Drupal and Shibboleth

| No Comments

With the imminent switch to Shibboleth, I've decided to try out hooking up a Drupal instance...to...Shibboleth. Exactly as the title implies.

I'm using Ubuntu Server 10.04 for my server and rather then authentication against a real IdP, I'm using the public TestShib Two service as an IdP and configuring the SP myself.

Here's how I did it:

0) Register with OpenIdP and get a machine ready for testing.

1) Install the necessary packages:
apache mpm-prefork
mysql (for drupal)!
...and all their friends.

2) Get drupal and install that properly. There are plenty of tutorials out there on how to do this.

3) Configure your apache server so that it looks something like this:

ServerAdmin webmaster@localhost
ServerName x-128-101-79-21.pop.umn.edu
UseCanonicalName On

DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None

Alias /secure /var/www/drupal

Options Indexes FollowSymLinks Multiviews

Order allow,deny
Allow from all

AuthType Shibboleth
ShibRequireSession On
require shibboleth

...and a whole bunch more as needed. You can actually base it off the default-ssl site (...like I did.)

4. Somewhere in your shibboleth2.xml (probably in /etc/shibboleth), you have something that looks like this:

This is the really important part. It's telling you exactly which paths on the server are going to be secured by

Leave a comment

About this Entry

This page contains a single entry by Jeff Kerzner published on September 3, 2010 7:10 PM.

Dynamic Layer 2 filtering (and a concert) was the previous entry in this blog.

Monitors and displays is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.