moodle

mirror_php/moodle

Fork 0

mirror of https://github.com/moodle/moodle.git synced 2025-01-18 05:58:34 +01:00

History

lapsa 64a2cb2022 Introduction to use shibboleth authentication module in Moodle.

2005-03-18 09:15:00 +00:00

config.html

Document for using shibboleth authentication module with Moodle

2005-02-24 12:10:34 +00:00

lib.php

Very early version of Shibboleth plugin, looking for feedback

2004-11-08 15:08:19 +00:00

README.txt

Introduction to use shibboleth authentication module in Moodle.

2005-03-18 09:15:00 +00:00

README.txt

Shibboleth authentication for Moodle
-------------------------------------------------------------------------------
Requirements
- Shibboleth target 1.1 or later

SHIBBOLET Target configuration
-------------------------------------------------------------------------------

#### 1. Only shibboleth users are allowed use this Moodle

Just add shibboleth protection against Moodle directory.

#### 2. Shibboleth and manually added users are able to use Moodle


You need to use lazy sessions for Moodle directory. Lazy session can be
turned on by adding lines below to your .htaccess file in Moodle directory:

## Shibboleth lazy session
AuthType shibboleth
ShibRequireSession Off
require shibboleth

Lazy session allows users to access Moodle directory without having to
authenticate against shibboleth. When user authenticates against Shibboleth
the attributes which shibboleth provide get accessible ($_SERVER). These
attributes are used by Moodle to determine users identity.

For envoking shibboleth session:

1. make a directory for example moodle-proxy (in place where it's accessible
from web)
2. create index.php and add lines below (redirect to your moodle):
<?
header("Location:https://my.domain.com/moodle/login/index.php");
exit;
?>
3. Add .htaccess file in this directory which contains:

## Shibboleth authentication required
AuthType shibboleth
ShibRequireSession On
require valid-user


NEW! Modifications to login/index.php
-------------------------------------------------------------------------------
Moodle checks if user theres a shibboleth authenticated session alive. If
username attribute is found, user is considered authenticated.

Add code after line 31:

    if ($_SERVER[$CFG->shib_user_attribute]) {
       /// Log in automatically if user is has been shibboleth authenticated
        $frm->username = $_SERVER[$CFG->shib_user_attribute];
        $frm->password = "guest";
    } else {
        $frm = data_submitted();
    }


MOODLE Authentication options
-------------------------------------------------------------------------------

Shibboleth origin url: 
This is were you put the Shibboleth WAYF url address or the Shibboleth Origin
login url if WAYF is not used. If user selects shibboleth authentication
method he/she is redirected there to authenticate.

Username, First name, Surname, Email address:
The fields in authentication options are filled with the names of the
shibboleth attributes that your server provides for example:

$_SERVER['HTTP_SHIB_PNAME'] is the defined attribute in shibboleth target
configuration for username use HTTP_SHIB_PNAME in Username field at
authentication options