Enabling this on the client site redirects it back to controller site. This means anyone who tries to access the client site gets redirected. This doesn't make any sense, is this by design ? Anyway to stop that from happening ? I only want the users from the controller site to be logged in to the client site and visitors on the client site to stay on that site.

Comments

Albrecht Marignoni’s picture

I had the same problem during my first installation.
After my secounf installation SSO said that I can not install two controler.
I don´t know what is going around there.

Isostar’s picture

I had the same problem. After trying all kind of tricks it was suddenly solved. I think it was caused by an extra 'space' at the end of the private key string

drup_lr’s picture

Hi ,

we have a controller site(https://controllersite) and client sites(http://clientsites) ,

when ever i try to visit client site http://clientsites i am redirected to controller site https://controllersite and have to accept the ssl certificate and then redirects me to http://clientsites but i don't want this behaviour .

please help me to solve this

Thanks

damienmckenna’s picture

Am experiencing this myself.

damienmckenna’s picture

This seems to be controlled in signlesignon_client.module, see singlesignon_client_boot() line 61:

  // Users without a global session must go through the authentication flow.
  if (!isset($user->global_sid) || $user->global_sid == '' || $claim) {

The way Drupal works is that every page request has a session tied to it, even anonymous users. This SSO module makes all sessions be kicked through the SSO controller, meaning that all visitors will first go through the controller before they can see the client site. So, in effect with Drupal 6 this is going to happen.

There is a chance of being able to avoid the need for the first session check by using Pressflow, which allows for session-free anonymous users, but I will have to investigate it.

damienmckenna’s picture

Title: Is Single sign-on client suppose to redirect to controller site ? » Ignore anonymous users
Category: support » feature

As a way of giving some direction to this discussion, I think the SSO module should be changed to ignore anonymous users, to handle them differently, and only go through the SSO process when the user tries to login properly.

damienmckenna’s picture

Component: Documentation » Code