Aegir Single sign-on

On a recent project we had to retroactively enable a single sign-on for two existing Drupal sites. One a front end site for the general public, the other an intranet build on Open Atrium. Both were hosted on the same Apache server, administered by Aegir.

Luckily both sites shared their main domain, database and web-server. This meant we could make use of Drupal's build-in single sign-on feature, which only necessitates some changes to settings.php as explained very nicely by Nate Haug at Lullabot.

I could almost follow Nate's suggestions to the letter, but for some small additions.

First, we had to add a local.settings.php to the root of both sites, since Aegir overrides settings.php. The front-end one just containing:

$cookie_domain =;

Second, we had to create a MySQL user with access to both databases.

And finally we needed to explicitly state the new MySQL user (new dbuser) and pass (new dbpass) in the URL connection string, overriding Aegir's settings & add the database names assigned by Aegir to the front and Open Atrium sites:

$db_url['default'] = "$_SERVER[db_type]://dbuser:dbpass@$_SERVER[db_host]:$_SERVER[db_port]/$_SERVER[db_name]";$db_prefix = array(  'default'   => 'databasename_open_atrium_site.',  'users'     => 'databasename_front_site.',  'sessions'  => 'databasename_front_site.',  'authmap'   => 'databasename_front_site.',);$cookie_domain = '';

I left out the 'roles' table in the db_prefix array since in our case, each site has its own roles assigned to each user.


Addendum 1 - 2011-5-6:

Since updating to the latest version of Drush/Aegir, the line:

$db_url['default'] = "$_SERVER[db_type]://dbuser:dbpass@$_SERVER[db_host]:$_SERVER[db_port]/$_SERVER[db_name]";

does not get parsed anymore. For now I have fixed this by replacing the $_SERVER values by its correct, fixed, values.

Addendum 2 - 2011-5-6:

There seems to be a problem in saving CCK values when you set a value for the default prefix.

This can be fixed by using '' for this value, as in:

$db_prefix = array(  'default'   => '',  'users'     => 'databasename_front_site.',  'sessions'  => 'databasename_front_site.',  'authmap'   => 'databasename_front_site.',);