Extending the Drupal 6 FINeID smart card authentication

On Sunday I wrote about Drupal 6 authentication with a FINeID card. In it I also claimed I was planning on expanding the Certificate Login module to facilitate an option for OpenID style identification, in which the user name doesn't need to be taken directly from the certificate but the user can instead be attached to any number of certificates. This is possible by using Drupal 6's authmap-table, which also Drupal's own OpenID module uses. I spent a few hours last night to investigate the possibilities and managed to write a working extension for the module, in which the greatest shortcoming is that the user can't inspect certificates attached to him/herself and can't remove them. If the patch is accepted to the module, however, I will add that feature also. Meanwhile, here's a short tutorial for anyone interested in taking matters in their own hands and using the patch.

Code changes

To use the new feature, you first need to apply the patch to the code. I recommend taking your module code from Drupal.org VCS according to the instructions, because the patch has been taken against it: $ git clone http://git.drupal.org/project/certificatelogin.git $ cd certificatelogin After this, download the patch from the issue. Move the downloaded patch to the certificatelogin directory that Git just created for you. Change to the directory and run the following command to apply the patch: $ patch -p0 < certificatelogin-authmap.patch patching file certificatelogin.module If the output differs from the above (and especially if the output has ”FAILED” in it), the patching probably failed. In this case you shouldn't continue until you've successfully completed the patching. One more thing: Move the module to your Drupal installation to a nice and warm directory (e.g. sites/default/modules/custom).


When you've moved the module under your Drupal installation and enabled it, bear with me a bit more: Visit the module settings site (admin/settings/certificatelogin). If you've previously used the module, you'll notice a new choice has appeared: ”Use authmap instead of user name.” Click it on. After this (save your settings and) visit path /login as a logged-in user. Click on the login button. If everything is as it should be, you now have a message ”Successfully added” and your certificate's information on your screen. Now certificate login works without the user name having to be the certificate ID string. Using the method above, you can attach multiple certificates to your user account. Unfortunately, for now you can only remove certificates directly from the database authmap table. That's it, have fun!



Drupal 7 CertificateLogin module

Are you actively supporting the drupal certificatelogin module? For Drupal 7, two of the features of this module don't seem to be supported. The automated role does not seem to appear. Also, the automated login fails - you have to first auth with your cert then log in manually. I am planning to support full pdval using this module, but probably will create a web service for this.

Add new comment

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <h2> <h3> <h4> <h5> <h6> <h7> <p> <img> <table> <tr> <th> <td> <br> <pre> <abbr>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.