15 Minutes + Pubcookie + Drupal = UVa + Netbadge

SITUATION

NetBadge is the ubiquitous authorization tool here at UVa, and it authenticates every user providing access to hundreds of resources On-Grounds.  Adding UVa credentials to your website is a great way to qualify the input on your site.  Everything from adding comments on a site to providing special features or content may be of help as you develop a new site.  An added bonus?  One less password and login to learn!

NB: Before you being, remember that ITC must create a NetBadge identity on your server. Talk to your department’s ITC liaison to make this happen.

SOLUTION

Drupal has numerous authentication options, one of them is known as pubcookie. This is technically the name of NetBadge (Why does ITC call it NetBadge?  Who knows, who cares… maybe it makes them feel special.  Whatever.  Its real name is pubcookie, so from here on that’s what we’ll call it.)

  1. So you’ve installed Drupal and you now need to download Pubcookie
  2. Be a good Drupal developer and upload the contents of Pubcookie into yoursite.com/sites/all/modules/pubcookie
  3. Turn the pubcookie module on /yoursite.com/admin/build/modules
  4. Go to yoursite.com/admin/settings/pubcookie and
    1. Set “Domain = virginia.edu”
    2. Set “Login Directory = login”
    3. Set “Successful login URL: YourWebSite.com”
    4. and lastly “select ID/E-mail equivalency”
  5. Now you (or your ITC buddy) needs to add the following lines into the .conf file that controls your webserver.  At the end of your main <VirtualHost *:80> add RedirectMatch ^/(login.*)$ https://intranet.hsl.virginia.edu/$1and under your <VirtualHost *:443> (the area for comfy secureness) add<Location /login>
    AuthType NetBadge
    Require valid-user
    PubcookieAppId somenamehere *use your own department or something…
    </Location>
  6. Restart your webserver (service httpd restart) and you’ve got pubcookie authentication on your site.
  7. Create a menu link that goes to http://yoursite.virginia.edu/login/pc?destination and label it to your liking.

Users with UVa credentials are now able to log in to your site automagicallly and a Drupal user is created with default authenticated permissions.  You may alternately set them to join a specific role, have different landing pages etc.

For clarity’s sake here’s a sample httpd.conf file from our server and a screen shot of the settings.

<VirtualHost *:80>
ServerAdmin someone@somewhere.com
DocumentRoot /var/www/vhosts/yourwebsiteliveshere
ServerName a.website.at.virginia.edu:80

<Directory />
Options +Includes
AllowOverride All
Header unset Etag

/*we unset the Etag for efficiency in Drupal, you’re welcome to ignore this  learn more from Dries himself here http://buytaert.net/yslow */

FileETag none
</Directory>
RedirectMatch ^/(login.*)$ https://yoursite.virginia.edu/$1
RedirectMatch ^/(secure.*)$ https://yoursite.virginia.edu/$1

</VirtualHost>

<VirtualHost *:443>
ServerAdmin hslweb@gmail.com
DocumentRoot /var/www/vhosts/yoursite
ServerName yoursite.virginia.edu:443

<Directory />
Options +Includes
AllowOverride All
</Directory>

<Location /login>
AuthType NetBadge
Require valid-user
PubcookieAppId HSLwww
</Location>

<Location /secure>
AuthType NetBadge
Require valid-user
PubcookieAppId HSLwww
</Location>

Include conf.d/ssl.vhost
</VirtualHost>

Additional Resources: