Drupal WRAP Module

From WolfTech
Jump to navigation Jump to search

The WolfTech WRAP Drupal module allows site administrators to use WRAP (in addition to the normal Drupal authentication scheme) to authenticate users.


In order to get the WRAP module working, your site must have a .htaccess file declaring the site as requiring WRAP protection or recognizing that WRAP protection is optional. To do this, you can either create a .htaccess file in your main Drupal directory as explained by ITD's WRAP information page, or alternatively, use WolfTech's GuardDog program to manage your .htaccess files. We recommend GuardDog, especially if you will be setting up a number of Drupal sites or deal with a large number of WRAP protected web pages.

Next, download the WRAP module from the WolfTech website and extract the files into your modules folder. You'll then want to activate the module for all users (anonymous, authenticated, and site admin). There's no real configuration required of the module, however it does include both login and logout blocks. The login block will take you to the Sysnews WRAP page, have you log in and then bounce you back to your Drupal site. The logout block will log you out of Drupal and then take you to the Sysnews WRAP logout page. This will kill the current WRAP credentials in your browser, so you may or may not want to use this block.

How It Works

When a user who has WRAP credentials set visits a Drupal page, the WRAP module checks to see if that user has a Drupal account. If that user does have an account, they are automatically logged in. If they don't have an account, they are treated just like any other user who doesn't have a Drupal account, though may be presented with a normal login box if you have it enabled.

Passwords and WRAP Accounts

One of our main priorities when developing the WRAP module for Drupal was to ensure that if someone had a Drupal account tied to their WRAP account, we wanted them to only be able to log in to their Drupal account when WRAP protected. For this reason, the WRAP module adds an administrative page that allows Drupal administrators to lock a Drupal WRAP account with a special password hash so that the account can only be logged in via WRAP.

We do this because it is impossible from within Drupal to perform a normal login on an account with this hash a password. Therefore the only way that the account can be logged on to is by using the WRAP module and having the user be WRAP protected. The other thing this allows us to do is make it so that if a user is initially logged in to WRAP, visits Drupal, is automatically logged in and then removes their WRAP credentials they will be logged out of Drupal on their next page view. Basically, if a Drupal user has an account with a this particular password their account can only be accessed when they are logged in to WRAP.

Keep in mind this is not mandatory -- if you want users to be able to log in to WRAP users accounts without being WRAP protected, you do not need to use the newly added page.

Potential Issues

If you're experiencing issues with double logins or logins not working properly the first time, it may be related to caching of your pages. Per a user "it turns out hook_init doesn't run on cached pages. I turned off the Drupal cache for unauthenticated users and that fixed it. Now it always works on the first try."


The Drupal 5 WRAP Module can be found at: http://www.wolftech.ncsu.edu/drupal_dev/drupal5/wrap5-1.3.rar

The Drupal 6 WRAP Module can be found at: http://www.wolftech.ncsu.edu/drupal_dev/drupal6/wrap6-2.1.rar