[shib_auth] Shibboleth with Drupal 7 - Apache Configs

Michael.OBrien Michael.OBrien at ul.ie
Wed May 18 11:49:35 CEST 2011 

Hi Kristof,

Thanks for replying. So to get lazy sessions where the user has to
select the Shibboleth login and where Shibboleth authentication is
explicitly invoked would I need to set the location as the values below
or do I need more than 1 location tag with different settings in order
to configure lazy session shibboleth with drupal

#The actual value to use in the Location tag is unclear to me
<Location /Shibboleth.sso>
#Shibboleth Application ID
ShibApplicationId "ShibXMLID"
#Set lazy sessions
AuthType shibboleth
ShibRequireSession "Off"
Require shibboleth
#Needed for drupal module
ShibUseHeaders On
#Used for compatibility with non shibboleth SAML IDP's
ShibExportAssertion "On"
<Location />



-----Original Message-----
From: shib_auth-bounces at listserv.niif.hu
[mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Kristof Bajnok
Sent: 18 May 2011 08:34
To: shib_auth at listserv.niif.hu
Subject: Re: [shib_auth] Shibboleth with Drupal 7 - Apache Configs

On Tuesday 17 May 2011 19:21:35 Michael.OBrien wrote:
> I am trying to get the shibboleth module to work with Drupal 7. I can 
> get my site to protect static (just html files but user is redirected 
> to WAFY and after authentication is allowed to access the protected
> subfolder) using my current shibboleth setup for the site but am 
> finding it difficult to translate it to work with drupal and protect 
> not just a particular folder but instead trigger when a user tries to 
> access protected content or wants to login.

You can either use lazy sessions, then the user needs to click on the
login link to get authenticated. Or you can use 'forced' sessions, when
the session is initiated by Shibboleth, but in this case, anonymous
access is not possible unless you can split unprotected and protected
pages _by path_ . AFAIK, with a normal Drupal installation, it's not the
case. 

It's not supported to automatically initiate a Shibboleth session when
the user accesses protected content. I'm not sure how to do this
properly. 
Probably you can try to hack with your Drupal error template to send the
user to the SessionInitiator URL

> Can I configure the root of my drupal site (also my web_root) as the 
> location or do I need to exclude the public access parts of my site?

For public parts you need ShibRequireSession off, for protected parts,
you need ShibRequireSession on. But I'm not sure how you can do the
splitting of the contents.

Kristof

_______________________________________________
shib_auth mailing list
shib_auth at listserv.niif.hu
https://listserv.niif.hu/mailman/listinfo/shib_auth

More information about the shib_auth mailing list