Windows Azure Authentication module for Drupal using WS-Federation

At Microsoft Open Technologies, Inc., we’re happy to share the news that Single Sign-on of Drupal Web sites hosted on Windows Azure with Windows Live IDs and / or Google IDs is now available.  Users can now log in to your Drupal site using Windows Azure's WS-Federation-based login system with their Windows Live or Google ID. Simple Web Tokens (SWT) are supported and SAML 2.0 support is currently planned but not yet available.

Setup and configuration is easy via your Windows Azure account administrator UI.  Setup details are available via the Drupal project sandbox here.  Full details of setup are here.

Under the hood, WS-Federation is used to identify and authenticate users and identity providers.  WS-Federation extends WS-Trust to provide a flexible Federated Identity architecture with clean separation between trust mechanisms (In this windows Live and Google), security token formats (In this case SWT), and the protocol for obtaining tokens. 

The Windows Azure Authentication module acts as a relying party application to authenticate users. When downloaded, configured and enabled on your Drupal Web site, the module:

-Makes a request via the Drupal Web site for supported identity providers

-Displays a list of supported identity providers with Authentication links

-Provides return URL for authentication, parsing and validating the returned SWT

-Logs the user in or directs the user to register