Pubcookie + Drupal 7 + fresh CentOS server was a nightmare. But its done and works great!

Pubcookie + Drupal 7 + fresh CentOS server was a nightmare. But its done and works great!

Update:

I am attaching my .htaccess file in hopes that it helps. Click here. Obviously the .htaccess file is in my root site directory.

Background:
At the university here, we use something called Netbadge to authenticate users for all websites university related. Basically, Netbadge = Pubcookie. The problem is, this is a royal pain to build out

Solution:
Before I could begin, I needed an SSL encryption on my server and hostname. I will not go into detail on how to do that here mainly because everyone's setup differs GREATLY! 

Once complete, it is time to setup Pubcookie. At the university they offer a preconfigured installable file that will install Pubcookie for you. Awesome! Except that it only runs on 64bit servers and I just happen to be using a 32bit server. So I have to do it from scratch.

So go to pubcookie's (i got tired of capitalizing words) website and download their latest build to the webserver, extract it, and change directory into it. For me, that looked like this: cd /etc/pubcookie-3.3.4a [enter]. Once you are in the directory do ./configure [enter] ... give it some time and this should complete without error. If it does error you are most likely missing a module for apache. For me, i was missing gcc so just yum install gcc [enter]. If you want to just do them all at once, yum install gcc mod_ssl openssl-devel httpd-devel [enter]. 

So now that the ./configure ran successfully it is time to run make. Now the ITS site for the university states to just run these commands: make [enter] make install [enter]. However this failed, miserably. I spent hours trying to figure out why until i found that this works: make top_builddir=/usr/lib/httpd [enter] and then make top_builddir=/usr/lib/httpd install[enter]. After this you will need to tell Apache to load pubcookie. So i created a pubcookie.conf file and place it in /etc/httpd/conf.d/ with the following information (note, this is specific to my situation):

LoadFile /usr/lib/libcrypto.so

LoadModule pubcookie_module modules/mod_pubcookie.so

PubcookieGrantingCertFile  /usr/local/pubcookie/keys/pubcookie_granting.cert

PubcookieSessionCertFile   /etc/pki/tls/certs/cvrc.crt

PubcookieSessionKeyFile    /etc/pki/tls/private/cvrc.key

PubcookieKeyDir            /usr/local/pubcookie/keys

PubcookieDomain            .virginia.edu

PubcookieAuthTypeNames     Pubcookie NetBadge EnhancedNetBadge

PubcookieLogin             https://netbadge.virginia.edu/

PubcookieLoginMethod       POST

 

# Disable inactivity timeout by default.

 

<Directory "/">

PubcookieInactiveExpire   -1
</Directory>

Restart apache: service httpd restart and it should restart with no errors. If it does, check your apache logs. Most likely your cert or key files are not in the right place. Ok your done, now onto configuring pubcookie for Drupal.

Drupal Install:
Install the pubcookie module and enable it. (watch out for another module called pubcookie site access, i would leave this one disabled for now as it will give you an access denied area until you add usernames to its list).

Now go to configuration -> people -> pubcookie and set as follows (again this is for my university):

Save it. Most likely you are not done. I have seen mixed results. Typically you have one more step to do which took me the longest to figure out.

Edit the .htaccess file in the root directory of your website and do the following:

RewriteEngine On
RewriteCond %{REQUEST_URI} !=/PubCookie.reply

This will fix the error of pubcookie not being able to redirect correctly upon successful login. The error you receive is: The requested page "/PubCookie.reply" could not be found. This happens because after you login, your browser POSTs pubcookie credentials to /PubCookie.reply on your server. This isn't an actual URL, but it belongs to and is recognized by the pubcookie apache module. 

EDIT*

My virtual host file:
<VirtualHost *:80>
    ServerName cvrc
    ServerAlias finance.cvrc.virginia.edu
    DocumentRoot /var/www/html/cvrc/
    RedirectMatch ^/(.*)$ https://finance.cvrc.virginia.edu
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/cvrc.crt
    SSLCertificateKeyFile /etc/pki/tls/private/cvrc.key
    ServerName cvrc
    ServerAlias finance.cvrc.virginia.edu *.finance.cvrc.virginia.edu
    DocumentRoot /var/www/html/cvrc/
    <Location /login>
        AuthType NetBadge
        Require valid-user
        PubcookieAppId cvrc
    </Location>
    <Location /secure>
        AuthType NetBadge
        Require valid-user
        PubcookieAppId cvrc
    </Location>
</VirtualHost>

about the author

David Leary

related posts