Allowing OpenID Connect sign-in to Developer Portal?

I want to configure the devportal to accept an OpenID Connect sign-in. When I look at the admin modules page for our pantheon site I see an "OpenID" module.

3447-image-module-list.png

how do I know what this is an whether or not this is the module that will be adequate for our needs?

Solved Solved
0 10 1,303
1 ACCEPTED SOLUTION

That's probably not the right module. Be careful of the names. I think what you are looking for is not "OpenID" but "OpenID Connect". Sometimes people use those terms interchangeably, but they are two different things. There is some similarity in intent, but a complete difference of implementation between OpenID And OpenID Connect. Check the FAQ by OpenID.net. There is an entry on this specific issue.

But let's answer the general question - The way to know for certain what is in any module is to examine the code in the repo. I'm not sure how much of this you know, so I'll just try to be complete.

You or someone on your team should have received some information about how to connect to the developer portal. Included in that information is a link to sign-in to the Pantheon dashboard. (https://pantheon.io) On the dashboard for your devportal there will be a git repo URL.

3448-git-clone-devportal.png

In a terminal window on your desktop, you can perform "git clone <REPOURL>" to get a complete copy of all the source code. (you can also do something similar with many GUI developer tools).

Within the cloned source code tree there will be several directories that contain the source for modules. Example:

./modules
./profiles/apigee/modules
./sites/all/modules

..and so on.

The precedence of these directories is established by Drupal.

One of those directories will contain a directory that defines the module that you found in the Administrative UI. From experience, I'm guessing it is ./modules/openid .

This is a default module in Drupal and is described here: https://www.drupal.org/documentation/modules/openid

If you want to do OpenID Connect, the thing in ./modules/openid is probably not what you want.

I have used this OpenID Connect module successfully: https://www.drupal.org/project/openid_connect

I suppose the next question is, "How to get a new module to be available in Drupal?"

Here's the short story:

  1. get the source code for the module you want (eg, download from https://www.drupal.org/project/openid_connect )
  2. insert the source code for the module into your local directory ./sites/all/modules/contrib . As a rule, "contrib" is for modules available from the community. "Custom" is for modules that you have developed independently and will not be shared with community. If you create a module and share it on a github site and then use it in your portal, it should probably be in "contrib".
  3. git commit; git push
  4. via the Drupal Admin UI, enable the module you just pushed (Config > Modules > (Search for named module) > click enable > SAVE )
  5. via the Drupal Admin UI, configure the module you just pushed. (Varies)

More information about the openid_connect module is here.

OK, here's a quick screencast showing this actually working:

As I mentioned in that screencast, to get this to work the way I wanted, I needed to make modifications in the openid_connect module. A version of the module with the modifications I made can be found here. To use that modified version, just git clone that repo into your own ./sites/all/modules/contrib/openid_connect . Then "git push" into your devportal.

One thing I forgot to cover in the screencast above is enabling the OpenID Connect Login block. This is covered here:

View solution in original post

10 REPLIES 10

That's probably not the right module. Be careful of the names. I think what you are looking for is not "OpenID" but "OpenID Connect". Sometimes people use those terms interchangeably, but they are two different things. There is some similarity in intent, but a complete difference of implementation between OpenID And OpenID Connect. Check the FAQ by OpenID.net. There is an entry on this specific issue.

But let's answer the general question - The way to know for certain what is in any module is to examine the code in the repo. I'm not sure how much of this you know, so I'll just try to be complete.

You or someone on your team should have received some information about how to connect to the developer portal. Included in that information is a link to sign-in to the Pantheon dashboard. (https://pantheon.io) On the dashboard for your devportal there will be a git repo URL.

3448-git-clone-devportal.png

In a terminal window on your desktop, you can perform "git clone <REPOURL>" to get a complete copy of all the source code. (you can also do something similar with many GUI developer tools).

Within the cloned source code tree there will be several directories that contain the source for modules. Example:

./modules
./profiles/apigee/modules
./sites/all/modules

..and so on.

The precedence of these directories is established by Drupal.

One of those directories will contain a directory that defines the module that you found in the Administrative UI. From experience, I'm guessing it is ./modules/openid .

This is a default module in Drupal and is described here: https://www.drupal.org/documentation/modules/openid

If you want to do OpenID Connect, the thing in ./modules/openid is probably not what you want.

I have used this OpenID Connect module successfully: https://www.drupal.org/project/openid_connect

I suppose the next question is, "How to get a new module to be available in Drupal?"

Here's the short story:

  1. get the source code for the module you want (eg, download from https://www.drupal.org/project/openid_connect )
  2. insert the source code for the module into your local directory ./sites/all/modules/contrib . As a rule, "contrib" is for modules available from the community. "Custom" is for modules that you have developed independently and will not be shared with community. If you create a module and share it on a github site and then use it in your portal, it should probably be in "contrib".
  3. git commit; git push
  4. via the Drupal Admin UI, enable the module you just pushed (Config > Modules > (Search for named module) > click enable > SAVE )
  5. via the Drupal Admin UI, configure the module you just pushed. (Varies)

More information about the openid_connect module is here.

OK, here's a quick screencast showing this actually working:

As I mentioned in that screencast, to get this to work the way I wanted, I needed to make modifications in the openid_connect module. A version of the module with the modifications I made can be found here. To use that modified version, just git clone that repo into your own ./sites/all/modules/contrib/openid_connect . Then "git push" into your devportal.

One thing I forgot to cover in the screencast above is enabling the OpenID Connect Login block. This is covered here:

We believe that we have enabled the openid_connect module correctly however when we hit our url we are not prompted by our SSO login screen like we expect. How do we troubleshoot this or what else should we verify?

Sorry, I can't imagine ... I did this long ago and "it just worked". I don't remember going through any diagnostic steps for that particular module.

Hi Pete, after further review, I put together a screencast showing it all working.

I DID have to make a few changes to get this to work with Azure AD, as I noted in the screencast.

Thanks Dino. We hadn't enabled the default the openid module. After that was enabled we hadn't set up the Drupal Block showing the OpenID Generic Log In button -- I thought that the block only provided look and feel and didn't realize it was critical functionality. We're good now, or better anyways.

@Dino - First I want to thank you for putting this together. All the videos and github code has been essential to getting us to using OIDC with our dev portal very rapidly.

A couple of related items. Since we're allowing users to self register so to speak how can we go about hiding or removing the "Register" link from the header area. Also since we've enabled the OIDC button we no longer require the native "login" button from the header.

Do you have any information or instructions on how we might do this?

@David Ryan , See similar discussion here. Hope it's helpful. Keep us posted if any.

Glad it's helpful!

Not applicable

Has anyone had luck renaming the "generic button"?

I tried creating a new connect client class by modifying the Generic class with my own name in the instances in both files, but when I push the changes the system just ignores my new class.

Also I wondered if there was anyway to support both an OpenID Connect login and the standard login. When I enable OpenID Connect it seems to hijack the login button in the traditional login box even when I enter a normal username & password.

@Keith Kowal , Answers for strictly for answers. Please post a new question.