1 260
szerkesztés
Módosítások
a
→Configuring Shibboleth
== Configuration ==
=== Configuring Shibboleth ===
You should be familiar with protecting resources with Shibboleth before using this module. (See [https://spaces.internet2.edu/display/SHIB2/NativeSPProtectContent Shibboleth Wiki]) Please check that Shibboleth authentication is working for that the location of your Drupal installation and all the necessary attributes are exported to the headers. You can enable [[Drupal Shibboleth module#DEBUG mode | DEBUG mode]] to dump the whole '''$_SERVER''' array. If you can see Shibboleth attributes there, you're fine.
In Shibboleth there are two modes for protecting resources:
* '''Lazy Sessions''': session is only initiated if an application redirects user to the SessionInitiator URL. In this module, it is done by clicking the ''"Login with Shibboleth"'' link. Anonymous access is possible as well as using other authentication methods.
:: <small>Detailed description of [[Lazy Session|lazy sessions]] in Hungarian.</small>
* '''"Strict" Sessions''' (normal sessions): users can only access Drupal content if they have a valid Shibboleth session. This In this case, no anonymous access can be granted (not even read-only) and you can not use any auxiliary authentication methods.
{{STOP|If you decide to use lazy sessions and you don't want your users to be able to log in with a password, [[#Disallowing password change|you have to disable changing passwords]]}}
{{ATTENTION_EN|You '''MUST''' use <code>ShibUseHeaders On</code> if you use Shibboleth2 with '''<code>mod_rewrite</code>'''.
<code>mod_rewrite </code> prefixes CGI environment variables with '''<code>REDIRECT_</code>''', so you have to instruct Shibboleth2 to use headers instead.
Shibboleth 1.3 always uses headers, therefore the <code>ShibUseHeaders</code> directive is invalid with Shibboleth 1.3.}}
