[Drupal] Shib Attributes to Drupal Roles

Hinshaw, Corey hinshaw.25 at osu.edu
Wed Nov 6 15:19:02 EST 2013 

Meghan,
If you need more complex role assignment rules than the base Shibboleth module provides, I wrote a (barebones) module for D6 to add conditional rules. It takes a set of regex rules and applies a role to the user only if all the rules match.

It's D6, but there might be some useful code/ideas there: http://source.engineering.osu.edu/project/shib_conditional_rules
http://code.engineering.osu.edu/project/shib_conditional_rules.git

-- Corey Hinshaw

From: <Frazer>, Meghan <frazer.11 at osu.edu<mailto:frazer.11 at osu.edu>>
Reply-To: Drupal List <Drupal at lists.service.ohio-state.edu<mailto:Drupal at lists.service.ohio-state.edu>>
Date: Wednesday, November 6, 2013 1:16 PM
To: Drupal List <Drupal at lists.service.ohio-state.edu<mailto:Drupal at lists.service.ohio-state.edu>>
Subject: Re: [Drupal] Shib Attributes to Drupal Roles

Hi Michael,

Thanks so much for replying.  As I get further into this, I may give you guys a shout.

However, I was just coming back to reply to my own message - turns out I was looking in the wrong place to verify, because I skimmed over this part of the shib auth module documentation:
Dynamic rules (default)

Dynamic rules add roles to the user, but do not save them to the user's profile. This means that

  *   the roles assigned by dynamic rules are NOT displayed on the user page, even though the permissions assigned to the role are in effect

Once I checked actual ability to access something only for that role, instead of just looking at the user list for assigned roles, it does seem to be working.

Thanks again,
Meghan



Meghan Frazer
Digital Resources Curator
The Ohio State University
College of Engineering Knowlton School of Architecture
275 W. Woodruff Ave., Columbus, OH 43210
614.975.3242 Mobile / 614.247.6645 Office
frazer.11 at osu.edu<mailto:frazer.11 at osu.edu>



On Wed, Nov 6, 2013 at 1:00 PM, Butsko, Michael <butsko.7 at osu.edu<mailto:butsko.7 at osu.edu>> wrote:
Hi Meghan,

Dustin and I in ASC could probably help you with this; we are using shib attributes to assign roles on D6 and D7. I wouldn’t mind troubleshooting off list and then sending out the results if we can help.

--
Michael Butsko
Web Developer
The Ohio State University
College of Arts and Sciences Technology Services
475 Mendenhall Laboratory, 125 S Oval Mall  Columbus, OH 43210
614-247-2791<tel:614-247-2791> Office
butsko.7 at osu.edu<mailto:butsko.7 at osu.edu> asctech.osu.edu<http://asctech.osu.edu>




On Nov 6, 2013, at 12:50, Meghan Frazer <frazer.11 at osu.edu<mailto:frazer.11 at osu.edu>> wrote:

> Is anyone using Shibboleth attributes such eduPersonScopedAffiliation or departmentNumber to assign roles to users as they log in to a Drupal site?
>
> The current impetus for this is that we'd like to restrict a submission form to just students from Knowlton, but we've wanted to provide some tiered access for awhile.  We currently just use the authenticated user role to handle everyone from OSU, logged in via shib
>
> It looks to me like I can add a rule in the Shibboleth authentication configuration, but my first pass at checking the attribute didn't work (I tried departmentNumber).
>
> If someone would be willing to chat with me about syntax for this, it might save me some trial and error and I would really grateful.
>
> Thanks,
> Meghan
>
> Meghan Frazer
> Digital Resources Curator
> The Ohio State University
> College of Engineering Knowlton School of Architecture
> 275 W. Woodruff Ave., Columbus, OH 43210
> 614.975.3242<tel:614.975.3242> Mobile / 614.247.6645<tel:614.247.6645> Office
> frazer.11 at osu.edu<mailto:frazer.11 at osu.edu>
>
> _______________________________________________
> Drupal mailing list
> Drupal at lists.service.ohio-state.edu<mailto:Drupal at lists.service.ohio-state.edu>
> https://lists.service.ohio-state.edu/mailman/listinfo/drupal


_______________________________________________
Drupal mailing list
Drupal at lists.service.ohio-state.edu<mailto:Drupal at lists.service.ohio-state.edu>
https://lists.service.ohio-state.edu/mailman/listinfo/drupal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/drupal/attachments/20131106/c0d04148/attachment.html>

More information about the Drupal mailing list