[development] Single signon question

Greg Knaddison Greg at GrowingVentureSolutions.com
Wed Jan 5 16:49:43 UTC 2011 

Can you expand on the Bakery+LDAP issues?

And, maybe file it as an issue? ;)

--
Greg Knaddison | 720-310-5623 | http://growingventuresolutions.com
Mastering Drupal | http://www.masteringdrupal.com




On Wed, Jan 5, 2011 at 9:20 AM, antgiant <antgiant+drupalDevel at gmail.com> wrote:
> Bakery is what Drupal.org and groups.drupal.org uses for SSO.  However, be
> warned that it doesn't play nice with the LDAP modules and if your user's
> clock is off by more than you session expiration amount they will only be
> able to log in with firefox.
>
>
> On Wed, Jan 5, 2011 at 10:00 AM, Dave Metzler <metzler.dl at gmail.com> wrote:
>>
>> Not sure I agree with this statement.  SSO does not demand the sharing of
>> the sessions table,  but there are some things you will want to consider how
>> you will share across the sites.... Such assail address and profile
>> pictures.  Anyway, this is starting to sound like a support question more
>> than a development question...  you might get better answers about how
>> people use the products on the support forums and lists.
>>
>> The CAS module provides some minimal functionality for saying, if you're
>> logged into site A then you are logged into site B as well.
>>
>> Sent from my iPad
>>
>> On Jan 4, 2011, at 9:51 PM, "Roberto Gorjão" <roberto at asenseofdesign.com>
>> wrote:
>>
>> > Hi Paolo,
>> >
>> >> The SSO must permits us to:
>> >>
>> >> 1) Normalize already registered users and automatically get them access
>> >> to
>> >> all site's network.
>> >> 2) Same thing as before but for new registered users.
>> >>
>> >
>> > 1- SSO doesn't "normalize" already registered users. As each database
>> > has,
>> > currently, it's users table, you'll have to merge users of all future
>> > "client" sites into the users table of the future "controller" site.
>> > Then,
>> > when setting up SSO, only this last users table will be used and the
>> > others may even be dropped.
>> >
>> > 2- New users will be registered on the controller site users table, that
>> > will be shared with all the client sites. Therefore, yes, users will be
>> > "normalized" and get automatic access to all sites.
>> >
>> >>
>> >> Openid could be a solution ?
>> >
>> > It wouldn't. SSO also permits the sharing of the "sessions" table, which
>> > is essential for the simultaneous login to work. That wouldn't happen
>> > with
>> > Openid that would login the user just on the one site he's logging in
>> > to.
>> >
>> > HTH
>> >
>> > Roberto
>> >
>> >
>
>

More information about the development mailing list