Drupal 10 compatibility

[cobadger-aten]

We use the stanford_ssp module for authenticating users with fsh.stanford.edu (and likely other Stanford sites). Having reviewed the lengthy discussion on drupal.org regarding the path forward for a stable version of the simplesamlphp_auth module (a dependency on stanford_ssp) we're not confident that a stable version will be released in time for Drupal 9's end of life.

The issue thread linked to above has a workaround that includes forking the simplesamlphp library, yet it's not clear that the maintainer of that fork is interested in maintaining it long-term.

We're inclined to deprecate stanford_ssp on the FSH site and implement Drupal's Saml Authentication module unless the Stanford web team has plans for stanford_ssp that don't rely on a dev version of simplesamlphp_auth.

What plans are there to update stanford_ssp for Drupal 10 compatibility?

[jbickar]

Hi @cobadger-aten, thank you for being proactive on this on behalf of FSH. SWS is actively working on a solution to this issue, as we share many of the same concerns. Once we have a proposed path forward, we'll post an update on the project page here and reach out to you directly.

[joelsteidl]

Thanks @jbickar. I'm one of @cobadger-aten's colleagues and had the same question for some other Stanford sites we maintain. I have successfully used https://www.drupal.org/project/samlauth on other SAML based integrations and have always wondered if it would work well with Stanford SUNET SSO. It is far simpler to setup and doesn't require the complexity of https://www.drupal.org/project/simplesamlphp_auth

Looking forward to hearing your path forward!

[pookmish]

At this time we're beginning to develop a module to implement some of the features for the samlauth module. Depending on which features you currently use of this module, you probably could implement samlauth today with very little effort. Single site installations are definitely much easier to implement than solving for 2000+ sites.

I was able to get samlauth installed and working in very short time using the same saml certs as simplesaml. We sign our authentication requests using a signing cert, so there might be some small differences than the way you are running. In all though, if you don't use our Workgroup API role mapping feature of this module, I'd suggest to go for it. We will likely have something like stanford_samlauth in the upcoming weeks and it should just add some features like the workgroup api to the authorization part.

[pookmish]

Hi @joelsteidl & @cobadger-aten, We've put togeather a Stanford SamlAuth module that does all the same things that this module does. It even provides an upgrade path for the configs that should work for your application. Have a look at the readme documentation. There's probably only 2 lines to add to the settings.php file and then install the module like any normal composer drupal package.

Please reach out in that repo issues if you have any issues or questions.