Hi,

I am looking for a way to link multiple J3+CB+GJ+CBsubs installs via some sort of SSO or SSI system. Each site and each database resides on its own dedicated server. I like CB connect, but I would rather use my own SSO/SSI solution. The SSO/SSI system would also run on a separate dedicated server.

(1) Is there a ready made tool to do this?

(2) Is there a way to tweak CBconnect so that it can do this job?

(3) If not, could you add this feature to CB connect?

(4) If any, what other avenue should I pursue?

Ideally, that SSO/SSI solution would also sync the CB fields across all the servers and applications.

While most servers would run Joomla, some would eventually run other applications.

(5) It seems that CBconnect makes use of OpenSocial. Is there a way for me to achieve my goals via OpenSocial. Do you have anything I could read to understand how to do this?

Thanks a lot

jon

Thanks Kyle,

(1) No extension exist that would span across multiple servers for J3.

(4) A Cron Job would duplicate and sync the user data but it would not free users from having to log into each system as they navigate from one to another. Is this a correct assumption?

(1) I am afraid that CB Auto Actions queries would add to the page load and that under heavy server use, the queries would fail and lead to inconsistencies (as I can already experience in another system). This is why a distinct SSO/SSI system would be better.

(3) I will look into oAuth. Is implementing oAuth support a huge work?

Thanks

Jon

Thanks Kyle,

This post is going to involve some hard thinking... and you are the only ones who can tell if there are angles to this that I am missing. I could chop it into smaller chunks but it wouldn't be so good for future reader.

First, we need to answer one important question:

Synchronizing users could be handled by MySQL through the use of MySQL's native Multi-Master Replication capabilities where tables in a master MySQL server are replicated asynchronously to one or more slave MySQL database servers. It is possible to have two-way or "multi-way" replications where servers are both Master and slaves at the same time.

We have 2 cases here. The replication can be limited to the few user tables, or it can affect the entire database:

Case A: 1 small CB server/database for 800K butchers, 1 different CB server/database for 800K bakers and, another one for 800K hair-dressers (sharing cookies and user tables that are synchronized so that users can hop seamlessly from one CB to another),

Case B: 1 single large multipurpose CB server/database for 2.4 million butchers, bakers and hair-dressers replicated on 3 machines sharing the load/traffic (no need to modify cookies here!?)

Q1: Which case is best? In other words, all other things being equal (load-balancing and all), will having 1 giant database with MORE RELATIONSHIPS hurt speed or cripple the system in ways that 3 linked systems sharing only their users would not?

Q1b: It seems that case A would allow J3+CB to scale almost infinitely by linking sites together without speed constraint.


---- STEP 2 ----

If having multiple systems sharing users and sessions is best and fastest, THEN, we can use MySQL to sync the user tables, OR we can use the solution you recommend in your answer: CB-Auto-Actions-queries + Cookies

Q2: Which do you think would be best and safest and why?

Q3: If using MySQL, Which J3+CB+GJ+CBsubs tables should be synchronized?


---- STEP 3 ----

If your solution remains the best, from what I understand here, it would be:

(firstly) to use CB Auto Actions queries to duplicate the user data into each of the other servers when profiles are created or updated.

Q4: Wouldn't this dramatically slow down the whole system and be error prone as the user tables might be unavailable while the queries do their job?

Q5: Which table(s) should be synchronized with J3+CB+GJ+CBsubs?

(Secondly) I would need to figure out a way to have each domain or subdomain generate one or more identical cookies. This thread seems to explain how to do this with Joomla. forum.joomla.org/viewtopic.php?p=1746133#p1746133

Q6: Does CB generate a cookie when users log in? Does the above thread apply to Community builder as well?

Q7: Would that be enough to free visitors from having to login again when they move from site to site?

(Another solution) I found a Joomla Core Hack that replaces tables with views pointing to the tables of a master site (www.ijoomla.com/blog/one-set-of-joomla-users-multiple-joomla-installs/).

This was inspired by this earlier post: forum.joomla.org/viewtopic.php?f=471&t=473666#p2015114

Q8: could something like this be applied to J3+CB+GJ+CBsubs and Joomla3?

Q9: Wouldn't this be much simpler, faster and less error prone than CB Auto Actions queries?

Q10: Which tables should be changed with J3+CB+GJ+CBsubs?

(Yet again!) Rather than any of these solutions, wouldn't it be simpler and more secure to use an external SSO/SSI solution that handles all of the above for us. There are a number of open source cross-domain SSO packages such as JOSSO, OpenSSO, CAS, LASSO, Shibboleth, CAS, openid etc...

Q11: Wouldn't any of the above SSO/SSI solutions make things simpler and safer?

Thanks

Jon

friendly bump