<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>Thanks, Joe. I worked with Luke Gaddie and I believe I have the site working as intended. Here’s the changes Luke made to the https.conf, turning off sessions globally as you suggested. Sessions are required for the /admin and /user paths. </div>
<div><br>
</div>
<div>
<div> ##Needed for drupal login##</div>
<div> <Location /></div>
<div> AuthType shibboleth</div>
<div> ShibRequireSession Off</div>
<div> require shibboleth</div>
<div><br>
</div>
<div> AddOutputFilterByType SUBSTITUTE text/html</div>
<div> Substitute "s|http://foobar.osu.edu|https://foobar.osu.edu|i"</div>
<div> </Location></div>
<div> <Location /user/></div>
<div> AuthType shibboleth</div>
<div> ShibRequireSession On</div>
<div> require shibboleth</div>
<div> </location></div>
<div> <Location /admin/></div>
<div> AuthType shibboleth</div>
<div> ShibRequireSession On</div>
<div> require shibboleth</div>
<div> </location></div>
<div> ##End needed for drupal login##</div>
</div>
</div>
<div><br>
</div>
<div>Then inside the Drupal Shibboleth module config, I have it set to forward the user to the home page after shib login. </div>
<div><br>
</div>
<div>— Pat</div>
<div><br>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><Bondra>, "Joseph (Joe)" <<a href="mailto:bondra.4@osu.edu">bondra.4@osu.edu</a>><br>
<span style="font-weight:bold">Reply-To: </span>Drupal users list <<a href="mailto:drupal@lists.service.ohio-state.edu">drupal@lists.service.ohio-state.edu</a>><br>
<span style="font-weight:bold">Date: </span>Tuesday, December 3, 2013 at 1:29 PM<br>
<span style="font-weight:bold">To: </span>Drupal users list <<a href="mailto:drupal@lists.service.ohio-state.edu">drupal@lists.service.ohio-state.edu</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [Drupal] user authentication with Shibboleth<br>
</div>
<div><br>
</div>
<div xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);">Hi Pat,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);">Are you just talking about setting up lazy sessions for your site?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);">If you set requireSession for your production site to false, that should take care of it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);">~Joe<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;">
<a href="mailto:drupal-bounces+bondra.4=osu.edu@lists.service.ohio-state.edu">drupal-bounces+bondra.4=osu.edu@lists.service.ohio-state.edu</a> [<a href="mailto:drupal-bounces+bondra.4=osu.edu@lists.service.ohio-state.edu">mailto:drupal-bounces+bondra.4=osu.edu@lists.service.ohio-state.edu</a>]
<b>On Behalf Of </b>Leonard, Patrick G.<br>
<b>Sent:</b> Tuesday, December 03, 2013 9:20 AM<br>
<b>To:</b> Drupal users list<br>
<b>Subject:</b> [Drupal] user authentication with Shibboleth<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;">I’m seeking help from anyone who has integrated user authentication with Shibboleth.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;">I am using Drupal core 7.23 and the Shibboleth authentication module 7.x-4.0 in development. I’m currently using it to protect our development environment.
Every visitor is sent to the shib page to login. Accounts are created on the fly if the user does not already exist in Drupal. I then can go in after the user’s first login and give her the correct role and permissions, etc.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;">What I need in production, though, is for anonymous users to be able to access the site without hitting shib and for authenticated users to login via shib.
Is there a way to only protect /user/login and send those users to shib or provide my own login form that forwards to shib?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: Calibri, sans-serif; color: black;">Thanks,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size: 9pt; font-family: Helvetica, sans-serif; color: rgb(187, 0, 0); background-color: white; background-position: initial initial; background-repeat: initial initial;">Patrick
G. Leonard, Web Application Developer</span></b><span style="font-size: 9pt; font-family: Helvetica, sans-serif; color: rgb(51, 51, 51);"><br>
Marketing, Communication, & Training<br>
</span><span style="font-size: 9pt; font-family: Helvetica, sans-serif; color: rgb(187, 0, 0); background-color: white; background-position: initial initial; background-repeat: initial initial;">Office of the Chief Information Officer</span><span style="font-size:9.0pt;color:black"> </span><span style="color:black"><br>
</span><span style="font-size:9.0pt;color:black">464 Baker Systems Engineering, 1971 Neil Ave, Columbus, OH 43210</span><span style="color:black"><br>
</span><span style="font-size:9.0pt;color:black">614-688-1786</span><span style="color:black"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-family: Cambria, serif; color: black;"><a href="mailto:leonard.56@osu.edu">leonard.56@osu.edu</a></span><span style="font-family: Cambria, serif; color: black;">|
<a href="http://ocio.osu.edu/"><span style="text-decoration:none">ocio.osu.edu</span></a></span><span style="color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</span>
</body>
</html>