[shib_auth] Problem with server variables

Kristof Bajnok bajnokk at niif.hu
Wed Jul 11 18:11:50 CEST 2012 

Michael,

[sorry for not responding earlier. I was on holiday.]

On 06/07/12 00:41, Michael Goldblatt wrote:
> However, the solution that Chris posted didn't work for me - I can't
> seem to get past the Access Denied error and the $_SESSION and $_SERVER
> variables do not show either my username or the IdP entityId. When I run
> a C# file that dumps all of my server variables, they are definitely
> listed there as:
> 
> HTTP_REMOTEUSER = myusername
> HTTP_SHIBIDENTITYPROVIDER = urn:mace:incommon:washington.edu

It's very much like Shibboleth was not protecting your Drupal
installation path although it protects your C# code. Please also make
sure it isn't a http/https issue.


> Modifying the code in shib_auth.module that Chris posted in his thread
> with my IdP entityID variable has had no effect. The changes I made are
> as follows:
> 
> function shib_auth_get_idp() {
>   if (isset($_SERVER['Shib-Identity-Provider']))
>     return $_SERVER['Shib-Identity-Provider'];
>   elseif (isset($_SERVER['Shib_Identity_Provider']))
>     return $_SERVER['Shib_Identity_Provider'];
>   elseif (isset ($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']))
>     return $_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'];
>   elseif (isset ($_SERVER['HTTP_SHIBIDENTITYPROVIDER']))
>     return $_SERVER['HTTP_SHIBIDENTITYPROVIDER'];
>   return '';
> } //function shib_auth_get_idp
> 
> and
> 
> function shib_auth_session_isShib2x() {
>   if (shib_auth_session_valid()) {
>     return (isset($_SERVER['Shib-Identity-Provider']) ||
> isset($_SERVER['Shib_Identity_Provider']) ||
> isset($_SERVER['HTTP_SHIBIDENTITYPROVIDER']));
>   }

Yes, unfortunately this simple fix is still missing from the release. (I
suspect a more generic problem there, which is on my todo list.)

> Is there someplace else I should be looking to get this working? I
> restarted both the IIS service and the Shibboleth service to no avail.

As I posted in the thread you were referring to, the DEBUG mode must be
able to display the server variable that holds the identity provider
information. If it does not, the above fix you have made wouldn't help you.

Kristof

More information about the shib_auth mailing list