I'm trying to set up SSO with my Domain access sites - some are sub domains and some are different domains. In the SSO instructions under both the Controller and Client sections it says,
If you are using SSO with Domain Access and controller is subdomain of client sites (like login.example.com), make sure to edit $cookie_domain in settings.php to a proper domain name.
1. What does "and controller is subdomain of client sites" mean?
2. Do I enable the controller or client module (it only let's me choose one)?
3. What is the proper cookie domain if some are sub domains and some are different domains?
4. Do you still need "$conf['session_inc'] = 'sites/all/modules/sso/session.singlesignon.inc';" in settings.php?
Thanks.
Comments
Comment #1
aaron1234nz commentedsubscribing
Comment #2
vasikesubscribe
Comment #3
jratrw commentedI would also find documentation for this helpful.
I have three sites with different domains tied together with domain access. The sites are mostly identical and so most of the content is shared, and all of the modules are shared. Since the modules are shared I cannot enable a controller or client on one site without it being enabled on the other two. This causes conflicts since the controller and client cannot both be enabled.
Comment #4
meba commentedjratrw: you need to create a separate controller site with a separate database
Comment #5
bleen commentedsubscribe
Comment #6
xjmTracking.
Comment #7
asak commentedSubscribing.. for some bizarre reason i thought that getting DA and SSO playing nicely together was gonna be pretty easy... but... ;/
;)
Comment #8
bleen commentedI just went through this yesterday and I think I finally got it... I posted my step-by-step here: http://www.bleen.net/blog/domain-access-sso
Comment #9
kruser commentedNice work, I can't wait to give it a try.
Comment #10
mrgoltra commentedwill this work with more than 100 domains?
Comment #11
bleen commented@mrgoltra: I havent tried this on a site with more than 4 domains, but assuming your DB can handle the load I dont see why there should be any practical limit
Comment #12
mrgoltra commentedThank you bleen18. I will give it a try and see what happens?
Comment #13
Exploratus commentedThis worked beautifully. Brought tears to my eyes....
Comment #14
mrgoltra commentedhas anyone tried domain table prefixing?
Comment #15
bleen commentedyes ... do you have a specific question?
Comment #16
mrgoltra commentedThanks bleen18,
I am just wondering which tables need to be copied, need to be ignore, and need to be created. I have been playing around but haven't had any luck.
Thank you,
Mark
Comment #17
bleen commentedthe only tbls that need to be copied are users, sesssions, & authmap ... this way all the client sites will be using the same users
Comment #18
Albrecht Marignoni commentedIn other word I use three databases for one site with a subsite car.com/volkswagen ?
Is there an other module which can give me a better way to connect the user tables of two databases?
Comment #19
kruser commentedso I finally had a new project to try this out on, here's some of my results.
1. my existing site (pre da) was in /default, when copying the sessions table from the existing site to the login site, the login db had a different structure for the sessions table which included a domain column. So I altered the table manually in the existing db and re-exported.
2. Once I configured SSO controller/client, I could login to both sites (login and existing) using the same username, so SSO was working. I had to empty the sessions table though because I was getting a lot of errors about missing session ids.
3. I installed DA on the existing site and added a new site, but when I try to access the new site, no luck with SSO login, I just get an access denied page...
I can't even access it logged out, same error.
Any idea what I may be missing?
Comment #20
kruser commentedUpdate: The good news, I got the Access Denied to go away and SSO to work for the DA site. The bad news is that it was caused by Table Prefixing in DA - once I removed all of my table prefixes (I had blocks and menus set to 'create'), then it magically worked.
Any idea what the connection may be between sso and table prefixes - and how to get them to work together?
Comment #21
bleen commented@2440media2 ... it sounds like you are having conflicts with the $db_prefix variable in your settings.php ... are you defining it twice?
Comment #22
kruser commentedNo, I just have one array of prefixes for default, authmap, sessions, users, BUT that did lead me to discover something interesting in the readme of domain prefix....
So this is kind of depressing. I guess SSO and Domain_prefix can't work together?
Comment #23
davemybes commentedI am following bleen's instructions, but as soon as I log back into the master site (whether or not I add the sso $conf to settings.php), I get the following errors:
Looks like the Domain Access module is sticking its nose in there somehow. I have no idea why or how. On one attempt I didn't do anything other than create the master site, log out and the login again. Any ideas would be appreciated. I also tried different domain names - first was a subdomain, then a completely different name. Still the same error.
Comment #24
bleen commentedThere were several times when I got that ... as I recall, i just had to disable and then re-enable the SSO controller module on the master site
I may have had to "uninstall" it before reenabling - I cant recall
Comment #25
davemybes commentedThanks for replying. Your suggestion helped me figure it out. Here is my process for anyone who is interested:
This is actually pretty much the step-by-step that is in the README.txt of SSO.
By the way, if you get the error I mentioned above, remove the $conf line from settings.php and you should be able to login again.
Comment #26
hymalaya85 commentedI have a bug about single sign-on. I installed single sign-on Module completely.
i have two test site : http://localhost:3030/drupalssoclient1 (controller) and http://localhost:3030/drupalssoclient2 (client) . I logined into the site 1 after i went to the site 2 but Site 2 did not login into.
I think it don't save session
Comment #27
joshmillerre: #22
I have opened up an issue regarding our mutual issue:
#947298: SSO, Pathauto, and Domain_prefix are not compatible
Comment #28
joshmillerRe: #22 & #27...
#632950: DA, SSO and URL alias table prefixing this issue was found and fixed in the 6.x-Dev version.