IPS Connect is a cross-domain single sign on and single point of authentication system that allows login credentials to be shared across multiple web applications. Furthermore, basic member management is also shared across those separate installations allowing you to manage users in one website and have those changes propagate to all of your other websites. While the IPS Community Suite natively supports IPS Connect with minimal configuration from the administrator, developers can also add IPS Connect integration capabilities to their own web applications as well.
This guide outlines how to use IPS Connect within the Community Suite, as well as how to develop both "master" and "slave" IPS Connect applications.
IPS Connect architecture
IPS Connect comprises one master installation, and one or more slave applications. With this system, slave installations notify the master of any changes to data, and the master installation propagates this change to all other slaves.
When any requests that are a part of IPS Connect are made by a slave application, they are always sent to the master application. The master application is then responsible for calling to all of the slave installations to notify them of any changes they need to be aware of (which means the master application must maintain a database of all slave applications that are connected).
If you have an established site and a new site, the established site should be the master installation, and the new site should be the slave.
IPS Connect for IPS Community Suite 4 is not backwards compatible with IPS Connect for IP.Board 3. While we strived to make the upgrade process painless, the need to expand and improve IPS Connect meant that the 3.x API calls could no longer be processed while adding multiple new features to the set of existing features.
Events propagated by IPS Connect
Requests that IPS Connect will propagate to other installations include:
Login requests are processed by the master application and credentials are shared across all sites in the network.
Single sign on
When a user signs in to one application they will be signed in to all other applications, even if those other applications live on different domains.
When you log out of one application you are logged out of all applications.
When a new user account is added, it is added to all sites in the network.
Changing usernames, email addresses and passwords
These requests are propagated to all sites in the network. (Note: you can disable username changes from being shared amongst sites in the Community Suite - see below for details).
When you ban a user on one site, the user is banned on all sites.
If a user has registered and you require account validation, that user will be required to validate their account before they can access any site in the network as a fully registered user.
If a user is deleted, they will be deleted on all sites across the network.
If two user accounts are merged, the merge will be copied to all sites in the network.
Disabling username propagation
You can disable username changes from propagating to all sites within a network. This can be useful when you want to share login credentials amongst all of your sites, but want user accounts to otherwise appear to be separate. To do this with the Community Suite you must create a file called constants.php in your root directory (where index.php is), or edit the existing one if it already exists. Paste the following code into the constants.php file (if you are editing an existing file, omit the opening <?php tag):
define( 'CONNECT_NOSYNC_NAMES', TRUE );