With the imminent switch to Shibboleth, I've decided to try out hooking up a Drupal instance...to...Shibboleth. Exactly as the title implies.
I'm using Ubuntu Server 10.04 for my server and rather then authentication against a real IdP, I'm using the public TestShib Two service as an IdP and configuring the SP myself.
Here's how I did it:
0) Register with OpenIdP and get a machine ready for testing.
1) Install the necessary packages:
apache mpm-prefork
php5
libapache2-mod-shib2
mysql (for drupal)!
...and all their friends.
2) Get drupal and install that properly. There are plenty of tutorials out there on how to do this.
3) Configure your apache server so that it looks something like this:
ServerAdmin webmaster@localhost
ServerName x-128-101-79-21.pop.umn.edu
UseCanonicalName On
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
Alias /secure /var/www/drupal
Options Indexes FollowSymLinks Multiviews
Order allow,deny
Allow from all
AuthType Shibboleth
ShibRequireSession On
require shibboleth
...and a whole bunch more as needed. You can actually base it off the default-ssl site (...like I did.)
4. Somewhere in your shibboleth2.xml (probably in /etc/shibboleth), you have something that looks like this:
This is the really important part. It's telling you exactly which paths on the server are going to be secured by
Leave a comment