Difference between revisions of "Drupal WRAP Module"

The WolfTech WRAP Drupal module allows site administrators to use WRAP (in addition to the normal Drupal authentication scheme) to authenticate users.

Installation

In order to get the WRAP module working, your site must have a .htaccess file declaring the site as requiring WRAP protection or recognizing that WRAP protection is optional. To do this, you can either create a .htaccess file in your main Drupal directory as explained by ITD's WRAP information page, or alternatively, use WolfTech's GuardDog program to manage your .htaccess files. We recommend GuardDog, especially if you will be setting up a number of Drupal sites or deal with a large number of WRAP protected web pages.

Next, download the WRAP module from the WolfTech website and extract the files into your modules folder. You'll then want to activate the module for all users (anonymous, authenticated, and site admin). There's no real configuration required of the module, however it does include both login and logout blocks. The login block will take you to the Sysnews WRAP page, have you log in and then bounce you back to your Drupal site. The logout block will log you out of Drupal and then take you to the Sysnews WRAP logout page. This will kill the current WRAP credentials in your browser, so you may or may not want to use this block.

How It Works

When a user who has WRAP credentials set visits a Drupal page, the WRAP module checks to see if that user has a Drupal account. If that user does have an account, they are automatically logged in. If they don't have an account, they are treated just like any other user who doesn't have a Drupal account, though may be presented with a normal login box if you have it enabled.

Passwords and WRAP Accounts

One of our main priorities when developing the WRAP module for Drupal was to ensure that if someone had a Drupal account tied to their WRAP account, we wanted them to only be able to log in to their Drupal account when WRAP protected. For this reason, we have set all WRAP users' passwords to a special hash in the database (Note: this is something that has to be done in the users table of your Drupal database. It cannot be done from within Drupal). Please contact wolftech-webmaster@ncsu.edu if you're interested in the hash.

We do this because it is impossible from within Drupal to perform a normal login on an account with this hash a password. Therefore the only way that the account can be logged on to is by using the WRAP module and having the user be WRAP protected. The other thing this allows us to do is make it so that if a user is initially logged in to WRAP, visits Drupal, is automatically logged in and then removes their WRAP credentials they will be logged out of Drupal on their next page view. Basically, if a Drupal user has an account with a this particular password their account can only be accessed when they are logged in to WRAP.

Keep in mind this is not mandatory -- if you want users to be able to log in to WRAP users accounts without being WRAP protected , you do not need to reset the passwords to our hash.