[shib_auth] Regarding shib_auth module - user creation problem

Snehal Tapdiya Snehal.Tapdiya at utoronto.ca
Mon Feb 6 17:17:49 CET 2012 

Hi,


I am using shib_auth module to authorize the user for shibboleth authorization. The shib authorization working fine, I can see the username, email etc in the headers. But automatic user's creation not working and also for existing users also its not linking account on Drupal side. I tried to create the user manually on Drupal site and created entry for that user in shib_auth and auth_Map tables. But this is also not working. Below are the details of configuration for my site, please tell me if I'm missing any configuration for linking user after shib authorization to Drupal.
I appreciate your help in this regard. Thank you so much for your help and time.

Please let me know if you need any other info from my side. I would be more than grateful for any help in this regard

Configuration details:

I have Drupal 7.9 installed and shib auth module's production release - 7.x-4.0. I have also tried development release, same result.

On apache side I have following configuration,

<Location />
    ShibRequireSession On
    AuthType Shibboleth
    ShibUseHeaders On
    Require valid-user
</Location>

And I'm using Strict Sessions for protection.

Debug dump:

$_SESSION:

Array
(
    [shib_auth_username] => my_username

)


$_SERVER:

Array
(
    [REDIRECT_HTTPS] => on
    [REDIRECT_SSL_TLS_SNI] => my_sitename
    [REDIRECT_Shib-Application-ID] => Default
    [REDIRECT_Shib-Session-ID] => _4375845684
    [REDIRECT_Shib-Authentication-Instant] => 2012-02-06T13:51:59.296Z
    [REDIRECT_Shib-Authentication-Method] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [REDIRECT_Shib-AuthnContext-Class] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [REDIRECT_affiliation] => staff
    [REDIRECT_eppn] => my_emailid
    [REDIRECT_utorid] => my_username
    [REDIRECT_STATUS] => 200
    [HTTPS] => on
    [SSL_TLS_SNI] => my_sitename
    [Shib-Application-ID] => default
    [Shib-Session-ID] => _4375845684
    [Shib-Authentication-Instant] => 2012-02-06T13:51:59.296Z
    [Shib-Authentication-Method] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [Shib-AuthnContext-Class] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [affiliation] => staff
    [eppn] => my_emailid
    [utorid] => my_useranme
    [HTTP_HOST] => my_sitename
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_CONNECTION] => keep-alive
    [HTTP_COOKIE] => Drupal.toolbar.collapsed=0; _shibstate_64656661756c7468747470733a2f2f73702e7365637572652e6d65642e75746f726f6e746f2e63612f73686962=; _shibsession_64656661756c7468747470733a2f2f73702e7365637572652e6d65642e75746f726f6e746f2e63612f73686962=_3066727279cfd4f6e1ee7c39c142c67c; SSESS5c86098cacb99836680602466c8e5888=pf8gQxAs-EfDB-b9Smy7B1yWhZewu3bhrMZcPmxe74c; has_js=1
    [HTTP_SHIB_SESSION_ID] => _3066727279cfd4f6e1ee7c39c142c67c
    [HTTP_SHIB_IDENTITY_PROVIDER] =>
    [HTTP_SHIB_AUTHENTICATION_METHOD] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [HTTP_SHIB_AUTHENTICATION_INSTANT] => 2012-02-06T13:51:59.296Z
    [HTTP_SHIB_AUTHNCONTEXT_CLASS] => urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    [HTTP_SHIB_AUTHNCONTEXT_DECL] =>
    [HTTP_SHIB_ASSERTION_COUNT] =>
    [HTTP_REMOTE_USER] =>
    [HTTP_EPPN] => my_emailid
    [HTTP_UNSCOPED_AFFILIATION] =>
    [HTTP_ENTITLEMENT] =>
    [HTTP_TARGETED_ID] =>
    [HTTP_PERSISTENT_ID] =>
    [HTTP_UTORID] => my_username
    [HTTP_PERSONID] =>
    [HTTP_AFFILIATION] => staff
    [HTTP_SHIB_APPLICATION_ID] => default
    [PATH] => /usr/local/bin:/usr/bin:/bin
    [SERVER_SIGNATURE] => Apache/2.2.14 (Ubuntu) Server my_sitename port no

    [SERVER_SOFTWARE] => Apache/2.2.14 (Ubuntu)
    [SERVER_NAME] => my_sitename
    [SERVER_ADDR] => ip_addr
    [SERVER_PORT] => port_num
    [REMOTE_ADDR] => ip_addr
    [DOCUMENT_ROOT] => /drupal_path /drupal-7.9P
    [SERVER_ADMIN] => [no address given]
    [SCRIPT_FILENAME] => /drupal_path/drupal-7.9P/index.php
    [REMOTE_PORT] => remote_port
    [REMOTE_USER] => my_emailid
    [REDIRECT_URL] => /debug/dd
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] =>
    [REQUEST_URI] => /debug/dd
    [SCRIPT_NAME] => /index.php
    [PHP_SELF] => /index.php
    [PHP_AUTH_USER] => my_emailid
    [REQUEST_TIME] => 1328536316
    [HTTP_REFERER] =>
)

MODULE CONFIGURATION:

Array
(
    [account_linking] => 1
    [account_linking_text] => Link this account with another identity
    [auto_destroy_session] => 0
    [debug_state] => 1
    [debug_url] => debug/
    [define_username] => 0
    [email_variable] => HTTP_EPPN
    [enable_custom_mail] => 0
    [force_https] => 0
    [forceauthn] => 1
    [full_handler_url] => login_url
    [full_logout_url] => logout_url
    [handler_protocol] => https
    [handler_url] => /Shibboleth.sso
    [is_passive] => 0
    [link_text] => Shibboleth Login
    [login_url] =>
    [logout_url] => /
    [terms_accept] => 0
    [terms_url] => /
    [terms_ver] =>
    [username_variable] => HTTP_UTORID
    [wayf_uri] => /DS
)


Thanks,
Snehal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20120206/a5f9fb26/attachment-0001.html>

More information about the shib_auth mailing list