Bakery Optional SSO

This module allows the single-sign-on system provided by the Bakery module to be optional, rather than required for all users.

Users who first create an account on the Bakery master site will be able to visit the slave sites have their account information and sessions propagated (just like they normally can on sites using Bakery). However, users who try to register on the slave site will be allowed to create a completely local account.

This is useful in situations where, for example, site administrators are required to have shared accounts spanning multiple sites, but regular end users should only be able to create accounts on a single public-facing site. It is similar to other optional single-sign-on systems (for example, OpenID) in that respect, but the user experience is simpler all around.

How to use it

1. Configure the Bakery module as you normally would. (This module depends on Bakery being enabled and configured correctly in order to work.)
2. On the slave sites where you intend to enable this module, grant all authenticated users the Bakery module's "Bypass Bakery" permission. (Make sure you are aware of the implications of doing so; for example, users with shared accounts will not be automatically logged out of the slave site when they log out of the master site.)
3. Enable this module on the Bakery master site, and on any Bakery slave sites for which you want to make the single-sign-on system optional. Do not enable it on any other slave sites in your system.

Current status

This module should work, but it is still experimental! Do not enable it on production websites unless you know what you are doing and willing to take the risks.

Credits

This project was sponsored by Advomatic.