[shib_auth] Access Denied error message for pages

Peterson, Tommy Tommy.Peterson at xpandcorp.com
Thu Aug 25 16:26:05 CEST 2011 

Well I am allowing--through the Advanced Settings--the user to return to the page that they requested. I see the url is returning the user to the /usr/login page,w hich of course doesn't make sense to return the user to as that is a Shibboleth protected link/resource. That might be the issue as this always happens.

But you asked about roles. Here is what I see with debug mode on:

$user:

Array
(
    [uid] => 36
    [name] => tommytest
    [mail] => tommy.peterson at xpandcorp.com
    [roles] => Array
        (
            [2] => authenticated user
            [3] => quiz role
            [4] => developer
        )

)

$_SESSION:

Array
(
    [old_session_id] => (my idp)
    [shib_auth_username] => tommytest
    [shib_auth_rolecache] => Array
        (
            [1] => anonymous user
            [2] => authenticated user
            [5] => content manager
            [4] => developer
            [6] => provider
            [3] => quiz role
            [7] => teacher
        )


So what is this telling me? What is shib_auth_rolecache? That appears to be all of our roles. This tommytest account only has two roles associated with it: quiz role and developer, which are noted in $user.

So I am still lost as to what the problem is. Again, I am not a Drupal developer.

-Tommy
-----Original Message-----
From: shib_auth-bounces at listserv.niif.hu [mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Kristof Bajnok
Sent: Thursday, August 25, 2011 10:19 AM
To: shib_auth at listserv.niif.hu
Subject: Re: [shib_auth] Access Denied error message for pages

On 2011. August 25. 16:12:35 Peterson, Tommy wrote:
> Also you said to use LiveHTTPHEaders with debug mode on and look for
> headers. What am I looking for?

When you get access denied error, check
  - Immediate debug mode output. Do you see the headers based on which you
assign roles?
  - The chain of redirects to the error page.

Kristof

_______________________________________________
shib_auth mailing list
shib_auth at listserv.niif.hu
https://listserv.niif.hu/mailman/listinfo/shib_auth

This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
 Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.

More information about the shib_auth mailing list