[development] Single signon question
Greg at GrowingVentureSolutions.com
Wed Jan 5 16:49:43 UTC 2011
Can you expand on the Bakery+LDAP issues?
And, maybe file it as an issue? ;)
Greg Knaddison | 720-310-5623 | http://growingventuresolutions.com
Mastering Drupal | http://www.masteringdrupal.com
On Wed, Jan 5, 2011 at 9:20 AM, antgiant <antgiant+drupalDevel at gmail.com> wrote:
> Bakery is what Drupal.org and groups.drupal.org uses for SSO. However, be
> warned that it doesn't play nice with the LDAP modules and if your user's
> clock is off by more than you session expiration amount they will only be
> able to log in with firefox.
> On Wed, Jan 5, 2011 at 10:00 AM, Dave Metzler <metzler.dl at gmail.com> wrote:
>> Not sure I agree with this statement. SSO does not demand the sharing of
>> the sessions table, but there are some things you will want to consider how
>> you will share across the sites.... Such assail address and profile
>> pictures. Anyway, this is starting to sound like a support question more
>> than a development question... you might get better answers about how
>> people use the products on the support forums and lists.
>> The CAS module provides some minimal functionality for saying, if you're
>> logged into site A then you are logged into site B as well.
>> Sent from my iPad
>> On Jan 4, 2011, at 9:51 PM, "Roberto Gorjão" <roberto at asenseofdesign.com>
>> > Hi Paolo,
>> >> The SSO must permits us to:
>> >> 1) Normalize already registered users and automatically get them access
>> >> to
>> >> all site's network.
>> >> 2) Same thing as before but for new registered users.
>> > 1- SSO doesn't "normalize" already registered users. As each database
>> > has,
>> > currently, it's users table, you'll have to merge users of all future
>> > "client" sites into the users table of the future "controller" site.
>> > Then,
>> > when setting up SSO, only this last users table will be used and the
>> > others may even be dropped.
>> > 2- New users will be registered on the controller site users table, that
>> > will be shared with all the client sites. Therefore, yes, users will be
>> > "normalized" and get automatic access to all sites.
>> >> Openid could be a solution ?
>> > It wouldn't. SSO also permits the sharing of the "sessions" table, which
>> > is essential for the simultaneous login to work. That wouldn't happen
>> > with
>> > Openid that would login the user just on the one site he's logging in
>> > to.
>> > HTH
>> > Roberto
More information about the development