30 October 2016 - Present, Government Intranet has got more than 50,000 users and it is built in Drupal 7 and 8, Migrate Drupal, Drupal Upgrade, Migrate Plus, Migrate Tools, Team Space, Organizational Group, Mapplic, Feed.
HMRC is a very big Government Intranet which serves more than 75,000 users ad it is integrated with a very complex IDAM/SSO system and multiple Custom CRM.
Integrating Drupal with IDAM/SSO systems, ideally exploiting existing reusable components
HMRC required the integration of their Complex CRM System with Drupal. They have a LDAP (Lightweight Directory Access Protocol) Directory containing more than 70,000 active users.
I installed, configured and exploited the LDAP module package for authentication, authorization, migrate user information, set up servers and implement the single sign on functionality.
As result, each user was automatically signed on in Drupal if was found active in the LDAP directory. All the information attached to them was also migrated into Drupal from the CRM: Telephone, Roles, Permissions, Address, Location, Manager, Title, Skills, PIN Number, Mobile Number, Organisational Unit, Group Information.
Now I want to describe a little bit how I did implement and exploit the SSO (Single Sign On works). Users are automatically signed in if they can be located from the LDAP (Lightweight Directory Access Protocol) Directory. It means if users are inside the windows active directory, then an account will be automatically be mapped in Drupal.
There is a project in drupal 7 called ldap which includes all these sub modules for authentication, authorization, servers set up and single sign on:
$cd sites/all/modules/custom/ldap
$ls
$ldap_authentication ldap_authorization ldap_feeds ldap_help ldap_query ldap_servers ldap_sso ldap_test ldap_user ldap_views
The concept is very simple: on the first access to the Intranet which is by default this URL: "/user/login/sso", the ldap_sso module checks if the user is already logged in the Windows Active directory and if so it automatically logs the user in Drupal. The way that the process kick off can be seen from this hook_menu:
/**
* Implements hook_menu().
*/
function ldap_sso_menu() {
$items = array();
$items['user/login/sso'] = array(
'title' => 'Log In',
'page callback' => 'ldap_sso_user_login_sso',
'access callback' => '_ldap_authentication_user_access',
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
All the work is done by the ldap_sso_user_login_sso()
function which retreive the Remote user and it checks if it also exists in the local Drupal DB.
All the information attached to the user also get migrated through a specific mapping that can be set in the LDAP admin. Basically you decide which fields you want bring down to Drupal. For HMRC Intranet I migrated the following fields: Telephone, Roles, Address, Location, Manager, Title, Skills, PIN Number, Mobile Number, Organisational Unit, Group Information. The idea is that the user information are stored into a central CMR system and Drupal synch the info that needs to display in the front end.
Developing reusable forms-based data collection modules incorporating workflow logic in Drupal
HMRC required a complex Content Management System for their internal Documents: Events, Forums, Manuals, News and Site Sections.
I installed and configured the following reusable form module system provided by Drupal CMS: Ckeditor, Ctools, Content Types, Node, Entity reference, Field collection, Group, Meta Tags, Organic groups, Workflow, Panels, Path auto, Rules, Revisioning, Role delegation, Search, Taxonomy, Views and Webform.
The result was that moderators can setup a Daft, Import new Documents through CSV feeds, Share Documents only with a specific Group, Publish their Documents, Grant permissions only to certain users from allowed Groups, create News Article to specific Site Sections.
Drupal 7 and 8, Migrate Drupal, Drupal Upgrade, Migrate Plus, Migrate Tools, Team Space, Organizational Group, Mapplic, Feeds Import, Form API, Ctools (Multistep form), Workflow, Integrate Drupal with other Government Systems (LDAP, Single Sign-On secure connections, User Roles, Password Management, Central User Repository), Content types, Views, Bulk Operations, Features, Panels, Entity API, Custom module development, hooks (schema, install, menu, form_alter, theme, permission, field_widget_form_alter), GitHub.
The intranet has got 75,000 active users. My main tasks are ldap authentication, cron jobs maintenance, create new drush commands and field importers, create new site sections, panels, views, features, reusable multi step forms using Ctools and workflow. Improve the performance of the query and page load through Drupal cache, memcached and varnish. Create maps and locate each users on the map. Delete inactive users. Recently I'm working with Migrate Drupal, Drupal Upgrade, Migrate Plus, Migrate Tools in order to set up custom migrate modules (from D7 to D8) for different content types, Taxonomies and Blocks.
I work as a Senior Drupal Developer in a team of 6 other developers (1 front end, 4 Senior Drupal Developers and 1 system admin), I built custom modules for the Intranet such as maps, cron jobs, feed imports, drush commands, block inactive users, reusable multi step forms using Ctools and workflow and custom migrate modules. Users login into the Intranet though an LDAP authentication.
Technologies and Methodologies: Drupal 7 and 8, Panels, Entity API, Form API, Hooks. Tools: PHP Storm, GitHub, Putty, PHP-unit test, Apache, Varnish. Changes are requested through pull requests and code reviews.