[shib_auth] role id errors
Mike Cammilleri
mikec at stat.wisc.edu
Wed Oct 23 17:22:26 CEST 2013
All,
I've been having issues with shib_auth and Drupal7 where users for a
time can authenticate just fine, that at some point in time, AFTER a
successful shib authentication, the user is returned to the drupal site
like they should but Drupal acts like they never logged in. The login
button is still sitting there with no authenticated content displaying.
I know this certainly seems like a drupal 7 issue since shib is
technically authenticating (as shown by a valid session when checking
/Shibboleth.sso/Session), but I do get a Shib error when I double check
my shib group settings.
I have shib_auth module setup so that when a user authenticates, there
is a rule that adds them to two drupal groups - authenticated user and
forum user. However, after upgrading from drupal 6 to drupal 7, when
bringing up the Shibboleth Group Rules, there is a red error box at the
top that reads:
[Shibboleth authentication] Internal error: no name for role_id '2'
[Shibboleth authentication] Internal error: no name for role_id '9'
Which I assume is referring to my two groups in drupal, Authenticated
User and Forum User. It would make sense to me that if the Shib auth
module cannot decipher that role_id '2' is the Authenticated User group,
then it also makes sense that after a successful shib login, when routed
back to drupal, it does not appear to drupal that they are authenticated
because shib won't add them to the group!
So my question is, would anyone know why shib_auth cannot recognize my
drupal groups, is there a way to correct it, does this make any sense,
or does anyone have any other ideas?
By the way, the group rule is a regular expression to make sure that
only email addresses from our campus are allowed through.
Attribute:
HTTP_EPPN
Reg Ex:
[a-z]([a-z-]{1,}?[a-z])\.[1-9]{1,}+ at wisc\.edu
Thanks
Mike
More information about the shib_auth
mailing list