[shib_auth] HTTPS vs HTTP Help ASAP.
Peterson, Tommy
Tommy.Peterson at xpandcorp.com
Tue Jun 28 21:22:03 CEST 2011
Are you using the shib_auth link on the standard Drupal login form?
I am not. I revised the standard Drupal log in page. It no longer shows the remind password, log in, and set up a new account on a tabbed page. When the user clicks "Log in" the IDP serves up its log in page. If they click create an account they are taken to Drupal's page and the same for remind password. I had to set up triggers on the table to take care of the shib_authmap etc. So I guess I should say that I have somewhat modify all of this.
But my set up behaves as you suggested you are looking for below.
From: shib_auth-bounces at listserv.niif.hu [mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Luke Cameron
Sent: Tuesday, June 28, 2011 2:56 PM
To: shib_auth at listserv.niif.hu
Subject: Re: [shib_auth] HTTPS vs HTTP Help ASAP.
Hi Tommy,
How do you do that then...? because if I use the logged in redirect within the plug-in, it seems to loop. But I don't think its a SP issue, I think I may have issues with the plug-in.
Regards
Luke
>>> "Peterson, Tommy" 06/28/11 7:47 PM >>>
That is how mine works. They access HTTP. They log in via HTTPS form page. Then it redirects them to HTTP. And I have HTTPS enabled on my Shibboleth installation. And the user is still logged in.
--Tommy
From: shib_auth-bounces at listserv.niif.hu [mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Luke Cameron
Sent: Tuesday, June 28, 2011 2:40 PM
To: shib_auth at listserv.niif.hu
Subject: [shib_auth] HTTPS vs HTTP Help ASAP.
Hi All,
I have a web developer wanting to use Shib Authentication for Drupal, I have setup the SP like normal with HTTPS enabled, but the web developer wants them to login to Shib over HTTPS then redirect them back to HTTP but when I try this in a test environment it wont work it shows them logged out again. Can some confirm this is correct or a way of doing what the web developer wants to do.
Regards
Luke Cameron
________________________________
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
________________________________
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20110628/6544fe3b/attachment-0001.htm>
More information about the shib_auth
mailing list