[Drupal] Shib Attributes to Drupal Roles

Meghan Frazer frazer.11 at osu.edu
Wed Nov 6 13:16:11 EST 2013 

Hi Michael,

Thanks so much for replying.  As I get further into this, I may give you
guys a shout.

However, I was just coming back to reply to my own message - turns out I
was looking in the wrong place to verify, because I skimmed over this part
of the shib auth module documentation:
 Dynamic rules (default)

Dynamic rules add roles to the user, but *do not save them to the user's
profile*. This means that

   - the roles assigned by dynamic rules are *NOT displayed on the user
   page*, even though the permissions assigned to the role are in effect


Once I checked actual ability to access something only for that role,
instead of just looking at the user list for assigned roles, it does seem
to be working.

Thanks again,
Meghan



Meghan Frazer
Digital Resources Curator
*The Ohio State University*
College of Engineering Knowlton School of Architecture
275 W. Woodruff Ave., Columbus, OH 43210
614.975.3242 Mobile / 614.247.6645 Office
frazer.11 at osu.edu



On Wed, Nov 6, 2013 at 1:00 PM, Butsko, Michael <butsko.7 at osu.edu> wrote:

> Hi Meghan,
>
> Dustin and I in ASC could probably help you with this; we are using shib
> attributes to assign roles on D6 and D7. I wouldn’t mind troubleshooting
> off list and then sending out the results if we can help.
>
> --
> Michael Butsko
> Web Developer
> The Ohio State University
> College of Arts and Sciences Technology Services
> 475 Mendenhall Laboratory, 125 S Oval Mall  Columbus, OH 43210
> 614-247-2791 Office
> butsko.7 at osu.edu asctech.osu.edu
>
>
>
>
> On Nov 6, 2013, at 12:50, Meghan Frazer <frazer.11 at osu.edu> wrote:
>
> > Is anyone using Shibboleth attributes such eduPersonScopedAffiliation or
> departmentNumber to assign roles to users as they log in to a Drupal site?
> >
> > The current impetus for this is that we'd like to restrict a submission
> form to just students from Knowlton, but we've wanted to provide some
> tiered access for awhile.  We currently just use the authenticated user
> role to handle everyone from OSU, logged in via shib
> >
> > It looks to me like I can add a rule in the Shibboleth authentication
> configuration, but my first pass at checking the attribute didn't work (I
> tried departmentNumber).
> >
> > If someone would be willing to chat with me about syntax for this, it
> might save me some trial and error and I would really grateful.
> >
> > Thanks,
> > Meghan
> >
> > Meghan Frazer
> > Digital Resources Curator
> > The Ohio State University
> > College of Engineering Knowlton School of Architecture
> > 275 W. Woodruff Ave., Columbus, OH 43210
> > 614.975.3242 Mobile / 614.247.6645 Office
> > frazer.11 at osu.edu
> >
> > _______________________________________________
> > Drupal mailing list
> > Drupal at lists.service.ohio-state.edu
> > https://lists.service.ohio-state.edu/mailman/listinfo/drupal
>
>
> _______________________________________________
> Drupal mailing list
> Drupal at lists.service.ohio-state.edu
> https://lists.service.ohio-state.edu/mailman/listinfo/drupal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/drupal/attachments/20131106/4f875d02/attachment.html>

More information about the Drupal mailing list