I would like feedback and recommendations on researching how Drupal generates unique keys for a new Drupal installation and how OpenID utilizes the keys when validating a new user Session for a valid user account.
Subjects Involved
1) Building a multi-site deployment system that will create new Drupal multi-sites using database replication.
2) Each site requires integration with an OpenID server and authentication of local users accounts to OpenID.
Research
1) Conflict Resolution.
I have conducted a comprehensive analysis of all modules, settings, and themes required for my project. At each step I tested OpenID authentication and each time it successfully created a user session.
2) Simulated Deployment
a) Dumped "working" Drupal build to a sql database dump
b) Archived the source code into a gzip file.
c) Uncompressed the source into a new Drupal http directory.
d) Changed settings for the default site based on new URL/Settings
e) Restored database dump into new database for deployed site.
f) modified basic site data to simulate deployment scripts.
G) Loaded new "deployed" Drupal site and loaded on first try.
h) Attempted to login using OpenID server, account validated, redirects back to Drupal.
i) Drupal does nothing; returns user to homepage as UnAuthenticated user.
3) Stepping through execution path
I use xdebug to debug my local php environment and tracked the total request path from Drupal -> OpenID Server -> Drupal.
Everything works fine until the OpenID method attempts to validate the user Session. The session of object is always returned as an empty array.
This does not occur on the Drupal test site where I built the site from scratch, only on "deployed" sites.
Does anyone have experience with either the OpenID module and or session management within Drupal?
Does anyone have experience with the drupal site key (Drupal_get_private_key ()) and what values/records are used to generate and validate a Drupal site as unique?
My goal is to identify what aspects of Drupal in the database or on the file system are required to uniquely identify a Drupal site so I can automate the "uniqueness" when automatically deploying websites as sub-sites for a parent Drupal site. Any links to discussions or actual answers would be greatly appreciated.
-- Robert.
Comments
$site_key = md5($base_url .
Thats from update module - _update_refresh()
Not sure what it is for?
Hello Moshe,
Thanks for the post however I am not sure how the site key will help me. The key thing I am trying to figure out is what properties unique identify a drupal site?
I have found two variables
drupal_private_key
form_build_id_page
The following equations generate similar values based on a URL.
$sitename = 'Example Site';
$base_url = 'http://www.example.com';
$privatekey = md5(uniqid(mt_rand(), true)) . md5(uniqid(mt_rand(), true));
$site_key = md5($base_url . $privatekey);
$drupalkey = md5($sitename . $privatekey);
print('Sitename = '.$sitename.'<br />');
print('Base URL = '.$base_url.'<br /><br />');
print('Privatekey = '.$privatekey.'<br />');
print('Privatekey Length = '.strlen($privatekey).'<br /><br />');
print('Sitekey = '.$site_key.'<br /.>');
print('Sitekey Length = '.strlen($site_key).'<br /><br />');
print('DrupalKey = '.$drupalkey.'<br />');
print('DrupalKey Length = '.strlen($drupalkey));
What other variables and properties make a site unique and how does this affect session management?
More importantly how does it affect the OpenID module?
Ideas anyone?
Robert Foley Jr
Solutions Architect
http://www.robertfoleyjr.com
Update and resolutions
Hello,
Just a little update on this issue, I found a few tweaks and solutions.
a) Drupal Cron and update.
When automatically deploying a site (using my prepriotory tool) I had to force a cron job to run to update the site keys and site settings. Most of it was "magic" that I couldn't identify in Drupal. But running this seemed to fix data problems.
b) OpenID module does not support proxied sites behind a router
So most of my development was behind a router on my local network. Stupid me, I was attempting to validate against an OpenID server that was on the Internet. Moved my development build of Drupal to a server with a valid URL and IP onto the Internet and BAM, the OpenID server properly validated the Drupal site and the accounts.
Combining both a) and b) seemed to fix my problems.
Robert Foley Jr
Solutions Architect
http://www.robertfoleyjr.com