[shib_auth] Shibboleth with Drupal 7 - Apache Configs
Kristof Bajnok
bajnokk at niif.hu
Wed May 18 12:53:51 CEST 2011
On Wednesday 18 May 2011 11:49:35 Michael.OBrien wrote:
> Thanks for replying. So to get lazy sessions where the user has to
> select the Shibboleth login and where Shibboleth authentication is
> explicitly invoked would I need to set the location as the values below
> or do I need more than 1 location tag with different settings in order
> to configure lazy session shibboleth with drupal
No, never protect your handler (Shibboleth.sso) with shibboleth. Use '/'
instead.
> #The actual value to use in the Location tag is unclear to me
> <Location /Shibboleth.sso>
> #Shibboleth Application ID
> ShibApplicationId "ShibXMLID"
> #Set lazy sessions
> AuthType shibboleth
> ShibRequireSession "Off"
> Require shibboleth
> #Needed for drupal module
> ShibUseHeaders On
> #Used for compatibility with non shibboleth SAML IDP's
> ShibExportAssertion "On"
Apart from the Location, the above is correct.
> <Location />
This should be </Location>.
The following is an example how to require a Shib session for different paths:
<Location / >
ShibApplicationId ShibXMLID
AuthType Shibboleth
ShibRequireSession Off
require shibboleth
ShibUseHeaders On
</Location>
<Location /protected>
ShibRequireSession On
</Location>
I have no clue how you can split content in Drupal so that such path
distinction could be made. I'm not even sure it's possible.
Kristof
More information about the shib_auth
mailing list