How *.drupal.org single sign-on works

Question

I believe there are many ways to achieve single sign-on within drupal. I would like to know the approach that *.drupal.org sites have been using. If I visit any drupalconf sites http://chicago2011.drupal.org/user or http://london2011.drupal.org/user it authenticates me with the user credentials given in drupal.org site. I would appreciate if anyone can point me to the modules or handbook pages on achieving this. Thanks in advance.

Answer 1

You might have a look at Bakery Single Sign-On System.

It mentions "This module started at the 2009 Drupal.org redesign sprint in San Francisco as a way to manage single sign-ons across *.drupal.org infrastructure."

For more details about how it work, you can see this article that has great explanation: Single Sign-on across Sub-Domains in Drupal with No Extra Modules.

Answer 2

Drupal.org uses Bakery Single Sign-on System.

The following one is the description that will be added to the INSTALL.txt file of the project:

Bakery provides single sign-on between Drupal sites on the same domain using a shared cookie. When a user authenticates on a site they are sent a cookie by Drupal, containing a unique identifier for that user. Sub-sequent requests by that user will contain the identifier, allowing Drupal to recognize that the request is coming from a specific user, an authenticated user.
This process is handled by Drupal core. Bakery augments the login process and sends an additional cookie (referred internally to as the CHOCOLATECHIP cookie). Should the user now visit a sub-site (on the same domain) their browser will send this Bakery-created cookie. On the sub-site Bakery will recognize the cookie and if it is valid will authenticate the user (via Drupal core's processes). The user is now authenticated on both sites while only have to log on to one.

Answer 3

This is a writeup of how Bakery works, and thus SSO on drupal.org.