Auto-configure the Shibboleth module

You can see the full details at https://web.osu.edu/technical-support/drupal-support/drupal-shib/ but here's the abridged version:

Add the following to the top of the .htaccess file:

# Shib lazy session
AuthType Shibboleth
ShibRequireSession Off
ShibUseHeaders On
Require Shibboleth

Find the following mod_rewrite rule within the .htaccess file and adjust it to ignore the Shib endpoint:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteCond %{REQUEST_URI} !^/Shibboleth.sso($|/)             <-- add this line
RewriteRule ^ index.php [L]

Finally set the following config options for the Shibboleth module with whatever method you have. (features module?)

General Settings tab:

• Shibboleth login handler URL – https://yoursite.osu.edu/Shibboleth.sso/Login
• Shibboleth logout handler URL – https://yoursite.osu.edu/Shibboleth.sso/Logout
• Force HTTPS on login – checked
• Server variable for username – REMOTE_USER
• Server variable for e-mail address – HTTP_EMAIL

Advanced Settings tab

• Destroy Drupal session when the Shibboleth session expires – checked

That should be about it. It'll be up to them to go in and set Shib to be the default login handler since they will need the local admin account at first to get things going.