Skip to Content


Drupalpress, Drupal in the Health Sciences Library at UVA: Setting up Shibboleth + Ubuntu 14 + Drupal 7 on AWS with integration

Planet Drupal - 16 November 2015 - 7:48am

We’ve recently begun moving to amazon web services for hosting, however we still need to authenticate through ITS who handles the central SSO Authentication services for  In previous posts we looked at Pubcookie aka Netbadge - however Pubcookie is getting pretty long in the tooth (it’s last release back in 2010) and we are running Ubuntu 14 with Apache 2…. integrating pubcookie was going to be a PITA…. so it was time to look at Shibboleth – an Internet2  SSO standard that works with SAML  and is markedly more modern than pubcookie – allowing federated logins between institutions etc…

A special thanks to Steve Losen who put up with way more banal questions than anyone should have to deal with… that said, he’s the man

Anyhow – ITS does a fine job at documenting the basics -  Since we’re using ubuntu the only real difference is that we used apt-get

Here’s the entire install from base Ubuntu 14

apt-get install apache2 mysql-server php5 php-pear php5-mysql php5-ldap libapache2-mod-shib2 shibboleth-sp2-schemas drush sendmail ntp


Apache Set up

On the Apache2 side  we enabled some modules and the default ssl site

a2enmod ldap rewrite  shib2 ssl
a2ensite default-ssl.conf

Back on the apache2 side here’s our default SSL 

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /some_web_directory/
<Directory /some_web_directory/>
AllowOverride All

SSLEngine on

SSLCertificateFile /somewheresafe/biocon_hsl.crt
SSLCertificateKeyFile /somewheresafe/biocon_hsl.key

<Location />
AuthType shibboleth
ShibRequestSetting requireSession 0 ##This part meant that creating a session is possible, not required
require shibboleth

the location attributes are important – if you don’t have that either in the Apache conf you’ll need it in an .htaccess in the drupal directory space

Shibboleth Config

The Shibboleth side confused me for a hot minute.

we used  shib-keygen as noted in the documentation to create keys for shibboleth and ultimately the relevant part of our /etc/shibboleth/shibboleth2.xml looked like this

<ApplicationDefaults entityID=””
REMOTE_USER=”eppn uid persistent-id targeted-id”>

<Sessions lifetime=”28800″ timeout=”3600″ relayState=”ss:mem”
checkAddress=”false” handlerSSL=”true” cookieProps=”https”>
<!–we went with SSL Required – so change handlerSSL to true and cookieProps to https

<SSO entityID=””>
<!–this is the production value, we started out with the testing config – ITS provides this in their documentation–>

<MetadataProvider type=”XML” file=”UVAmetadata.xml” />
<!–Once things are working you should be able to find this at – it’s a file you download from ITS = RTFM –>
<AttributeExtractor type=”XML” validate=”true” reloadChanges=”false” path=”attribute-map.xml”/>
<!–attribute-map.xml is the only other file you’re going to need to touch–>

<CredentialResolver type=”File” key=”sp-key.pem” certificate=”sp-cert.pem”/>
<!–these are the keys generated with shib-keygen –>
<Handler type=”Session” Location=”/Session” showAttributeValues=”true”/>
<!–During debug we used with the  showAttributeValues=”true” setting on to see what was coming across from the UVa  Shibboleth IdP–>

/etc/shibboleth/attribute-map.xml looked like this

<Attribute name=”urn:mace:dir:attribute-def:eduPersonPrincipalName” id=”eppn”>
<AttributeDecoder xsi:type=”ScopedAttributeDecoder”/>

<Attribute name=”urn:mace:dir:attribute-def:eduPersonScopedAffiliation” id=”affiliation”>
<AttributeDecoder xsi:type=”ScopedAttributeDecoder” caseSensitive=”false”/>
<Attribute name=”urn:oid:″ id=”affiliation”>
<AttributeDecoder xsi:type=”ScopedAttributeDecoder” caseSensitive=”false”/>

<Attribute name=”urn:mace:dir:attribute-def:eduPersonAffiliation” id=”unscoped-affiliation”>
<AttributeDecoder xsi:type=”StringAttributeDecoder” caseSensitive=”false”/>
<Attribute name=”urn:oid:″ id=”unscoped-affiliation”>
<AttributeDecoder xsi:type=”StringAttributeDecoder” caseSensitive=”false”/>

<Attribute name=”urn:mace:dir:attribute-def:eduPersonEntitlement” id=”entitlement”/>
<Attribute name=”urn:oid:″ id=”entitlement”/>

<Attribute name=”urn:mace:dir:attribute-def:eduPersonTargetedID” id=”targeted-id”>
<AttributeDecoder xsi:type=”ScopedAttributeDecoder”/>

<Attribute name=”urn:oid:″ id=”persistent-id”>
<AttributeDecoder xsi:type=”NameIDAttributeDecoder” formatter=”$NameQualifier!$SPNameQualifier!$Name” defaultQualifiers=”true”/>

<!– Fourth, the SAML 2.0 NameID Format: –>
<Attribute name=”urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” id=”persistent-id”>
<AttributeDecoder xsi:type=”NameIDAttributeDecoder” formatter=”$NameQualifier!$SPNameQualifier!$Name” defaultQualifiers=”true”/>
<Attribute name=”urn:oid:″ id=”eduPersonPrincipalName”/>
<Attribute name=”urn:oid:0.9.2342.19200300.100.1.1″ id=”uid”/>

Those two pieces marked in red are important – they’re going to be the bits that we pipe in to Drupal

For  debugging we used the following URL to see what was coming across – once it was all good we got a response that looks like

Session Expiration (barring inactivity): 479 minute(s)
Client Address:
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Identity Provider:
Authentication Time: 2015-11-16T15:35:39.118Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Authentication Context Decl: (none)

uid: adp6j
unscoped-affiliation: member;staff;employee

The uid and eduPersonPrincipalName variables being the pieces we needed to get Drupal to set up a session for us

Lastly the Drupal bit

The Drupal side of this is pretty straight

We installed Drupal as usual  and grabbed the shib_auth module.


and on the Advanced Tab

Categories: Drupal

Drupal Commerce: Contributor Spotlight: Joël Pittet

Planet Drupal - 16 November 2015 - 6:53am
Say hi. (who are you and what do you do in the Commerce ecosystem)

Hi:) My name is Joël Pittet and I’m out of Vancouver, BC, Canada. I offered to help co-maintain commerce_discount and a few other Commerce modules as well as likely involved in messing about with patches all over Commerce ecosystem.

How did you get involved with contributing to Drupal Commerce?

Started working on a Drupal Commerce project, noticed things could use some fixing up and jumped in the deep end. I was recognized for helping triage the commerce queue in a fervor to fix all the things.

Categories: Drupal

Drupal Easy: DrupalEasy Podcast 164 - Dentistry (Paul Johnson - Drupal Social Media)

Planet Drupal - 16 November 2015 - 6:18am
Download Podcast 164

Paul Johnson (pdjohnson) joins Mike Anello and Ted Bowman to talk about Drupal's social media presence, how community members can get involved, and the forthcoming release of Drupal 8!

read more

Categories: Drupal


New Drupal Modules - 16 November 2015 - 5:52am

Resume is a front-end for the open source libresume library that helps you easily build resumes.

libresume allows you to build your resume once and apply any number of free resume designs.

Categories: Drupal

Workbench Notifier

New Drupal Modules - 16 November 2015 - 3:03am

Extends Workbench moderation and provides a way for administrators to configure notification transitions based on user roles and notification messages between those transitions. Transition notification will be shown as push notification with help of taskbar activity.

Categories: Drupal

Jim Birch: No more View pages

Planet Drupal - 16 November 2015 - 2:00am

Views has long been one of the magic pieces that makes Drupal my CMS of choice.  Views allows us to easily create queries of content in the UI, giving great power to the site builder. 

When you first create a view, the default, obvious choice is to create a "Page" display of the view.  A Page has a URL that people can visit to see the information, and gets us as site builders closer to job done.  However, I don't want you to do it!

When you first create a view, the options are that you can make a Page and a Block.  Selecting neither will allow you to create a "Master" display, and additional modules can hook it and add addtional displays for your view.  In the screenshot below, you see we have additional displays of Attachment, Content pane, Context, and Feed in addition to the Block and Page displays.

All of our sites already have some sort of "Page" content type, for basic content of the site.  In this page content type, we add fields, set meta descriptions, get added to the xml sitemap, and include the pages in Drupal's core search.  When you create a view page, we only get the output as a url, we miss the benefit of having a "Page" node at that url.

Read more

Categories: Drupal

Delete Content Directly

New Drupal Modules - 16 November 2015 - 1:04am

Delete Content Directly module helps users to delete content without filling the required fields of content edit form.

Any user who has "delete content directly" or "delete content" permissions can view Delete Content link in the content edit form.

When user clicks the delete content link he is not required to fill all the required fields which are empty. He is directly taken to confirmation page of content deletion process.

Categories: Drupal

Chris Hall on Drupal 8: Drupal Site Builder role

Planet Drupal - 16 November 2015 - 12:59am
Drupal Site Builder role chrishu Mon, 11/16/2015 - 08:59
Categories: Drupal

enterprise wechat

New Drupal Modules - 15 November 2015 - 9:22pm

Integration with with Weixin (wechat) is a popular mobile app in China, which have 6500 million active users. Enterprise wechat is only used in China; the document and the description of this module use Chinese.

Categories: Drupal

Node expire sets

New Drupal Modules - 15 November 2015 - 8:13pm

Node expire sets module.

Categories: Drupal

DrupalCon News: 7 Things You Must Experience in India

Planet Drupal - 15 November 2015 - 4:47pm

India is shaped by countless influences, from centuries old civilizations to modern day technology. In its long journey, the country has absorbed many different cultures, which have given it different dimensions. You must experience some of these when you come for DrupalCon Asia 2016. Here is a list of seven unique experiences that will make your trip worth remembering.

Categories: Drupal

Ricochet Maintenance

New Drupal Modules - 15 November 2015 - 3:48pm

Coming soon...

Categories: Drupal

Multi Website Cache Flush (MWCF)

New Drupal Modules - 15 November 2015 - 6:00am

This module enables you to flush the entire Drupal cache on multiple websites. So if you have the websites with the URLs and and etc., you can clear their cache at once. Just by calling an URL on the master site. Master site means the site, where the URLs from the specific websites are contained in a config file.

Categories: Drupal

Search Limit

New Drupal Modules - 14 November 2015 - 10:43am

Currently this module extends search module to have following functionality:

Categories: Drupal

Paul Johnson: Tell me your Celebr8D8 plans

Planet Drupal - 14 November 2015 - 3:40am

I am spearheading the Drupal 8 release celebrations on social media Thursday 19th November. Perhaps, like me, you have been working behind the scenes on a personal project to mark this significant occasion. If you have a website, special party, publicity stunt planned I'm keen to know about it. Come the big day I will use Drupal's social media and @Celebr8D8 to tell the world about your event, site, stunt.

Use my contact form to let me know about your release day plans. Thanks!

Categories: Drupal

Navbar Info Framework

New Drupal Modules - 14 November 2015 - 3:30am

Extensible framework to stick information for certain roles/permissions into the navbar tab and/or tray.

Categories: Drupal

agoradesign: Including image styles in your module or theme in Drupal 8

Planet Drupal - 14 November 2015 - 2:29am
Today I have a small practical tipp for those, who want to include a custom image style in their module or theme in Drupal 8, including a best practice proposal.
Categories: Drupal

ActiveLAMP: Visual Regression Testing with

Planet Drupal - 13 November 2015 - 6:00pm is a nifty website testing tool created by Gizra. We at ActiveLAMP were first introduced to at DrupalCon LA, in fact, is built on, you guessed it, Drupal 7 and it is an open source visual regression toolkit.

Categories: Drupal

AJAX Include

New Drupal Modules - 13 November 2015 - 1:48pm

AJAX Include Pattern for Modular Content.


- matchMedia.js and Ajax-Include-Pattern
Download the library archives from the folllowing:

Categories: Drupal

Drupal core announcements: Drupal core security release window on Wednesday, November 18

Planet Drupal - 13 November 2015 - 1:24pm
Start:  2015-11-18 (All day) America/New_York Organizers:  David_Rothstein Event type:  Online meeting (eg. IRC meeting)

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, November 18.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, December 2 (and before that, on November 19, Drupal 8.0.0 is scheduled to be released).

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Drupal
Syndicate content

about seo