March 2012

Setting up aegir to host shibbolized drupal instances

We've spent the last few days working on getting Shibboleth authentication working with our Aegir hosted Drupal instances. It's turned out to be not that difficult to implement.

First add the Shibboloth authentication module to your platform.

Next, create a file called shib.conf in config/server_master/apache/pre.d and add this to it:

<Location />
  AuthType Shibboleth
  ShibRequireSession Off
  # the following single line is only valid for Shib2
  ShibUseHeaders On
  require shibboleth
</Location>

<LocationMatch /Shibboleth.sso(/*)>
  AuthType shibboleth
  ShibRequireSession On
  ShibUseHeaders On
  require valid-user
</LocationMatch>

Restart apache, enable and configure the module in every site you want to use Shibboleth on, and there you go. Every site has the capability to use Shibboleth along with the normal user model. You can add extra Locations to force the user to authentication to the site.

You can also add other config options in this folder. Learn more about Aegir's apache config by doing this:

$ more /var/aegir/config/server_master/apache.conf