[Drupal] user authentication with Shibboleth

Leonard, Patrick G. leonard.56 at osu.edu
Thu Dec 5 15:52:04 EST 2013 

Thanks, Joe.  I worked with Luke Gaddie and I believe I have the site working as intended.  Here’s the changes Luke made to the https.conf, turning off sessions globally as you suggested.  Sessions are required for the /admin and /user paths.

  ##Needed for drupal login##
        <Location />
                AuthType shibboleth
                ShibRequireSession Off
                require shibboleth

                AddOutputFilterByType SUBSTITUTE text/html
                Substitute "s|http://foobar.osu.edu|https://foobar.osu.edu|i"
        </Location>
        <Location /user/>
                AuthType shibboleth
                ShibRequireSession On
                require shibboleth
        </location>
        <Location /admin/>
                AuthType shibboleth
                ShibRequireSession On
                require shibboleth
        </location>
        ##End needed for drupal login##

Then inside the Drupal Shibboleth module config, I have it set to forward the user to the home page after shib login.

— Pat


From: <Bondra>, "Joseph (Joe)" <bondra.4 at osu.edu<mailto:bondra.4 at osu.edu>>
Reply-To: Drupal users list <drupal at lists.service.ohio-state.edu<mailto:drupal at lists.service.ohio-state.edu>>
Date: Tuesday, December 3, 2013 at 1:29 PM
To: Drupal users list <drupal at lists.service.ohio-state.edu<mailto:drupal at lists.service.ohio-state.edu>>
Subject: Re: [Drupal] user authentication with Shibboleth

Hi Pat,

Are you just talking about setting up lazy sessions for your site?

If you set requireSession for your production site to false, that should take care of it.


~Joe


From: drupal-bounces+bondra.4=osu.edu at lists.service.ohio-state.edu<mailto:drupal-bounces+bondra.4=osu.edu at lists.service.ohio-state.edu> [mailto:drupal-bounces+bondra.4=osu.edu at lists.service.ohio-state.edu] On Behalf Of Leonard, Patrick G.
Sent: Tuesday, December 03, 2013 9:20 AM
To: Drupal users list
Subject: [Drupal] user authentication with Shibboleth

I’m seeking help from anyone who has integrated user authentication with Shibboleth.

I am using Drupal core 7.23 and the Shibboleth authentication module 7.x-4.0 in development.  I’m currently using it to protect our development environment.  Every visitor is sent to the shib page to login.  Accounts are created on the fly if the user does not already exist in Drupal.  I then can go in after the user’s first login and give her the correct role and permissions, etc.

What I need in production, though, is for anonymous users to be able to access the site without hitting shib and for authenticated users to login via shib.  Is there a way to only protect /user/login and send those users to shib or provide my own login form that forwards to shib?

Thanks,
Patrick G. Leonard, Web Application Developer
Marketing, Communication, & Training
Office of the Chief Information Officer
464 Baker Systems Engineering, 1971 Neil Ave, Columbus, OH 43210
614-688-1786

leonard.56 at osu.edu<mailto:leonard.56 at osu.edu>| ocio.osu.edu<http://ocio.osu.edu/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/drupal/attachments/20131205/fc8f6d67/attachment.html>

More information about the Drupal mailing list