[shib_auth] logging in a drupal user with a shib session fromanother log in

[Kristof Bajnok]

On 2011. May 23. 15:20:08 Tommy Peterson wrote:
> I'm not restricting any particular piece of information. I am restricting
> the entire site. So as soon as someone tries to reach the site I want them
> to log in using Shibboleth to establish the Shibboleth session. Then they
> can browse the entire Drupal site and also the related Moodle courses
> embedded inside Drupal. 

Then you clearly need 'ShibRequireSession on' at the root of your site.

> But right now I just get taken to the Drupal
> homepage, after they log in to Shibboleth via the Shibboleth default login
> page. Then the user has to click login (as they normally would without
> Shibboleth) to log in again. 

If you had an existing Shibboleth session (after logging in into Moodle), you 
should be automatically authenticated also in Drupal, if these two 
installations are in the same SP context (they are on the same server with no 
different 'applicationId' settings, etc).

> And then they are connected to via the Drupal
> shibboleth module. I know this because I saw a Drupal error/warning
> message that said that the user already existed and it referenced
> Shibboleth.

This message is an error message. In Drupal, mail addresses (and usernames, of 
course) must be unique. This error is thrown after the module qualified the 
login attempt as a new user registration, while the username/mail is already 
registered in Drupal (but not in the module's tables). 

The module only handles users that were created by itself, see 
http://drupal.org/node/1093712#comment-4353734

This behaviour should have been documented long ago, I've just made it up: 
https://wiki.aai.niif.hu/index.php?title=DrupalShibbolethReadmeDev#Pre-
creating_users

> I just want to log them into Shibboleth and have Drupal pick up the login
> and not require them to log in again. Is this how this module works?

Yes.

Kristof