[shib_auth] logging in a drupal user with a shib session fromanother log in

Tue May 24 17:59:35 CEST 2011

Update . . . it is working now.

You were correct for one source of my problem in getting this to work . . . not requiring "shibboleth" in the Apache lock down. I had "require user".

The other issues are not related to this module or this forum so I will spare you.

Thanks
Tommy

-----Original Message-----
From: shib_auth-bounces at listserv.niif.hu [mailto:shib_auth-bounces at listserv.niif.hu] On Behalf Of Kristof Bajnok
Sent: Monday, May 23, 2011 10:39 AM
To: shib_auth at listserv.niif.hu
Subject: Re: [shib_auth] logging in a drupal user with a shib session fromanother log in

On 2011. May 23. 15:20:08 Tommy Peterson wrote:
> I'm not restricting any particular piece of information. I am restricting
> the entire site. So as soon as someone tries to reach the site I want them
> to log in using Shibboleth to establish the Shibboleth session. Then they
> can browse the entire Drupal site and also the related Moodle courses
> embedded inside Drupal.

Then you clearly need 'ShibRequireSession on' at the root of your site.

> But right now I just get taken to the Drupal
> homepage, after they log in to Shibboleth via the Shibboleth default login
> page. Then the user has to click login (as they normally would without
> Shibboleth) to log in again.

If you had an existing Shibboleth session (after logging in into Moodle), you
should be automatically authenticated also in Drupal, if these two
installations are in the same SP context (they are on the same server with no
different 'applicationId' settings, etc).

> And then they are connected to via the Drupal
> shibboleth module. I know this because I saw a Drupal error/warning
> message that said that the user already existed and it referenced
> Shibboleth.

This message is an error message. In Drupal, mail addresses (and usernames, of
course) must be unique. This error is thrown after the module qualified the
login attempt as a new user registration, while the username/mail is already
registered in Drupal (but not in the module's tables).

The module only handles users that were created by itself, see
http://drupal.org/node/1093712#comment-4353734

This behaviour should have been documented long ago, I've just made it up:
https://wiki.aai.niif.hu/index.php?title=DrupalShibbolethReadmeDev#Pre-
creating_users

> I just want to log them into Shibboleth and have Drupal pick up the login
> and not require them to log in again. Is this how this module works?

Yes.

Kristof

_______________________________________________
shib_auth mailing list
shib_auth at listserv.niif.hu
https://listserv.niif.hu/mailman/listinfo/shib_auth

This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
 Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.