Domain Access & SSO

It has been a bit of an adventure getting the SSO module to work with a site that already utilizes the Domain Access module. I got this all working yesterday... hopefully this clarifies things for people. I got a lot of help by reading the UPGRADE.txt that comes with SSO and by reading this issue:

These steps assume you already have a site setup using Domain Access and you have a couple of domains/sub domains going.


  2. Download the SSO module to sites/all/modules
  3. Follow these instructions on test site first
  4. After practicing on a test site and you're ready to go on your production site, you must put your site in maintenance mode during this whole setup because your sessions table can't change during this process

Master Site Setup

Think about Facebook Connect here. The "master site" is and the "client sites" are all the other sites in the world that use facebook connect to let users login/hook into facebook. So to make this work, we use Drupal's built-in multisite support to create a "master site."

  1. Create an empty database for your master site to use. Make sure that the mysql user that connects to your existing db has access to this new db
  2. Create a new directory in your existing folder structure: sites/ (dont forget to setup apache and/or your hosts file to handle this new domain)
  3. Copy sites/default/default.settings.php to sites/ (make sure it's writable)
  4. Open your browser and visit and you should see the normal Drupal new-site setup page. Go ahead and set everything up using your brand new DB. Use the same username & password for you admin user that you use in your existing site.
  5. LOG OUT
  6. In your existing DB, do a mysql dump of the `user`, `sessions`, & `authmap` tables. If you're using phpmyadmin (which I recommend unless you are a mysql command line wiz) make sure you check 'Add DROP TABLE'. Copy the resulting SQL to your clipboard
  7. In your new DB, import those 3 tables. In phpmyadmin, click the SQL tab and then paste in the SQL from the previous step
  8. Edit your sites/ and add this line:
    $conf['session_inc'] = 'sites/all/modules/sso/';
  9. Go back to and login as the admin user (UID=1)
  10. Enable the SSO controller module
  11. Go to the controller settings page at 'Administer > Settings > Single sign-on controller' and note down the information on that page

Client Site (aka Existing Site using Domain Access) Setup

These steps will ensure that users on your existing site (regardless of what domain they are visiting) only have to login once.

  1. Log Out
  2. Edit your sites/default/settings.php and add the following:
    $db_prefix = array(
      'default' => '', // <-- If your existing db uses a prefix, enter that prefix here instead of ''
      'authmap' => 'controller_database.', // <-- note the '.'
      'sessions' =>'controller_database.',
      'users' => 'controller_database.',

    Note: This code tells your existing site to use the user, session, and authmap tables from's db instead of your existing db

  3. Test that this worked by logging into your existing site as the admin user (uid=1). You should login without any problems
  4. On your existing site, enable the SSO Client module. If you get any errors here, dont worry.
  5. Edit your sites/default/settings.php and add this line:
    $conf['session_inc'] = 'sites/all/modules/sso/';
  6. Go to the controller settings page at 'Administer > Settings > Single sign-on client' and fill in the info you noted earlier.
  7. That should do it