You are here

Home » API reference » Bakery Single Sign-On System 6.2

README.txt in Bakery Single Sign-On System 6.2

Same filename and directory in other branches
  1. 6 README.txt
  2. 7.4 README.txt
  3. 7.2 README.txt
  4. 7.3 README.txt
Bakery module, for single sign-on between Drupal sites on the same domain.

In this README:
  * Bakery versions and compatibility
  * Installation and setup
  * How Bakery works
  * Notes on terminology
  * Common problems, troubleshooting, and support
  * Sharing account information using Bakery
  * Notes on registration/sign-in on subsites
  * Notes on migrating to Bakery
  * Known issues
  * Further information and support

Bakery versions and compatibility:
===========================================
This is the 2.x branch of the Bakery module for Drupal 6. The 2.x branch differs
mainly from the 1.x branch by offering slave site registration and login.

2.x versions between major branches of Drupal are compatible, meaning you can
run a Drupal 7 version of the 2.x branch of Bakery with a Drupal 6 version of
the 2.x branch. 1.x and 2.x branches are not compatible.

Installation and setup:
===========================================
Bakery provides single sign-on (SSO) functionality for two or more sites.
Deploy this module on the authoritative "master" Drupal server and the secondary
"slave" or subsite server. The master and slave must be on the same domain*.

Enable and configure Bakery on the master server first. It is recommended that
you use the UID 1 Drupal account for this configuration.

  1. Enable Bakery at admin/build/modules
  2. Visit admin/settings/bakery to configure

This is the master site.

  3. Check the box for "Is this the master site?"
  4. Enter the full URL of this site, including ending forward slash
    - Example: http://example.org/

For SSO to work, Bakery must know the slave, or subsites, to use.

  5. Enter the full URLs of each slave site, separated by newlines
    - Example:  http://store.example.org/
                http://api.example.org/

Two other required fields for Bakery to work are the private key and the cookie
domain.

  6. Enter a long and secure private key
  7. Enter the domain to use for Bakery cookies. These cookies are shared so
     the domain should be the top level with leading period.
    - Example: .example.org
  8. Save configuration (we'll come back to the other fields)

Now to enable and configure Bakery on the slave or subsite. If possible, you should
log in and use the UID 1 Drupal account for this configuration.

  9. Enable Bakery at admin/build/modules
  10. Visit admin/settings/bakery to configure

This is a subsite site.

  11. Do not check the master site box
  12. Enter the full URL of the master site set in step #4
  13. The slave sites textarea can be left blank
  14. Enter the exact same private key set in step #6
  15. Enter the exact same domain set in step #7
  16. Save configuration (we'll come back to the other fields)

Bakery should now be set to work for the master and this slave site. Open a
different browser than the one you are currently using and visit the master
site. Log in with a standard account. Once successful visit the slave site and
confirm that you are also logged in. If you encountered problems at any point
please consult the section here labeled "Problems and support".

You can now enable and configure Bakery for sites in your network if required,
or read the section labeled "Sharing account information using Bakery".

If you encounter problems with single sign-on between the sites consult the
section here called "Common problems, troubleshooting, and support".

* Master and slave must be on the same domain, but are not required to be at
certain levels. For example, you can have the master be sub.example.com and a
slave be example.com.

How Bakery works:
===========================================
Bakery provides single sign-on between Drupal sites on the same domain using a
shared cookie. When a user authenticates on a site they are sent a cookie by
Drupal, containing a unique identifier for that user. Sub-sequent requests by
that user will contain the identifier, allowing Drupal to recognize that the
request is coming from a specific user, an authenticated user. This process is
handled by Drupal core. Bakery augments the login process and sends an
additional cookie (referred internally to as the CHOCOLATECHIP cookie). Should
the user now visit a sub-site (on the same domain) their browser will send this
Bakery-created cookie. On the sub-site Bakery will recognize the cookie and if
it is valid will authenticate the user (via Drupal core's processes). The user
is now authenticated on both sites while only have to log on to one.

Notes on terminology:
===========================================
Bakery documentation and discussion makes repeated reference to the words
"master" and "slave". The terms stem from the common communication model between
devices or processes in computer systems where one has unidirectional control
over another. In Bakery's case, the master is the site with authoritative
account and authentication information. The master is occasionaly referred to as
the "main" site. The slave site can be referred to as the "subsite", but since
Bakery does not enforce top-level and sub-domains the term "subsite" may be
incorrect for some instances.

Common problems, troubleshooting, and support:
===========================================
  * How do I disable Bakery?
    If you do not have access to disable the Bakery module via the UI you'll
    need access to the Drupal database for the site. To disable Bakery run this
    query: UPDATE system SET status = 0 WHERE name = 'bakery';After that you'll
    also need to clear caches.

  * Bakery/single sign-on/authentication does not work.
    Attempt one or all of the following until it is working:
    - Confirm you've followed the setup steps correctly with particular
      attention on the following details:
        + All slave sites are listed as so on the master's Bakery config page
        + Master and slave sites in config fields end with a forward slash (/)
        + The secret key is the same across sites
        + The cookie domain Bakery config field is the same across sites
        + The cookie domain config field has a leading period (.example.org)
    - Clear Drupal caches, clear browser cache, clear browser cookies
    - Occasionaly it may be necessary to explicitly set the Drupal site
      settings.php $cookie_domain variable. The settings.php $cookie_domain 
      variable should match the domain the site is for in addition to having a
      leading period. For example, if the site is store.example.org set the
      $cookie_domain to '.store.example.org' and set the master's $cookie_domain
      to '.example.org'.

Consult the online documentation at http://drupal.org/node/567410 for more
information. Please use the public issue queue of Bakery for all bugs and
feature requests: http://drupal.org/project/issues/bakery.

Sharing account information using Bakery:
===========================================
A modest amount of account data sharing between Bakery-enabled sites is
supported. The core account fields 'name' and 'mail' are always synchronized.

The following fields from user accounts are optionally synchronized:
  * status
  * user picture
  * language
  * signature
  * timezone

If you have the core profile module enabled any created fields can be optionally
synchronized. Note that for profile fields to be synchronized an exactly
matching 

Notes on registration/sign-in on subsites:
===========================================
This feature is important for usability. It's also really easy to configure your
site so that this feature is horrible for usability. A few examples:

Registration:
This feature does not support saving any data other than the username, e-mail 
address, and fields created with the core profile module. If you have other 
modules that modify the registration process to add fields or make the form
behave differently they are unlikely to work properly from the subsite. 

You should keep the "allow registration" and "Require e-mail verification when 
a visitor creates an account" settings the same on all sites. If your
master site disallows registration then no subsites will be allowed to create
accounts either and users will be confused why they see a form but it doesn't
work.

Notes on migrating to Bakery:
===========================================
Migrating to using Bakery can be a fairly simple process. This process will work
for separate sites and for a shared users table, though the latter can require a
few additional steps.

Pre-migration data synchronization is recommended to alleviate potential
account mis-matches. According to Bakery two accounts are in sync when the
username and email are identical and the slave account's init property contains
the URL of the user edit page on the master
(e.g. http://example.org/user/9/edit -- where example.org is the master). The
UID of the accounts do not need to be identical. It is recommended you at least
synchronize usernames and email address for accounts that belong to the same
person across sites.

For people that do not have joint accounts you could ask them via email to
create an account on the site where there account does not exist, to assist the
process.

For accounts that have the same username but different email addresses Bakery
provides a self-service mechanism for synchronizing accounts, but in the event
this is inadequate or confusing you should provide a site administrator contact
mechanism (form or email address) that is easily distinguishable.

In case there are duplicate accounts on one of the sites, the module
http://drupal.org/project/usermerge may help reconcile.

If you have a shared users table solution between sites you will need to remove
that connection before migrating to Bakery. First, populate the other users
tables by synchronizing accounts. Modify settings.php on the shared sites to
remove the table information from the database connection details. If the cookie
domain begins with a leading dot you probably want to remove it, as it could
cause issues when users move between sites.

Once synchronization is complete you can follow the steps listed above on
installation and setup of Baker.

Known issues:
===========================================
  * Values in profile fields exposed on the subsite that are not set on the
    master will not be saved.
  * Bakery is currently incompatible with a configuration that requires
    administrator approval of accounts. An account registered on the slave will
    not be set to blocked on the master.
  * Bakery is not compatible with modules that takeover core Drupal's login and
    registration forms, e.g. ldapprov.

Further information and support:
===========================================
Consult the online documentation at http://drupal.org/node/567410 for more
information.

Please use the public issue queue of Bakery for all bugs and feature requests:
http://drupal.org/project/issues/bakery

File

README.txt
View source 
  1. Bakery module, for single sign-on between Drupal sites on the same domain.

  2. 

  3. In this README:

  4.   * Bakery versions and compatibility

  5.   * Installation and setup

  6.   * How Bakery works

  7.   * Notes on terminology

  8.   * Common problems, troubleshooting, and support

  9.   * Sharing account information using Bakery

  10.   * Notes on registration/sign-in on subsites

  11.   * Notes on migrating to Bakery

  12.   * Known issues

  13.   * Further information and support

  14. 

  15. Bakery versions and compatibility:

  16. ===========================================

  17. This is the 2.x branch of the Bakery module for Drupal 6. The 2.x branch differs

  18. mainly from the 1.x branch by offering slave site registration and login.

  19. 

  20. 2.x versions between major branches of Drupal are compatible, meaning you can

  21. run a Drupal 7 version of the 2.x branch of Bakery with a Drupal 6 version of

  22. the 2.x branch. 1.x and 2.x branches are not compatible.

  23. 

  24. Installation and setup:

  25. ===========================================

  26. Bakery provides single sign-on (SSO) functionality for two or more sites.

  27. Deploy this module on the authoritative "master" Drupal server and the secondary

  28. "slave" or subsite server. The master and slave must be on the same domain*.

  29. 

  30. Enable and configure Bakery on the master server first. It is recommended that

  31. you use the UID 1 Drupal account for this configuration.

  32. 

  33.   1. Enable Bakery at admin/build/modules

  34.   2. Visit admin/settings/bakery to configure

  35. 

  36. This is the master site.

  37. 

  38.   3. Check the box for "Is this the master site?"

  39.   4. Enter the full URL of this site, including ending forward slash

  40.     - Example: http://example.org/

  41. 

  42. For SSO to work, Bakery must know the slave, or subsites, to use.

  43. 

  44.   5. Enter the full URLs of each slave site, separated by newlines

  45.     - Example:  http://store.example.org/

  46.                 http://api.example.org/

  47. 

  48. Two other required fields for Bakery to work are the private key and the cookie

  49. domain.

  50. 

  51.   6. Enter a long and secure private key

  52.   7. Enter the domain to use for Bakery cookies. These cookies are shared so

  53.      the domain should be the top level with leading period.

  54.     - Example: .example.org

  55.   8. Save configuration (we'll come back to the other fields)

  56. 

  57. Now to enable and configure Bakery on the slave or subsite. If possible, you should

  58. log in and use the UID 1 Drupal account for this configuration.

  59. 

  60.   9. Enable Bakery at admin/build/modules

  61.   10. Visit admin/settings/bakery to configure

  62. 

  63. This is a subsite site.

  64. 

  65.   11. Do not check the master site box

  66.   12. Enter the full URL of the master site set in step #4

  67.   13. The slave sites textarea can be left blank

  68.   14. Enter the exact same private key set in step #6

  69.   15. Enter the exact same domain set in step #7

  70.   16. Save configuration (we'll come back to the other fields)

  71. 

  72. Bakery should now be set to work for the master and this slave site. Open a

  73. different browser than the one you are currently using and visit the master

  74. site. Log in with a standard account. Once successful visit the slave site and

  75. confirm that you are also logged in. If you encountered problems at any point

  76. please consult the section here labeled "Problems and support".

  77. 

  78. You can now enable and configure Bakery for sites in your network if required,

  79. or read the section labeled "Sharing account information using Bakery".

  80. 

  81. If you encounter problems with single sign-on between the sites consult the

  82. section here called "Common problems, troubleshooting, and support".

  83. 

  84. * Master and slave must be on the same domain, but are not required to be at

  85. certain levels. For example, you can have the master be sub.example.com and a

  86. slave be example.com.

  87. 

  88. How Bakery works:

  89. ===========================================

  90. Bakery provides single sign-on between Drupal sites on the same domain using a

  91. shared cookie. When a user authenticates on a site they are sent a cookie by

  92. Drupal, containing a unique identifier for that user. Sub-sequent requests by

  93. that user will contain the identifier, allowing Drupal to recognize that the

  94. request is coming from a specific user, an authenticated user. This process is

  95. handled by Drupal core. Bakery augments the login process and sends an

  96. additional cookie (referred internally to as the CHOCOLATECHIP cookie). Should

  97. the user now visit a sub-site (on the same domain) their browser will send this

  98. Bakery-created cookie. On the sub-site Bakery will recognize the cookie and if

  99. it is valid will authenticate the user (via Drupal core's processes). The user

  100. is now authenticated on both sites while only have to log on to one.

  101. 

  102. Notes on terminology:

  103. ===========================================

  104. Bakery documentation and discussion makes repeated reference to the words

  105. "master" and "slave". The terms stem from the common communication model between

  106. devices or processes in computer systems where one has unidirectional control

  107. over another. In Bakery's case, the master is the site with authoritative

  108. account and authentication information. The master is occasionaly referred to as

  109. the "main" site. The slave site can be referred to as the "subsite", but since

  110. Bakery does not enforce top-level and sub-domains the term "subsite" may be

  111. incorrect for some instances.

  112. 

  113. Common problems, troubleshooting, and support:

  114. ===========================================

  115.   * How do I disable Bakery?

  116.     If you do not have access to disable the Bakery module via the UI you'll

  117.     need access to the Drupal database for the site. To disable Bakery run this

  118.     query: UPDATE system SET status = 0 WHERE name = 'bakery';After that you'll

  119.     also need to clear caches.

  120. 

  121.   * Bakery/single sign-on/authentication does not work.

  122.     Attempt one or all of the following until it is working:

  123.     - Confirm you've followed the setup steps correctly with particular

  124.       attention on the following details:

  125.         + All slave sites are listed as so on the master's Bakery config page

  126.         + Master and slave sites in config fields end with a forward slash (/)

  127.         + The secret key is the same across sites

  128.         + The cookie domain Bakery config field is the same across sites

  129.         + The cookie domain config field has a leading period (.example.org)

  130.     - Clear Drupal caches, clear browser cache, clear browser cookies

  131.     - Occasionaly it may be necessary to explicitly set the Drupal site

  132.       settings.php $cookie_domain variable. The settings.php $cookie_domain 

  133.       variable should match the domain the site is for in addition to having a

  134.       leading period. For example, if the site is store.example.org set the

  135.       $cookie_domain to '.store.example.org' and set the master's $cookie_domain

  136.       to '.example.org'.

  137. 

  138. Consult the online documentation at http://drupal.org/node/567410 for more

  139. information. Please use the public issue queue of Bakery for all bugs and

  140. feature requests: http://drupal.org/project/issues/bakery.

  141. 

  142. Sharing account information using Bakery:

  143. ===========================================

  144. A modest amount of account data sharing between Bakery-enabled sites is

  145. supported. The core account fields 'name' and 'mail' are always synchronized.

  146. 

  147. The following fields from user accounts are optionally synchronized:

  148.   * status

  149.   * user picture

  150.   * language

  151.   * signature

  152.   * timezone

  153. 

  154. If you have the core profile module enabled any created fields can be optionally

  155. synchronized. Note that for profile fields to be synchronized an exactly

  156. matching 

  157. 

  158. Notes on registration/sign-in on subsites:

  159. ===========================================

  160. This feature is important for usability. It's also really easy to configure your

  161. site so that this feature is horrible for usability. A few examples:

  162. 

  163. Registration:

  164. This feature does not support saving any data other than the username, e-mail 

  165. address, and fields created with the core profile module. If you have other 

  166. modules that modify the registration process to add fields or make the form

  167. behave differently they are unlikely to work properly from the subsite. 

  168. 

  169. You should keep the "allow registration" and "Require e-mail verification when 

  170. a visitor creates an account" settings the same on all sites. If your

  171. master site disallows registration then no subsites will be allowed to create

  172. accounts either and users will be confused why they see a form but it doesn't

  173. work.

  174. 

  175. Notes on migrating to Bakery:

  176. ===========================================

  177. Migrating to using Bakery can be a fairly simple process. This process will work

  178. for separate sites and for a shared users table, though the latter can require a

  179. few additional steps.

  180. 

  181. Pre-migration data synchronization is recommended to alleviate potential

  182. account mis-matches. According to Bakery two accounts are in sync when the

  183. username and email are identical and the slave account's init property contains

  184. the URL of the user edit page on the master

  185. (e.g. http://example.org/user/9/edit -- where example.org is the master). The

  186. UID of the accounts do not need to be identical. It is recommended you at least

  187. synchronize usernames and email address for accounts that belong to the same

  188. person across sites.

  189. 

  190. For people that do not have joint accounts you could ask them via email to

  191. create an account on the site where there account does not exist, to assist the

  192. process.

  193. 

  194. For accounts that have the same username but different email addresses Bakery

  195. provides a self-service mechanism for synchronizing accounts, but in the event

  196. this is inadequate or confusing you should provide a site administrator contact

  197. mechanism (form or email address) that is easily distinguishable.

  198. 

  199. In case there are duplicate accounts on one of the sites, the module

  200. http://drupal.org/project/usermerge may help reconcile.

  201. 

  202. If you have a shared users table solution between sites you will need to remove

  203. that connection before migrating to Bakery. First, populate the other users

  204. tables by synchronizing accounts. Modify settings.php on the shared sites to

  205. remove the table information from the database connection details. If the cookie

  206. domain begins with a leading dot you probably want to remove it, as it could

  207. cause issues when users move between sites.

  208. 

  209. Once synchronization is complete you can follow the steps listed above on

  210. installation and setup of Baker.

  211. 

  212. Known issues:

  213. ===========================================

  214.   * Values in profile fields exposed on the subsite that are not set on the

  215.     master will not be saved.

  216.   * Bakery is currently incompatible with a configuration that requires

  217.     administrator approval of accounts. An account registered on the slave will

  218.     not be set to blocked on the master.

  219.   * Bakery is not compatible with modules that takeover core Drupal's login and

  220.     registration forms, e.g. ldapprov.

  221. 

  222. Further information and support:

  223. ===========================================

  224. Consult the online documentation at http://drupal.org/node/567410 for more

  225. information.

  226. 

  227. Please use the public issue queue of Bakery for all bugs and feature requests:

  228. http://drupal.org/project/issues/bakery