[shib_auth] Problem with server variables

Michael Goldblatt mgoldbla at uw.edu
Wed Jul 11 19:15:13 CEST 2012 

Kristof -

Thanks for getting back to me. Your suggestion that Shibboleth wasn't 
protecting drupal turned out to be correct - it was only protecting the 
sub-directory "secure". Once I set the shibboleth2.xml to protect the 
whole site in passive mode, it worked great.

Thanks for getting me pointed in the right direction.

Michael

________________________________________________
Michael Goldblatt
Senior Computer Specialist
University of Washington
Departments of Economics, Sociology & Philosophy


On 7/11/2012 9:11 AM, Kristof Bajnok wrote:
> Michael,
>
> [sorry for not responding earlier. I was on holiday.]
>
> On 06/07/12 00:41, Michael Goldblatt wrote:
>> However, the solution that Chris posted didn't work for me - I can't
>> seem to get past the Access Denied error and the $_SESSION and $_SERVER
>> variables do not show either my username or the IdP entityId. When I run
>> a C# file that dumps all of my server variables, they are definitely
>> listed there as:
>>
>> HTTP_REMOTEUSER = myusername
>> HTTP_SHIBIDENTITYPROVIDER = urn:mace:incommon:washington.edu
>
> It's very much like Shibboleth was not protecting your Drupal
> installation path although it protects your C# code. Please also make
> sure it isn't a http/https issue.
>
>
>> Modifying the code in shib_auth.module that Chris posted in his thread
>> with my IdP entityID variable has had no effect. The changes I made are
>> as follows:
>>
>> function shib_auth_get_idp() {
>>    if (isset($_SERVER['Shib-Identity-Provider']))
>>      return $_SERVER['Shib-Identity-Provider'];
>>    elseif (isset($_SERVER['Shib_Identity_Provider']))
>>      return $_SERVER['Shib_Identity_Provider'];
>>    elseif (isset ($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']))
>>      return $_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'];
>>    elseif (isset ($_SERVER['HTTP_SHIBIDENTITYPROVIDER']))
>>      return $_SERVER['HTTP_SHIBIDENTITYPROVIDER'];
>>    return '';
>> } //function shib_auth_get_idp
>>
>> and
>>
>> function shib_auth_session_isShib2x() {
>>    if (shib_auth_session_valid()) {
>>      return (isset($_SERVER['Shib-Identity-Provider']) ||
>> isset($_SERVER['Shib_Identity_Provider']) ||
>> isset($_SERVER['HTTP_SHIBIDENTITYPROVIDER']));
>>    }
>
> Yes, unfortunately this simple fix is still missing from the release. (I
> suspect a more generic problem there, which is on my todo list.)
>
>> Is there someplace else I should be looking to get this working? I
>> restarted both the IIS service and the Shibboleth service to no avail.
>
> As I posted in the thread you were referring to, the DEBUG mode must be
> able to display the server variable that holds the identity provider
> information. If it does not, the above fix you have made wouldn't help you.
>
> Kristof
>
> _______________________________________________
> shib_auth mailing list
> shib_auth at listserv.niif.hu
> https://listserv.niif.hu/mailman/listinfo/shib_auth
>

More information about the shib_auth mailing list