Drupal Shibboleth Authentication Ray Saray Ali Karim Andrea - - PowerPoint PPT Presentation

drupal shibboleth authentication
SMART_READER_LITE
LIVE PREVIEW

Drupal Shibboleth Authentication Ray Saray Ali Karim Andrea - - PowerPoint PPT Presentation

Mar 02, 2024 110 likes •316 views

Drupal Shibboleth Authentication Ray Saray Ali Karim Andrea Kapitan Server Tools AWS Docker Shibboleth Service Resources AWS Elastic Beanstalk - for deploying and scaling applications

slide-1
SLIDE 1

Drupal Shibboleth Authentication

Ray Saray Ali Karim Andrea Kapitan

slide-2
SLIDE 2

AWS Docker Shibboleth

  • Server Tools
slide-3
SLIDE 3

Service Resources

  • AWS
  • Elastic Beanstalk - for deploying and scaling

applications

  • Elastic File System (EFS) - store user files and mount to

Elastic Beanstalk EC2 instance which maps to Docker

  • Amazon Aurora - a low cost, high performance,

scalable database

  • Github and Docker repositories [Dockerhub.com]
  • Shibboleth Service Provider
slide-4
SLIDE 4

Prerequisites

  • Github Repository
  • Dockerhub Repository
  • Elastic File System (EFS) instance
  • Application database
  • Registered Shibboleth Service Provider
  • SSL Certificate for the site
slide-5
SLIDE 5

Workflow

  • Check latest code to Github
  • Create Docker image
  • Push Docker image to Dockerhub
  • Deploy using Elastic Beanstalk CLI
slide-6
SLIDE 6

Docker

  • docker build --no-cache=true -t vptldev/

drupalshib .

  • Builds a Docker image containing: OS, Drupal,

Shibboleth certificate and configuration files, etc…

  • docker push vptldev/drupalshib
slide-7
SLIDE 7

AWS Elastic Beanstalk Configuration

  • Dockerrun.aws.json
  • .ebextensions folder
  • eb deploy
slide-8
SLIDE 8

Shibboleth Module Installation

  • Add shib_auth module to Drupal. Add using drush in the

Docker container, and check the new version into Github.

  • ssh to EC2
  • sudo su
  • docker ps to get container id
  • docker –i –t exec <CONTAINERID> bash
  • cd /var/www/html
  • drush en shib_auth
  • drush up shib_auth
  • Push your new files to github using standard git

command

slide-9
SLIDE 9

Shibboleth Service Provider Configuration P1

  • Add Shibboleth to Apache config
  • Add RewiteCond to to server configuration:

RewriteCond %{REQUEST_URI} !^/ Shibboleth.sso($|/)

  • Generate certificate for the Service Provider
slide-10
SLIDE 10

Shibboleth Service Provider Configuration P2

  • Add attributes to attribute-map.xml file
slide-11
SLIDE 11

Shibboleth Service Provider Configuration P3

Add Shibboleth SP db connection details to

  • dbc.ini file
slide-12
SLIDE 12

Shibboleth Service Provider Configuration P4

  • Configure Shibboleth Service Provider

shibboleth/shibboleth2.xml

  • Application defaults
  • ODBC database
  • Session settings
slide-13
SLIDE 13

Shibboleth Service Provider Configuration P5

  • Add attributes to mapping files
  • Register Shibboleth Service Provider with the

Identity Provider (https://spdb.stanford.edu)

slide-14
SLIDE 14

Shibboleth Drupal Module Settings P1

Shibboleth attribute settings /admin/config/people/shib_auth

slide-15
SLIDE 15

Shibboleth Drupal Module Settings P2

  • Shibboleth attributes
slide-16
SLIDE 16

Troubleshooting

  • We added Xdebug functionality to our Docker to

allow debugging with NetBeans To check if you get attributes from IDP:

  • tail –f /var/log/shibboleth/transaction.log
  • tail -f /var/log/shibboleth/shibd.log
slide-17
SLIDE 17

Node Access Configuration

Add a role for student and only give that role access to the course page, and main course page content types

slide-18
SLIDE 18

Questions?

slide-19
SLIDE 19

Thank you

Ray Saray (rsaray@stanford.edu) Ali Karim (alikarim@stanford.edu) Andrea Kapitan (akapitan@stanford.edu)

https://github.com/rsaray/DrupalShibDocker.git