Domain Access & SSO

It has been a bit of an adventure getting the SSO module to work with a site that already utilizes the Domain Access module. I got this all working yesterday... hopefully this clarifies things for people. I got a lot of help by reading the UPGRADE.txt that comes with SSO and by reading this issue: http://drupal.org/issues/595802

These steps assume you already have a site setup using Domain Access and you have a couple of domains/sub domains going.

Prep

  1. BACKUP EVERYTHING!!!
  2. Download the SSO module to sites/all/modules
  3. Follow these instructions on test site first
  4. After practicing on a test site and you're ready to go on your production site, you must put your site in maintenance mode during this whole setup because your sessions table can't change during this process

Master Site Setup

Think about Facebook Connect here. The "master site" is facebook.com and the "client sites" are all the other sites in the world that use facebook connect to let users login/hook into facebook. So to make this work, we use Drupal's built-in multisite support to create a "master site."

  1. Create an empty database for your master site to use. Make sure that the mysql user that connects to your existing db has access to this new db
  2. Create a new directory in your existing folder structure: sites/login.mysite.com (dont forget to setup apache and/or your hosts file to handle this new domain)
  3. Copy sites/default/default.settings.php to sites/login.mysite.com/settings.php (make sure it's writable)
  4. Open your browser and visit http://login.mysite.com and you should see the normal Drupal new-site setup page. Go ahead and set everything up using your brand new DB. Use the same username & password for you admin user that you use in your existing site.
  5. LOG OUT
  6. In your existing DB, do a mysql dump of the `user`, `sessions`, & `authmap` tables. If you're using phpmyadmin (which I recommend unless you are a mysql command line wiz) make sure you check 'Add DROP TABLE'. Copy the resulting SQL to your clipboard
  7. In your new DB, import those 3 tables. In phpmyadmin, click the SQL tab and then paste in the SQL from the previous step
  8. Edit your sites/login.mysite.com/settings.php and add this line:
    $conf['session_inc'] = 'sites/all/modules/sso/session.singlesignon.inc';
  9. Go back to http://login.mysite.com and login as the admin user (UID=1)
  10. Enable the SSO controller module
  11. Go to the controller settings page at 'Administer > Settings > Single sign-on controller' and note down the information on that page

Client Site (aka Existing Site using Domain Access) Setup

These steps will ensure that users on your existing site (regardless of what domain they are visiting) only have to login once.

  1. Log Out
  2. Edit your sites/default/settings.php and add the following:
    $db_prefix = array(
      'default' => '', // <-- If your existing db uses a prefix, enter that prefix here instead of ''
      'authmap' => 'controller_database.', // <-- note the '.'
      'sessions' =>'controller_database.',
      'users' => 'controller_database.',
    );

    Note: This code tells your existing site to use the user, session, and authmap tables from login.mysite.com's db instead of your existing db

  3. Test that this worked by logging into your existing site as the admin user (uid=1). You should login without any problems
  4. On your existing site, enable the SSO Client module. If you get any errors here, dont worry.
  5. Edit your sites/default/settings.php and add this line:
    $conf['session_inc'] = 'sites/all/modules/sso/session.singlesignon.inc';
  6. Go to the controller settings page at 'Administer > Settings > Single sign-on client' and fill in the info you noted earlier.
  7. That should do it

THANK YOU SO MUCH FOR THIS

Bob H (not verified)
THANK YOU SO MUCH FOR THIS GUIDE. I've been looking for it everywhere. I've now incorporated it into my website below, Thank you very much.

Thank you. Very helpful

Karol P (not verified)
Thank you. Very helpful article. Much appreciated!

So what happens when a new

Adrian (not verified)
So what happens when a new user creates an account on your website how will that be copied over to the Controller database?