SSO possible in multisites with different database ?

Events happening in the community are now at Drupal community events on www.drupal.org.
tejaspmehta's picture
Posted by tejaspmehta on February 4, 2010 at 10:35am

Hello Everyone,

I have found that with module of SSO (http://drupal.org/project/sso) one who has created login at master site can access all multisites. Now my problem is i have different database for all multisites and i want to make this type of single login to work for my specific websites with permissions.

like user1 can login to
master site
site1
site2

user2 can login to
master site
site2

so is it possible ? as per SSO module we have to make change in settings.php file that is okay but they have not written in their readme.txt of other files that it will work with different database.

Anyone who have idea on this can please help me out.

Thank you
Tejas Mehta

Comments

As long as it's not shared hosting and is on the same machine

Posted by btopro on February 4, 2010 at 5:29pm
btopro's picture

SSO works to the fullest by sharing tables across your infrastructure. Look into the $db_prefix variable and how you do things with it. Here's what you'd typically do

Master Site -- Nothing different other then what SSO says

Site 1,2,3,n settings.php
$db_prefix = array(
'default' => '',
'users' => 'MASTER.',
'authmap' => 'MASTER.',
'profile_fields' => 'MASTER.',
'role' => 'MASTER.',
);

Now, a user can log into ANY site in the network with the same username / password. BUT you can make them different roles per site. So, what you do is basically treat an authenticated user account almost the same as an anonymous one. Make a new role called like "site user" or whatever. Now you can give user 2 "site user" in only the sites they should be a user in without them having that level of access in the other sites.

Starting to become pretty common practice to do this and I've implemented it on a lot of different sites with and without the SSO module. A word of caution -- I've had things conflict with SSO if they also want to handle login stuff so just be careful of that. My issue revolved around SSO and Gigya login stuff but you don't even need SSO to get what you're asking for. The only thing SSO will do is make is so that if u log into 1 site you'll automatically be logged into all.

Convenient but typically not required.

Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/

Hello btopro, Thank you for

Posted by tejaspmehta on February 5, 2010 at 5:33am
tejaspmehta's picture

Hello btopro,

Thank you for your answer. You have said that "SSO works to the fullest by sharing tables across your infrastructure. " but my main problem is i have different database so i have to share this user, profile and role tables to share. but how to make it share ? do you have idea on that ?

we can workout on permission later but problem is how my database2 will have access on database1 tables ? sometimes it is also possible that both database have different username and password. Here in this case i am stuck.

Also i have tried your way.

Posted by tejaspmehta on February 5, 2010 at 6:18am
tejaspmehta's picture

Also i have tried your way. Now here is what i did.

Enable SSO Controller module in master site and added one line in settings.php.

After than Enable SSO client module with one line added in settings.php
but i do not understand meaning of this provided in readme.txt file.

On MySQL, you can use 'database_name.' as a prefix to share the tables directly from the controller's database, and use a blank prefix for the client tables (which reside in the client database):

   $db_prefix = array(
     'default'        => '',
     'authmap'        => 'controller_database.',
     'sessions'       => 'controller_database.',
     'users'          => 'controller_database.',
   );

Now my question is where i have to define database name of master website ? at default ? and what will be replaced by controller_database ?

as i tired to make it as follows

   $db_prefix = array(
     'default'        => '',
     'authmap'        => 'master_db_name',
     'sessions'       => 'master_db_name',
     'users'          => 'master_db_name',
   );

but as soon as i added this line my site stopped working.

$db_prefix = array(

Posted by btopro on February 5, 2010 at 2:54pm
btopro's picture

$db_prefix = array(
'default' => '',
'authmap' => 'master_db_name',
'sessions' => 'master_db_name',
'users' => 'master_db_name',
);

You're adding a prefix here SO it needs to be master_db_name. with the period at the end. Otherwise it'll look for table names like "master_db_nameusers" which doesn't exist and therefore the site'll go down.

Ex Uno Plures
http://elmsln.org/
http://btopro.com/
http://drupal.psu.edu/

Hello btopro, sorry for late

Posted by tejaspmehta on February 8, 2010 at 8:45am
tejaspmehta's picture

Hello btopro,

sorry for late reply. was busy with other work.
now i have added something like this in settings.php file.

$conf['session_inc'] = 'sites/all/modules/sso/session.singlesignon.inc';
$db_prefix = array(
     'default'        => '',
     'authmap'        => 'multisitesdb.',
     'sessions'       => 'multisitesdb.',
     'users'          => 'multisitesdb.',
   );

where multisitesdb is master db.

but after that when i enter controller site details and save it than my site go down. do not know what exactly i have to do.

i appreciate your help. now i am much closer to solution with help of your suggestions. i hope that you provide me your suggestions whenever you get time.

Thank you
Tejas Mehta

I have solved problem. I was

Posted by tejaspmehta on February 9, 2010 at 8:26am
tejaspmehta's picture

I have solved problem. I was doing all right thing but problem was different. My master site has super-admin with uid=1 has different login name than my child site super-admin with uid=1. So when i try to set values in SSO client module it choked out everything. Now i try my child site assigned same admin name as my master site and it worked. Do not know why this was happened and it kept me almost a week on a bay.

Now only problem i got here is in my sites i got message like this

"Only one single sign-on module can be installed at a time. Please disable single sign-on client or controller on this site."

now my all modules in multisites are in same sites/all/modules folder. i have not set separate module's folder for every website. can anoyone help me out in this ?

Also i want to assign some permission like if user1 is registered than he can surf only his sites assigned.
like user1 can login to
master site
site1
site2

user2 can login to
master site
site2

Thank you
Tejas Mehta

i have solved my all

Posted by tejaspmehta on February 11, 2010 at 10:08am
tejaspmehta's picture

i have solved my all problems. Thanks btopro for your guidelines. Now i have last question.

I have enable SSO on my master and few child sites. But on child sites it keep telling me like this

"Only one single sign-on module can be installed at a time. Please disable single sign-on client or controller on this site."

i tried to figure out but do not know why it still shows me. If anyone has similar issue than please let me know solution

Thank you
Tejas Mehta

Can this be done in Open atrium?

Posted by s.grossman on March 15, 2011 at 4:22am
s.grossman's picture

Hi there,

I am fairly new to drupal and curious- how can I incorporate this in open atrium which is running on aegir? is it the same process? What are your recommendations.

Thanks,

Can this be done in Open atrium?

Posted by s.grossman on March 15, 2011 at 4:22am
s.grossman's picture

Hi there,

I am fairly new to drupal and curious- how can I incorporate this in open atrium which is running on aegir? is it the same process? What are your recommendations.

Thanks,

Multisite

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: