Am I missing something very obvious?

SSO is supposed to work for a number of sites "running off a single shared code base".

For my controller domain, I log in and enable the SSO controller. All fine so far.

For my client domain, I log in an enable my SSO client, but I notice that the SSO controller is already enabled because it's a shared code base and shared database. As soon as I enable the SSO client on my client site I start to see the above message (twice - I assume each enabled half of the sso module is spotting the other half).

How do I only enable the sso controller on my controller domain and only the sso client on my client domain?


Laurent_’s picture

Hi dunx,

Controller and client have to run on 2 separate databases. You can use the same code base (i.e. same drupal directory) but you have to set up 2 installs in a multisite way (2 settings.php pointing to 2 separate dbs).

Your settings.php's will have some common tables as explained in

Once done, you can then log into the controller install and enable the 'sso controller'. Then you have to log in the client install and enable the 'sso client'.

Domain access will be enabled on the client install. This is where you can have multiple sites running on the same db/same code base.

Hope that helps


Laurent_’s picture

I meant "common tables as in explained in" (pose #15)

dunx’s picture

Ah, I've completely misunderstood multi-sites setup then!

I have both settings.php files with the "standard" db_prefixes config, but they're both pointing at the same mysqli://... DB. The db_prefix was effectively forcing both controller and clients to use the auth/session/user tables from the controller DB, but those were the only tables the controller DB includes. That's my mistake; it needs them all and I need to change the controller settings.php to point to the controller DB and then do a Drupal install on that domain. Only after that can I import the client's shared table date.

Everything seemed okay up until the enabling of the sso modules as I could successfully log in on both, all the content was shared and the sessions were being created only in the controller.session table.

So the controller website should really only be used as a login site. Without thinking very carefully about all the tables it might need to share with the client sites whilst excluding the "what modules I have enabled" tables, it's probably safer if the controller doesn't share very much data with the clients.

Will play over the weekend. Many thanks.

Laurent_’s picture

I don't know if this is feasible but if you can have {system} and {variable} table prefixed specifically for the controller site, maybe you could use a single db for all sites (controller and clients). In that case, controller and clients would use different modules because the module configuration is handled their own {system} and {variable} tables.

Maybe worth trying before you change all your setup


meba’s picture

You can share sites at one codebase, however, controller needs it's own database. That's all. clients can be shared (code +database using Domain Access).

dunx’s picture

Status:Active» Closed (fixed)
richbaldwin’s picture

Status:Closed (fixed)» Active

Reopening this
My current environment is:
Drupal : Drupal 6.14
6.x-1.0-rc1 Single sign-on

Followed all the instructions. Everything works 95% except on the client instance. I am getting

"Only one single sign-on module can be installed at a time. Please disable single sign-on client or controller on this site."

even though only client is enabled. (disabled/enabled multiple times...same problem)

these are shared tables on client instance in settings.php

$db_prefix = array(
        'default' => '',
        'authmap' => 'masterdb.',
        'role' => 'masterdb.',
        'sessions' => 'masterdb.',
        'users' => 'masterdb.',

Any suggestions?

meba’s picture

Check existence of 'singlesignon_client_controller_url' variable in your Drupal installation.singlesignon_client_controller_url

richbaldwin’s picture

OK found problem.

The following code is found in sso/client/singlesignon_client.module

  // Prevent looping if controller and client are running on one installation
  // (in case of Domain Access modules and others).
    $client = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['SERVER_NAME'];
    if (variable_get('singlesignon_client_controller_url', '') == $client) {
      // Can't use t() here - it doesn't exist yet. small TODO
         drupal_set_message('Only one single sign-on module can be installed at a time. Please disable single sign-on cl\
ient or controller on this site.', 'error');
      return TRUE;

we are using http://mastersite and subsites are http://mastersite/subsite1, http://mastersite/subsite2 etc.

these two lines of code above causing the problem:

    $client = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['SERVER_NAME'];
    if (variable_get('singlesignon_client_controller_url', '') == $client) {

in our case the controller server name and the client server names are the same. This triggers the error.
However the controller URL and the client URLs are different.
This is our simple fix

  global $base_url;
    // Can't use t() here - it doesn't exist yet. small TODO
    if  ($client == $base_url ){
      drupal_set_message('Only one single sign-on module can be installed at a time. Please disable single sign-on client or controller on this site.', 'error');
meba’s picture

Status:Active» Closed (works as designed)

This is NOT a problem of SSO.

And btw. you don't even NEED SSO for this set up, it will work by default if you share the tables.

meba’s picture

(SSO setup clearly says that controller must run on different domain that client. Even if it's only because if you are running on the same, you don't need SSO)

richbaldwin’s picture

Seems like you're right. Disabled SSO on controller and client and auto login on subsites still work.
Just to be clear for anyone else reading this is if the multi-site setup is like:


It seems that with all the trial and error and sharing/unsharing tables I didn't realize that single-sign-on with subsites using the same domain would work with out any add-on modules.

To get it all working I had to turn on cookie-domain on the subsites but not on the master site. I find this to be a little strange(?) but is the only way I could get it to work.

Below is a good resource for multiesite using sub directory sub sites.
But there is some mis-information at the end on SSO. I think this is where we got misled.

thanks for ur time meba