[shib_auth] role id errors

Mike Cammilleri mikec at stat.wisc.edu
Wed Oct 23 17:36:48 CEST 2013 

Also, when I flush all caches in drupal, it fixes the Shib Rule and the 
groups Authenticated User and Forum User once again show up without the 
red box error. This will stay this way for perhaps a few hours, and then 
we'll go back to the error of not being able to resolve the rold id 
numbers.

Thanks guys,
Mike

On 10/23/2013 10:22 AM, Mike Cammilleri wrote:
> All,
>
> I've been having issues with shib_auth and Drupal7 where users for a
> time can authenticate just fine, that at some point in time, AFTER a
> successful shib authentication, the user is returned to the drupal site
> like they should but Drupal acts like they never logged in. The login
> button is still sitting there with no authenticated content displaying.
>
> I know this certainly seems like a drupal 7 issue since shib is
> technically authenticating (as shown by a valid session when checking
> /Shibboleth.sso/Session), but I do get a Shib error when I double check
> my shib group settings.
>
> I have shib_auth module setup so that when a user authenticates, there
> is a rule that adds them to two drupal groups - authenticated user and
> forum user. However, after upgrading from drupal 6 to drupal 7, when
> bringing up the Shibboleth Group Rules, there is a red error box at the
> top that reads:
>
> [Shibboleth authentication] Internal error: no name for role_id '2'
> [Shibboleth authentication] Internal error: no name for role_id '9'
>
> Which I assume is referring to my two groups in drupal, Authenticated
> User and Forum User. It would make sense to me that if the Shib auth
> module cannot decipher that role_id '2' is the Authenticated User group,
> then it also makes sense that after a successful shib login, when routed
> back to drupal, it does not appear to drupal that they are authenticated
> because shib won't add them to the group!
>
> So my question is, would anyone know why shib_auth cannot recognize my
> drupal groups, is there a way to correct it, does this make any sense,
> or does anyone have any other ideas?
>
> By the way, the group rule is a regular expression to make sure that
> only email addresses from our campus are allowed through.
>
> Attribute:
> HTTP_EPPN
>
> Reg Ex:
> [a-z]([a-z-]{1,}?[a-z])\.[1-9]{1,}+ at wisc\.edu
>
>
> Thanks
> Mike
>
> _______________________________________________
> shib_auth mailing list
> shib_auth at listserv.niif.hu
> https://listserv.niif.hu/mailman/listinfo/shib_auth

More information about the shib_auth mailing list