...
Here is an example of the General Settings for the authentication module when used at MIT. Click on the image to enlarge it. 
The entries in the screen shot above assume that you have used the MIT shell script to configure your shibboleth.xml file. You should check your xml file. Within the "Applications" section, look for the SessionInitiator section. You should have one SessionInitiator that is defined as:
| Code Block |
|---|
<SessionInitiator id="ISDA" Location="/Touchstone" Binding="urn:mace:shibboleth:sp:1.3:SessionInit
wayfURL="https://idp-mit-edu.ezproxy.canberra.edu.au/WAYF/WAYF" wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" />
|
The SessionInitiator shown above will direct users to the WAYF (Where Are You From) server. This is appropriate if you have an application that will support users from outside of MIT as well as users that have an MIT Kerberos username.
If your application is intended to only be accessible to users that have an MIT Kerberos username then you should have a SessionInitiator as follows:
| Code Block |
|---|
<SessionInitiator id="MIT" Location="/MIT-only" Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
wayfURL="https://idp-mit-edu.ezproxy.canberra.edu.au/shibboleth-idp/SSO" wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" />
|
If you want to use this second SessionInitiator, then you should enter "/MIT-only" into the WAYF field in the Drupal settings page.
Here is an example of configuring the Group Rules when using Drupal 6. Click on the image to enlarge it. 