Installation:
- enable the module
- configure at least the HMS SSO API und HMS User-Manager server urls on the configuration page
- rebuild the container (see known bugs)
- go to /harbourmaster/login or configure the "HMS Status" block which will provide links for login and logout
Available routes:
- /harbourmaster/login: renders most of the HMS User-Manager widgets
- /harbourmaster/logout: redirects to the logout user manager url which in turn redirects back to the Drupal front page
Available blocks:
- Status: Debugging block that shows the current authentication provider and matching login/logout links
- One block for each of the user manager widgets
Other:
- includes a caching policy that denies caching when a valid (by pattern) token is set on the request
- includes an event subscriber that can be triggered to delete the SSO cookie on the response (this will happen when the SSO session associated with that token was deemed invalid) - subsequent requests can then be cached
Known Bugs and ToDos:
- conflict resolution for unique username is very basic
- Drupal user functions (password reset, profile edit, user canceling) still need to be blocked for HMS SSO authenticated users.
- user image update is currently very simple
valiton/harbourmaster 适用场景与选型建议
valiton/harbourmaster 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 211.66k 次下载、GitHub Stars 达 3, 最近一次更新时间为 2016 年 09 月 08 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 valiton/harbourmaster 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 valiton/harbourmaster 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 211.66k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 19
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0
- 更新时间: 2016-09-08