Single Sign On - Drupal 7

Posted on Saturday, December 7, 2013

 

At times, signing on to multiple websites individually becomes hectic and time consuming process. Single Sign On authentication has overcome this problems and offers simple and less time consuming process. In Drupal, for single sign on or sso, you don't need to add any extra module. No extra configuration is needed. While Drupal development of your websites, you just need to make few changes in settings.php and you are done.

To use Drupal SSO authentication or single sign on functionality, you need the following:

The concept behind this implementation is that we have one set of root user tables. The sites refer these tables when logging people in or checking whether a person is already logged in. You need to use Drupal's table prefix for "shared table". After this you just set a cookie domain so that the Drupal websites share session information. For this, you have to make few adjustments to our settings.php (/sites/default/settings.php) file for the slave sites (the site whose user records will be referred from the master site) and a minor edit to the settings.php in your master site.

Master site configuration

For settings.php file in your master site you do not have to change much. Leave your $databases array as it as. Master site will store all the user names, passwords, and sessions.

  • Drupal websites for which you want single sign on should be on same domain.
    • forums.example.com
    • blogs.example.com
    • www.example.com
  • You must be using MySQL.
  • Your drupal websites should be on shared root domain. This is for cookie management of the sessions. The concept behind this implementation is that we have one set of root user tables. The sites refer these tables when logging people in or checking whether a person is already logged in. You need to use Drupal's table prefix for "shared table". After this you just set a cookie domain so that the Drupal websites share session information. For this, you have to make few adjustments to our settings.php (/sites/default/settings.php) file for the slave sites (the site whose user records will be referred from the master site) and a minor edit to the settings.php in your master site.

     

    Master site configuration

    For settings.php file in your master site you do not have to change much. Leave your $databases array as it as. Master site will store all the user names, passwords, and sessions.

    <?php $databases = array(
        
    'default' =>
        array(
            
    'default' =>
            array(
                
    'database' => 'drupal1',
                
    'username' => 'username',
                
    'password' => 'password',
                
    'host' => 'localhost',
                
    'port' => '',
                
    'driver' => 'mysql',
                
    'prefix' => '',
            ),
        ),
    );
     
    ?>

    There is one more change required in settings.php that will help you to specify cookie domain. While performing the process of Drupal development you have to make sure that cookie domain is not commented and to do so, delete #sign, which is at the beginning of the line. Set the same cookie domain to the name of your domain. Make sure to use dot (.) before the domain.

    $cookie_domain = '.example.com';

    Slave sites configuration

    The slave sites shall be connected to the Master site's database for certain tables, specially the ones that include user information. For settings.php file in your slave sites you need to specify master site database and call its users and other tables. We can do so by adding configuration settings within the "prefix" key of the $databases array.

    <?php $databases = array(
        
    'default' =>
        array(
            
    'default' =>
            array(
                
    'database' => 'drupal2',
                
    'username' => 'username',
                
    'password' => 'password',
                
    'host' => 'localhost',
                
    'port' => '',
                
    'driver' => 'mysql',
                
    'prefix' => array(
                    
    'default' => 'drupal2.',
                    
    'users' => 'drupal1.',
                    
    'sessions' => 'drupal1.',
                    
    'role' => 'drupal1.',
                    
    'authmap' => 'drupal1.',
                    
    'users_roles' => 'drupal1.',
                ),
            ),
        ),
    ); 
    ?>

    After this you need to configure the website to use the same cookie domain as you have done in the master's settings.php file.

    $cookie_domain = '.example.com';

    The method for a user login does not change, the user can just use the same user-name and password for websites, which we are using for single sign on. Logging into one will log you into all of them automatically. After making the above changes for master and slave sites you can now use single sign on facility provided by drupal's settings.php.

Disqus Comments