Normal PHP session support

[matt]

Any updates on that discussion? Are folks still actively working on
this?

[totten]

On Aug 13, 10:53 am, matt <autodidactic....@gmail.com> wrote:
> Any updates on that discussion? Are folks still actively working on
> this?

Good question.

I worked on this a few months ago. The session management worked, and
I was able to create a small network of Drupal sites, with some Drupal
sites acting as SP's and another as IdP. This required updating
simpleSAMLphp, updating the Drupal module "simplesamlphp_auth", and
adding a new Drupal module "simplesamlphp_idp."

Work hasn't progressed since then because our project has changed
direction a bit. However, our work may be useful. You might try these
steps:

1. Switch simpleSAMLphp to revision #1502. The patches may work with
newer versions, but I haven't tried it, and I haven't been following
simpleSAMLphp's development closely. In any case, #1502 is the last
revision that I tested.

$ cd <SIMPLESAMLPHP_DIR>
$ svn sw -r 1502 http://simplesamlphp.googlecode.com/svn/trunk/

2. Extract the patch and modules:

$ wget http://think.hm/drupal-saml/drupal-saml-patch.tar.gz
$ tar xvzf drupal-saml-patches.tar.gz

3. Apply the patch:

$ patch -p0 < drupal-saml-patches/simplesamlphp-drupal-session-
r1502.diff

4. Install the bundled Drupal module "simplesamlphp_auth" or
"simplesamlphp_idp"
depending on whether the Drupal site will operate as a service
provider
(SP) or identity provider (IdP). Note that each module includes a
README.txt with more details.

The IdP stuff works well enough for demonstration purposes, but it has
some issues that would be unacceptable in production. For example, on
my all-Drupal test network, a user can login and neglect to logout --
after a while, the session on the IdP expires. Once the session
expires, SLO breaks.