[shib_auth] Shibboleth with Drupal 7 - Apache Configs
Kristof Bajnok
bajnokk at niif.hu
Wed May 18 09:33:41 CEST 2011
On Tuesday 17 May 2011 19:21:35 Michael.OBrien wrote:
> I am trying to get the shibboleth module to work with Drupal 7. I can
> get my site to protect static (just html files but user is redirected to
> WAFY and after authentication is allowed to access the protected
> subfolder) using my current shibboleth setup for the site but am finding
> it difficult to translate it to work with drupal and protect not just a
> particular folder but instead trigger when a user tries to access
> protected content or wants to login.
You can either use lazy sessions, then the user needs to click on the login
link to get authenticated. Or you can use 'forced' sessions, when the session
is initiated by Shibboleth, but in this case, anonymous access is not possible
unless you can split unprotected and protected pages _by path_ . AFAIK, with a
normal Drupal installation, it's not the case.
It's not supported to automatically initiate a Shibboleth session when the
user accesses protected content. I'm not sure how to do this properly.
Probably you can try to hack with your Drupal error template to send the user
to the SessionInitiator URL
> Can I configure the root of my drupal site (also my web_root) as the
> location or do I need to exclude the public access parts of my site?
For public parts you need ShibRequireSession off, for protected parts, you need
ShibRequireSession on. But I'm not sure how you can do the splitting of the
contents.
Kristof
More information about the shib_auth
mailing list