Bakery SSO FAQ

Last updated February 3, 2013. Created by coltrane on April 1, 2011.
Edited by adixon, David_Rothstein, dominict. Log in to edit this page.

Bakery SSO FAQ

http://drupal.org/project/bakery

What is Bakery?
Infrastructure-wide single-sign-on system.

Why is it called 'Bakery'?
Because its primary concern is baking cookies and distributing them.

Why should I use Bakery?
You have more than one Drupal installation, and you want them to share user data/sign-ons across one domain and its subdomains.

Can I use Bakery on different domains?
No, Bakery only works for sites on the same domain, like store.example.org and www.example.org and will not work for sites on different domains.

Do my Drupal installations need to be on the same machine/hosting service to use Bakery?
No, by installing Bakery on all related installs, each site or sub site will be able to access the main cookie created by Bakery.

Why do I need a copy of Bakery on each install?
The install on your master site creates the cookie, and the installs on the other sites are waiting for specific information from that cookie. The sub sites use the information about the cookie domain and the key to find the right related Bakery cookie.

I've created a new user on the Master site, but the user is missing from one of the slave/sub sites. What's wrong?
User accounts are copied to slave sites only as needed. The user account must log in initially via the master site, and then navigate to the sub site. Their account will be created and logged in seamlessly.

I already have a combination of multi-site Drupal, or separate installs on different servers, sharing the same user database tables. How is Bakery different?
Bakery does not share any of the user related tables. This is a huge bonus for scalability and ease of maintenance. In other words, with Bakery we could update different drupal.org domains at different times, while allowing users access between versions.

If the user databases are shared, how are they synchronized?
There are some synchronizations: If you edit your user account on drupal.org some of the data is updated on the slave sites. Read more about what it means to use Bakery.

What happens when a password is changed on one site, will it be changed on the other sites?
Logins are handled by the master site only, there is only one password. Because authentication on slave sites is forwarded to the master site, slave site account passwords are randomized by Drupal.

How does Bakery handle sessions? If you log out from one sub-domain are you logged out of all sub-domains?
Yes, logging out from any part of the shared Bakery login sites will log a user out from all.

Can I convert my site to Bakery from another SSO method? Maybe. If you are using the standard multisite architecture with an independent, shared user database, see the article written about how to convert it to Bakery (http://drupal.org/node/962932).

What is "master" and "slave" about?
Bakery documentation and discussion makes repeated reference to the words "master" and "slave". The terms stem from the common communication model between devices or processes in computer systems where one has unidirectional control over another. In Bakery's case, the master is the site with authoritative account and authentication information. The master is occasionally referred to as the "main" site. The slave site can be referred to as the "subsite", but since Bakery does not enforce top-level and sub-domains the term "subsite" may be incorrect for some instances.

What's the deal with the leading period on the cookie domain?
As stated on the Bakery 6.x installation instructions the Bakery cookie domain needs to be set with a leading period, (e.g. .example.org). You may notice that Drupal's settings.php recommends to not include a leading period before the cookie domain. Drupal's settings.php cookie domain and Bakery's cookie domain are for two different cookies. Bakery sets a cookie as part of the SSO process, and that cookie must be read by other sites on the same domain. When a cookie's domain is set with a leading period it allows subdomains of that domain to read it. Drupal's settings.php cookie is the session cookie for authenticating a user, and you very rarely want it shared with subdomains.

Where do I set the weight of Bakery so it will work with Organic Groups?
If you use Bakery with OG, make sure that Bakery has a lower weight in Drupal's system table than OG. How to update a module's weight.

Troubleshooting Tips have moved to http://drupal.org/node/1906906