Major problems with Shared signon installation
| Project: | Shared Sign-On |
| Version: | 6.x-1.3 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Hey,
I've been trying to get this module to work, with the basis for it being ok (a functional multisite with a shared database, no db prefixes so far).
However, the provided documentation is virtually non-existent, and I wasn't able to find information about what to do after installing this module (there ain't a lot of options to play with...) In the README file, there are how-to-steps for users who don't use this module in conjunction with Domain access, but none for us that do.
So:
- Should this module be working right away with Domain access by just defining the Master URL? Didn't happen. :/
- Should I put the provided $db_prefix-array to my conf files or not? If I do, my database still stays the same, which naturally causes the whole site to break down since there are no prefix_tables to make queries to.
- Anything else? I had a hard time believing that I seem to be the first one asking these questions.
Help :x
#1
Hmm. Well, I use it with Domain Access and 5.x, and that works. I'm pretty sure I also tested it with Domain Access and 6.x. I don't understand what you're saying in your second bullet point (possibly because I've been away from the Drupal community mostly for a few months :( ).
When you say "a functional multisite with a shared database, no db prefixes so far", that's what my testing was with.
The one thing you didn't mention is *how* it doesn't work. Does it make your entire site stop functioning? Does it have no discernable effect on your site at all? Does it redirect to some non-existant URL? Does the content from multiple sites appear, but all mixed together?
Thanks,
#2
Thanks for your answer.
Nothing breaks down, but the module just doesn't do anything. I have to log in and out separately on the two sites, and everything else works exactly like before, too.
Then the second bullet point revisited. The README file says, "If you're not also using the "domain" module", and below it in the bullet hierarchy, among other instructions: "Create the site specific and shared database tables defined in the "$db_prefix" variable (see details below)".
The provided details are outside the bullet hierarchy, so there's no way to tell logically whether this relates to installing with Domain access or not. If I do this step, it doesn't change my database structure at all. As a result, my Drupal installation halts and gives me just a bunch of MySQL errors, since it tries to find tables that don't exist (like 'prefix_table' instead of 'table'). So, in case this step is necessary as I think it is, I'd need some way to change the names of these tables and create new ones.
Please also have a look at this other profound problem I'm having: http://drupal.org/node/284320. I could imagine that the reason for these two *could* be the same (possibly having to do with the old PHP and MySQL versions?) since there's some seemingly strange stuff going on altogether.
#3
I happened to notice that I can get the functionality that I was looking for by just editing one line of settings.php. :O
I uncommented the line $cookie_domain = 'example.com'; and changed it to the right domain -> both single signon and single signout between the sites work perfectly even after disabling this module!
I really think this should be told about in the module description and possibly even remove the module for D6, since this core variable seems to replace it completely.
#4
Well, it's the first I've been told about it, but I'm no Drupal expert :). In other words, if we get an independant confirmation, I'll get rid of the 6.x version of this module. Although I'd be interested to know whether it works with OpenID, and when the domains are not subdomains of a common domain, and that sort of thing :).
#5
i also experience the same problem: shared sign-on simply does not work in my drupal installation (6.4, single db, multi-site with Domains module installed). i activate the module and "Integrate with the Domain module", but my other sites still think i'm logged out. this is true both of admin (user=1) account and other accounts.
i tried uncommenting the $cookie_domain, but this did not help.
#6
@jastern: Are you using subdomains or completely separate domains? In the latter case, there's no simple solution for SSO since it's a html standard that cookies are domain-specific. In other words, sub.domain.com, domain.com/dir and domain.com:7800 are ok for SSO, but anotherdomain.com can't be integrated to them without more advanced techniques.
#7
@convulsion: thanks for responding and trying to give a hand..
well, the sites we were trying to have single-signon for are all at the same level of subdomains: "a1.b.c.edu", "a2.b.c.edu", "a3.b.c.edu", and so on. and these are, of course, all on the same machine/IP, using the Domain modules. "b.c.edu" does not exist, and though there is a "c.edu" site, we do not control it -- it is controlled by another department on our campus and is on a different subnet.
however, these are all development sites.. when we go production, we will have sites such as "www.b1.c.edu", "www.b2.c.edu", "www.b3.c.edu", and so on. as far as i can tell, these still qualify as subdomains, though, right? not domains..
on the other hand, if it is true that single/shared-signon supports only subdomains, but not does not support completely separate domains (but the Domain modules do), then it would seem that a patch to the README, explaining this fact, would be in order (along with changes addressing the problems with the README which you listed in post #2)..
#8
Guess you have still tried with c.edu? It shouldn't matter whether you control the main domain or not, afaik $cookie_domain just means what will read in the cookies as the domain, it can be with or without a subdomain. If the defined (sub)domain is shared between the sites, then it should be possible to share the cookies too and make easy SSO possible. Also remember that you have to put the same thing in all sites' settings.php files.
I could be wrong too, and unfortunately can't help you further if this doesn't work. Did the trick for me.
#9
I cannot use the shared cookie trick because I have combinations including examplea.com, exampleb.info, and examplec.com.au. I tried Shared Sign-on 6.x-1.3 with Drupal 6.4and Domain Access 6.x-1.2. The documentation for Domain Access users could mention the administrative page settings. The administrative page could mention, for each text box, the effect of leaving each box empty and examples of multiple entries.
I received the following errors when I updated the Shared Sign-On administration page:
* The strings in useragents_case contain non-word characters (we allow [A-Za-z0-9_\.]* at the moment, and '
Google Yahoo BlogPulse ia_archiver Pingdom Teoma Netcraft Mnogosearch page.store libwww.perl libcurl del.icio.us wiji
' is a problem)
* warning: join() [function.join]: Invalid arguments passed in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 440.
* warning: join() [function.join]: Invalid arguments passed in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 440.
* warning: join() [function.join]: Invalid arguments passed in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 440.
* warning: join() [function.join]: Invalid arguments passed in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 440.
I tried emptying the strings and received:
Warning: preg_match() [function.preg-match]: Empty regular expression in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 278
Warning: preg_match() [function.preg-match]: Empty regular expression in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 280
Warning: preg_match() [function.preg-match]: Empty regular expression in /home/example/public_html/sites/all/modules/singlesignon/singlesignon.module on line 281
To get around the second problem, I changed a function:
<?php
function _singlesignon_is_bot()
{
global $_singlesignon_bot_matches;
return(
(
isset($_singlesignon_bot_matches['useragents_nocase'])
and $_singlesignon_bot_matches['useragents_nocase'] != ''
and preg_match($_singlesignon_bot_matches['useragents_nocase'], $_SERVER['HTTP_USER_AGENT'])
)
or
(
isset($_singlesignon_bot_matches['useragents_case'])
and $_singlesignon_bot_matches['useragents_case'] != ''
and preg_match($_singlesignon_bot_matches['useragents_case'], $_SERVER['HTTP_USER_AGENT'])
)
or
(
isset($_singlesignon_bot_matches['client_IP'])
and $_singlesignon_bot_matches['client_IP'] != ''
and preg_match($_singlesignon_bot_matches['client_IP'], ip_address())
)
or
(
isset($_singlesignon_bot_matches['target_url'])
and $_singlesignon_bot_matches['target_url'] != ''
and preg_match($_singlesignon_bot_matches['target_url'], request_uri())
)
);
}
?>
Update: I also had to turn FCKeditor off for that page to stop it wrapping paragraph elements around the strings.
#10
For what it's worth, I had this same error and it was because of FCKEditor. I added the path to the exclude paths area of FCKEditor settings and it fixed it. However, the Single Sign-On still wouldn't work with my Domain Access setup. Not sure why...
-Leighton Whiting
#11
I have this working locally with Domain 2.0RC8 and singleSignOn 1.3 with 3 different domains:
site1.com
site2.com
site3.com
I'd already installed Domain, made the necessary additions to my /etc/hosts (on my PC) to share the whole site (no separate tables at this stage) and tweaked my httpd.conf settings to point all domains at the same DocumentRoot.
I then logged on as admin to site1.com and added the two extra domains to the Domains configuration.
Then I went to the SSO configuration page and checked "Integrate with Domains" and entered site1.com as my primary domain. I then logged out of site1.com and cleared all the cookies in FireFox (not sure whether this is necessary, but seemed like a good idea).
Now, when I log back in to site1.com and visit site2.com and site3.com I'm already logged in. If I log out of site3.com and refresh the other two sites, I'm logged out of those too.
Basically, it's doing 100% what I wanted it to.
#12
subscribing.