Drupal Single Sign-On the Easy Way

Single Sign-On (SSO) is an authentication process which allows users to access multiple sites with a single username and password. This is of particular benefit for organizations who wish to provide access to these resources without having to create individual accounts per site. Users also benefit by not having to remember and repeatedly enter login credentials for each site or resource they wish to access.  

Drupal has a host of modules providing SSO functionality. Some utilize a centralized authentication server such as LDAP or Active Directory, others attempt to mimic this functionality via "shared" Drupal user accounts. This article will focus on the latter method using the Bakery module.

The Bakery module only works for sites on the same domain. Bakery uses the Drupal $cookie_domain variable in the settings.php file to allow access to the same user table from a "master" site. If, for example, www.example.com is configured as the master, and sub.example.com is configured as the slave, once a user logs in to http://www.example.com/ they will be automatically logged in to http://sub.example.com/ and any other slave sites with the same domain.

The Bakery module must be installed on the master and the slave site. Enable and configure Bakery on the master server first (in our example above, this would be http://www.example.com/).

1. Download Bakery for your Drupal version: https://drupal.org/project/bakery
2. Enable Bakery on the modules page
2. Access the Bakery Configuration page at /admin/config/system/bakery
3. Check the box for "Is this the master site?"
4. Enter the full URL of this site including ending forward slash (e.g.http://www.example.com/)
5. Enter the full URL of each slave site, separated by newlines, with ending slashes (e.g. http://sub.example.com/)
6. Enter a private key for cookie validation (This may be any string of random characters. E.g. B21488D9A3E5335D58A365A618196)
7. Enter the cookie domain to use .example.org (remember to include the leading dot)
8. Save the configuration 

Now to enable and configure Bakery on the slave or subsite.

9. Enable Bakery on the modules page
10. Access the Bakery Configuration page at /admin/config/system/bakery
11. Do not check the master site box
12. Enter the full URL of the master site set in step #4
13. The slave sites text-area can be left blank
14. Enter the same private key as the master site
15. Enter the same domain as the master site
16. Save configuration
17. Edit the $cookie_domain variable in the settings.php for both master and slave (E.g. $cookie_domain = '.example.com'; -- remember to include the leading dot)

Test the configuration by logging in to the master site then opening the slave site in another window/tab. You should be automatically logged in to the slave site as the same user.