[shib_auth] Shibboleth with Drupal 7 - Apache Configs
Michael.OBrien
Michael.OBrien at ul.ie
Wed May 18 17:38:56 CEST 2011
I have that but am getting a "Shibboleth handler invoked at an
unconfigured location"
My drupal settings are
Shibboleth Login handler URL: /Shibboleth.sso
Shibboleth Login handler URL: /Shibboleth.sso/Logout
Server variable for username: REMOTE_USER
Server variable for e-mail address: HTTP_SHIB_MAIL
Michael
-----Original Message-----
From: shib_auth-bounces at listserv.niif.hu
[mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Kristof Bajnok
Sent: 18 May 2011 11:54
To: shib_auth at listserv.niif.hu
Subject: Re: [shib_auth] Shibboleth with Drupal 7 - Apache Configs
On Wednesday 18 May 2011 11:49:35 Michael.OBrien wrote:
> Thanks for replying. So to get lazy sessions where the user has to
> select the Shibboleth login and where Shibboleth authentication is
> explicitly invoked would I need to set the location as the values
> below or do I need more than 1 location tag with different settings in
> order to configure lazy session shibboleth with drupal
No, never protect your handler (Shibboleth.sso) with shibboleth. Use '/'
instead.
> #The actual value to use in the Location tag is unclear to me
> <Location /Shibboleth.sso> #Shibboleth Application ID
> ShibApplicationId "ShibXMLID"
> #Set lazy sessions
> AuthType shibboleth
> ShibRequireSession "Off"
> Require shibboleth
> #Needed for drupal module
> ShibUseHeaders On
> #Used for compatibility with non shibboleth SAML IDP's
> ShibExportAssertion "On"
Apart from the Location, the above is correct.
> <Location />
This should be </Location>.
The following is an example how to require a Shib session for different
paths:
<Location / >
ShibApplicationId ShibXMLID
AuthType Shibboleth
ShibRequireSession Off
require shibboleth
ShibUseHeaders On
</Location>
<Location /protected>
ShibRequireSession On
</Location>
I have no clue how you can split content in Drupal so that such path
distinction could be made. I'm not even sure it's possible.
Kristof
_______________________________________________
shib_auth mailing list
shib_auth at listserv.niif.hu
https://listserv.niif.hu/mailman/listinfo/shib_auth
More information about the shib_auth
mailing list