Drupal-based Research Environment with Shibboleth-based User Authentication and Support for Social Provider-based Logins
Install and Configure Drupal
Follow instructions at http://drupal.org/documentation/install/download
Install at chosen location under /var/www/html
Install and Configure Shibboleth SP
See the document in this wiki...
Edit /etc/shibboleth/shibboleth2.xml.dist and save edited version as /etc/shibboleth/shibboleth2.xml
Edits to shibboleth2.xml |
---|
<ApplicationDefaults entityID="https://sp.example.org/shibboleth" ...changed to... <ApplicationDefaults entityID="https://sp.yourdomain.org/shibboleth" |
<SSO entityID="https://idp.example.org/idp/shibboleth" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> ...changed to... <SSO discoveryProtocol="SAMLDS" discoveryURL="https://yourdomain.org/shibboleth-ds/index.html"> |
<Errors supportContact="root@localhost" ...changed to... <Errors supportContact="appropriateAdmin@chosen.mail.provider" |
...Insert after... ...these two lines... |
Edit /etc/httpd/conf.d/shib.conf to use lazy sessions for the Drupal instance. See the <Location> block at the bottom of the file.
# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig # RPM installations on platforms with a conf.d directory will # result in this file being copied into that directory for you # and preserved across upgrades. # For non-RPM installs, you should copy the relevant contents of # this file to a configuration location you control. # # Load the Shibboleth module. # LoadModule mod_shib /usr/lib/shibboleth/mod_shib_22.so # # Used for example style sheet in error templates. # <IfModule mod_alias.c> <Location /shibboleth-sp> Allow from all </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css </IfModule> # # Configure the module for content. # # You MUST enable AuthType shibboleth for the module to process # any requests, and there MUST be a require command as well. To # enable Shibboleth but not specify any session/access requirements # use "require shibboleth". # <Location /drupal> AuthType shibboleth ShibRequestSetting requireSession 0 require shibboleth </Location>
Install and Configure the Shibboleth Embedded Discovery Service
Follow instructions at https://wiki.shibboleth.net/confluence/display/EDS10/Embedded+Discovery+Service
First step:
yum install shibboleth-embedded-ds
Install and Configure the Drupal shib_auth Module
See http://drupal.org/project/shib_auth
and https://wiki.aai.niif.hu/index.php?title=DrupalShibbolethReadmeDev
When logged in with administrator privileges after installing the shib_auth module, click "Modules", scroll down to Shibboleth at the bottom of the page and click "Configure".
Here is what the configuration options should look like:
After making any changes (the defaults should work in most cases), click the "Save configuration" button at the bottom of the page.
Your drupal site should now show a "Shibboleth login" option and users can choose their preferred identity provider from those defined in the Bamboo federation metadata. This will include social providers such as Google, Twitter, Yahoo and others if there is a Social2SAML gateway IdP in the federation.