Hi,
We've developped a CAS Module for Moodle based on the LDAP one. What is the procedure to submit this module to Moodle team ?
Email it to me, please. What is CAS?
It was briefly discussed a few months ago:
Re: Presenting Moodle within a Portal/CMS
by Sam Ottenhoff - Thursday, 2 December 2004, 01:51 AM
http://moodle.org/mod/forum/discuss.php?d=15627#75275 (Sam's comment)
http://moodle.org/mod/forum/discuss.php?d=15627#75345
http://moodle.org/mod/forum/discuss.php?d=15627#75452 (Sam's explanation)
Re: Presenting Moodle within a Portal/CMS
by Sam Ottenhoff - Thursday, 2 December 2004, 01:51 AM
http://moodle.org/mod/forum/discuss.php?d=15627#75275 (Sam's comment)
http://moodle.org/mod/forum/discuss.php?d=15627#75345
http://moodle.org/mod/forum/discuss.php?d=15627#75452 (Sam's explanation)
I am not sure who is maintaining the CAS login module for the Moodle 1.5
I was testing the cas login and found some problems.
In the auth/cas/languages.php, the array varible needs to be small letters as $caslanguages. It is used auth/cas/config.html as small letters or the one in the auth/cas/config.html file would have to made all capital letters as $CASLANGUAGES.
Also, l thing in the /auth/cas/lib.php you need to comment out some of the libraries it import as follows:
define('AUTH_LDAP_NAME', 'cas'); // for ldap module
//require_once($CFG->dirroot.'/config.php');
//require_once($CFG->dirroot.'/auth/ldap/lib.php');
require_once($CFG->dirroot.'/lib/cas/CAS.php'
If this is done, then CAS authentication does OK.
Let me know what you think.
Is anybody there?
Yes there is !
Thanks, i've not seen the post before (to much mails).
I'll do the modifications soon in CVS.
Ok
The $CASLANGAGES modif is in CVS.
The comment modifications can't be done because i need the ldap lib.
Thanks and sorry for delay because of Hollidays with SUN and SEA.
Cheers
Romuald
Thanks for changing the variable. That works now.
If the libraries are now commented out, l am not able to login. I get this in the error log.
PHP Fatal error: Cannot redeclare auth_user_login() (previously declared in /var/www/html/moodle15/auth/ldap/lib.php:46) in /var/www/html/moodle15/auth/manual/lib.php on line 4, referer: http://localhost/moodle15/
Any ideas to fix that without commenting the library out?
If the libraries are now commented out, l am not able to login. I get this in the error log.
PHP Fatal error: Cannot redeclare auth_user_login() (previously declared in /var/www/html/moodle15/auth/ldap/lib.php:46) in /var/www/html/moodle15/auth/manual/lib.php on line 4, referer: http://localhost/moodle15/
Any ideas to fix that without commenting the library out?
I look at this today,
But it's stange because i don't have this error. You shoul'd have it with every auth module !!!
Romuald
But it's stange because i don't have this error. You shoul'd have it with every auth module !!!
Romuald
Got it, It's when i log with anonymous login !
Can you confirm this point !
Thanks Romuald
Can you confirm this point !
Thanks Romuald
I've done something that seem to work but i'm not happy with the way i've done it.
I didn't find the origin of the problem. Seem there are 2 imports of lib(manual and ldap) in conflict. But can't find the manual import !!!!
So i just import ldap one when needed.
I think it's ok now.
Bye an thanks for the bug signalment.
Cheers,
Romuald
I didn't find the origin of the problem. Seem there are 2 imports of lib(manual and ldap) in conflict. But can't find the manual import !!!!
So i just import ldap one when needed.
I think it's ok now.
Bye an thanks for the bug signalment.
Cheers,
Romuald
I get this whether l log in as an user.
For the log out, when you click on it, it will log you out of the CAS. Hence if you have any application using CAS, then you will have to login again with username/password. This then defeats the SSO method. Will it be possible to add an option to the SSO method which controls how to login say
Logout out of : Moodle_only or CAS_and_Moodle option.
This way, l can choice the option to logout of only from Moodle and other applications still using CAS can still conitnue to use the SSO.
Also, can the CAS logout be be redirected back to the $CFG->wwwroot variable after logging out of CAS?
Does this make sense?
Let me know. Thanks for any help.
For the log out, when you click on it, it will log you out of the CAS. Hence if you have any application using CAS, then you will have to login again with username/password. This then defeats the SSO method. Will it be possible to add an option to the SSO method which controls how to login say
Logout out of : Moodle_only or CAS_and_Moodle option.
This way, l can choice the option to logout of only from Moodle and other applications still using CAS can still conitnue to use the SSO.
Also, can the CAS logout be be redirected back to the $CFG->wwwroot variable after logging out of CAS?
Does this make sense?
Let me know. Thanks for any help.
That's a good idea,
I'll add this option if i can. For now, i've got too things:
- don't ask for cas authentication whenalready authenticate and anonymous login is activate.
- choose to logout or not from cas when logout button is clicked.
I just need time to have a look on that.
cheers,
Romuald
I'll add this option if i can. For now, i've got too things:
- don't ask for cas authentication whenalready authenticate and anonymous login is activate.
- choose to logout or not from cas when logout button is clicked.
I just need time to have a look on that.
cheers,
Romuald
This code in the function authenticate_user_login in the moodlelib solved the problem.
if (empty($user->auth)) { // For some reason it isn't set yet
if (!empty($user->id) && (isadmin($user->id) || isguest($user->id))) {
$auth = 'manual'; // Always assume these guys are internal
} else {
$auth = $CFG->auth; // Normal users default to site method
}
// update user record from external DB
if ($user->auth != 'manual' && $user->auth != 'email') {
$user = update_user_record($username);
}
} else {
//solve CAS anonymous authentication fatal error
if ($user->username!='guest'){
$auth = $user->auth;
}else{
$auth = $CFG->auth;
}
}
if (empty($user->auth)) { // For some reason it isn't set yet
if (!empty($user->id) && (isadmin($user->id) || isguest($user->id))) {
$auth = 'manual'; // Always assume these guys are internal
} else {
$auth = $CFG->auth; // Normal users default to site method
}
// update user record from external DB
if ($user->auth != 'manual' && $user->auth != 'email') {
$user = update_user_record($username);
}
} else {
//solve CAS anonymous authentication fatal error
if ($user->username!='guest'){
$auth = $user->auth;
}else{
$auth = $CFG->auth;
}
}
Hello
We are going down the route of using uPortal for our staff/student intranet and we also use Moodle. I see the posts here are quite old and am hoping somebody picks them up!
Have there been any further developments in the uPortal/Moodle integration? We are currently using Moodle 1.9.3+ (Build: 20081029) and uPortal 3
We have today got a successful authentication using CAS/Ldap against our (Novell) E Directory
This was only acheived with support from Unicon.
So if anybody has a further news on developments or tips/tricks etc we would love to hear of them.
Regards
Dave
We are going down the route of using uPortal for our staff/student intranet and we also use Moodle. I see the posts here are quite old and am hoping somebody picks them up!
Have there been any further developments in the uPortal/Moodle integration? We are currently using Moodle 1.9.3+ (Build: 20081029) and uPortal 3
We have today got a successful authentication using CAS/Ldap against our (Novell) E Directory
So if anybody has a further news on developments or tips/tricks etc we would love to hear of them.
Regards
Dave
So I take it from the lack of replies that nobody is using uPortal and Moodle, or no-one has successfully used the two together????
Hi David, I have been looking for the same information but found nothing so far. If I do, I'll let you know.
Hi Romuald,
I am trying to integrate my CAS server with moodle. But getting some version issue.
I am using Moodle 1.9.7 and my CAS version is 3.3.1.
The message I am getting is
phpCAS error: phpCAS::client(): this version of CAS (`3.3.1') is not supported by phpCAS 0.5.1-1 in /data/moodle/moodledev/en/auth/cas/auth.php on line 183
If you will say that I'll have to upgrade my phpCAS version, could you please guide how to do that.
Cheers,
Jaswant
I am trying to integrate my CAS server with moodle. But getting some version issue.
I am using Moodle 1.9.7 and my CAS version is 3.3.1.
The message I am getting is
phpCAS error: phpCAS::client(): this version of CAS (`3.3.1') is not supported by phpCAS 0.5.1-1 in /data/moodle/moodledev/en/auth/cas/auth.php on line 183
If you will say that I'll have to upgrade my phpCAS version, could you please guide how to do that.
Cheers,
Jaswant
You only need to take de CAS.php from http://www.jasig.org
I'm trying CAS 2.0 with the moodle 1.9.7 and I'm having lot of trouble. In the login page I get lot of warnings and then the user is redirected to de CAS server website (they don't login inside moodle, they are been taken outside de site).
I'm trying CAS 2.0 with the moodle 1.9.7 and I'm having lot of trouble. In the login page I get lot of warnings and then the user is redirected to de CAS server website (they don't login inside moodle, they are been taken outside de site).
Notice: Undefined index: indent in /moodle/auth/cas/CAS/CAS.php on line 505
Notice: Undefined index: filename in /moodle/auth/cas/CAS/CAS.php on line 433
Notice: A session had already been started - ignoring session_start() in /moodle/auth/cas/CAS/client.php on line 483
Warning: Cannot modify header information - headers already sent by (output started at /moodle/auth/cas/CAS/CAS.php:505) in /moodle/auth/cas/CAS/client.php on line 856
Notice: Undefined index: filename in /moodle/auth/cas/CAS/CAS.php on line 433
Notice: A session had already been started - ignoring session_start() in /moodle/auth/cas/CAS/client.php on line 483
Warning: Cannot modify header information - headers already sent by (output started at /moodle/auth/cas/CAS/CAS.php:505) in /moodle/auth/cas/CAS/client.php on line 856
CAS Authentication wanted!
You should already have been redirected to the CAS server. Click here to continue.
Then I get this error:
phpCAS 0.5.1-1 using server https://cas.upc.edu:443/login?/ (CAS 2.0)
But theorically the CAS version of Moodle is already 2.0 and not 0.5.1-1... anyone has that problem too?
In reply to Raimon Lapuente
This forum post has been removed
The content of this forum post has been removed and can no longer be accessed.
I have solved the problem for 1.9.8.
I don't think it will be any difference with 1.9.7. Basically I disabled the LDAP connection (because the CAS Server is who makes the check of the user not LDAP (its hidden and not accessible).
The warnings are (I think) issues about the CAS libraries with the Moodle CAS plugin, maybe they just wait the source to update...
May be if you ask a concrete question I may help...
I don't think it will be any difference with 1.9.7. Basically I disabled the LDAP connection (because the CAS Server is who makes the check of the user not LDAP (its hidden and not accessible).
The warnings are (I think) issues about the CAS libraries with the Moodle CAS plugin, maybe they just wait the source to update...
May be if you ask a concrete question I may help...
As I say here (http://moodle.org/mod/forum/discuss.php?d=145788#p648619) the version of phpCAS has just been upgraded to the latest one, and the notices and warnings should be gone.
With respect to the version numbers, there's the phpCAS library version (latest is 1.1.0 right now), the JA-SIG CAS server version (latest is 3.4.2 right now), and the CAS protocol itself, which can be either 1.0 or 2.0 depending on the CAS server version you are using.
With the latest phpCAS library (which has just been committed to Moodle 1.9.x and 2.0) you should be able to use CAS 1.0 or 2.0 with any JA-SIG CAS server version up to the latest.
Saludos, Iñaki.
Hi,
I understand that CAS is YaleCAS, and SSO single sign-on. We at ULPGC are very interested in such a module. Could you just package in zip file and post it attached in this forum?
Martin, I can try to get IT staff people from my university, ULPGC, to further develop it, if necessary. Single sign-on is the piece we need to combine together many of our web tools (as many universities). I will need to ask heavily, and cry a lot, but I think this opportunity deserves it.
- Enrique -
I understand that CAS is YaleCAS, and SSO single sign-on. We at ULPGC are very interested in such a module. Could you just package in zip file and post it attached in this forum?
Martin, I can try to get IT staff people from my university, ULPGC, to further develop it, if necessary. Single sign-on is the piece we need to combine together many of our web tools (as many universities). I will need to ask heavily, and cry a lot, but I think this opportunity deserves it.
- Enrique -
Hi,
PhpCAS is a module you can use with a CAS server to have a SSO. We use U-portal so when you are log in this portal, you can go in Moodle and be automaticaly autentified without any login screen. Because we use the LDAP Module to, you can insert informations from the LDAP during the Moodle/CAS authentication.
Same, when you go from Moodle to an application that use CAS to, you don't have to athentify you.
We are a groupment of french universities. We have over 80000 students and teachers. So for us this authentification system is very very important.
I think all the ones with a portal and SSO needs something like this.
We've done it. I think i can send it to you next week. For now i can tell you modifications we've made:
- a /auth/cas module
- /login modifications to use or not the cas module and use anonymous login with cas(in fact it's a bypass of CAS because anonymous login is forbidden in CAS).
- /lang/fr moodle.php auth.php
- /lang/en moodle.php auth.php
Todo: verifications / documentations.
Here is a screenshot of the admin screen (sorry in french).
So interested ?
PhpCAS is a module you can use with a CAS server to have a SSO. We use U-portal so when you are log in this portal, you can go in Moodle and be automaticaly autentified without any login screen. Because we use the LDAP Module to, you can insert informations from the LDAP during the Moodle/CAS authentication.
Same, when you go from Moodle to an application that use CAS to, you don't have to athentify you.
We are a groupment of french universities. We have over 80000 students and teachers. So for us this authentification system is very very important.
I think all the ones with a portal and SSO needs something like this.
We've done it. I think i can send it to you next week. For now i can tell you modifications we've made:
- a /auth/cas module
- /login modifications to use or not the cas module and use anonymous login with cas(in fact it's a bypass of CAS because anonymous login is forbidden in CAS).
- /lang/fr moodle.php auth.php
- /lang/en moodle.php auth.php
Todo: verifications / documentations.
Here is a screenshot of the admin screen (sorry in french).
So interested ?
For reference:
We are associated with the Esup Team. It's the portal we are using and developping. I'm not directly in that team but persons of this team work with me for the Cassification of Moodle. They are in the same structure as me.
So this explain that ....
Oh ! Mark, I see that i've already put a post in that discussion.
We are associated with the Esup Team. It's the portal we are using and developping. I'm not directly in that team but persons of this team work with me for the Cassification of Moodle. They are in the same structure as me.
So this explain that ....
Oh ! Mark, I see that i've already put a post in that discussion.
Hi Romuald,
These are terrific news!! That's the kind of solution I've advocating at ULPGC (next month we will reach 20000 students within Moodle). I knew PubCookie and Yale's CAS, and phpCAS. But only in december we have got an LDAP server, and we are not using it with Moodle yet. Our Web dev team (separate from Moodle team) seems quite reluctant to use either PubCookie or CAS, they say that "not meet ULPGC requirements". I wonder what kind of "special needs" we have that Yale University, or your 80K students University do not suffer of. I hope that seen a working system as yours will serve as a revulsive to speed up development in that direction here.
I would really appreciate if you could be a little more informative about which french Universities are part of that group (your Moodle profile info is quite scarce). And if you have a public or (or guest accesible) Moodle site using CAS (as a Demo site), that would be marvellous.
These are terrific news!! That's the kind of solution I've advocating at ULPGC (next month we will reach 20000 students within Moodle). I knew PubCookie and Yale's CAS, and phpCAS. But only in december we have got an LDAP server, and we are not using it with Moodle yet. Our Web dev team (separate from Moodle team) seems quite reluctant to use either PubCookie or CAS, they say that "not meet ULPGC requirements". I wonder what kind of "special needs" we have that Yale University, or your 80K students University do not suffer of. I hope that seen a working system as yours will serve as a revulsive to speed up development in that direction here.
I would really appreciate if you could be a little more informative about which french Universities are part of that group (your Moodle profile info is quite scarce). And if you have a public or (or guest accesible) Moodle site using CAS (as a Demo site), that would be marvellous.
Well, i've complete my profile page.
It's complicated to do a demo Moodle CAS site because to connect to the plateform you have to be in the LDAP and recognize by the portal ESup.
We think to use the demo user of the portal to do a demonstration site but it's not our priority.
OK Romuald, that's enough
You know, it's not the same to tell to the big bosses "hey, there is a guy called Romulad that says that CAS is a good thing" or "The University of Rennes has a virtual Campus serving 80000 students with Moodle and CAS". I was not asking for a demo of the CAs feature, I apologuize if you feel any pressure on that. Just a web address to point to and see how you site looks.
I am eager to see the module you have developed.
Thanks a lot!!
- Enrique -
You know, it's not the same to tell to the big bosses "hey, there is a guy called Romulad that says that CAS is a good thing" or "The University of Rennes has a virtual Campus serving 80000 students with Moodle and CAS". I was not asking for a demo of the CAs feature, I apologuize if you feel any pressure on that. Just a web address to point to and see how you site looks.
I am eager to see the module you have developed.
Thanks a lot!!
- Enrique -
We've done it.
Ok, this is the Cas Module for Moodle in the state of the art.
There is only the files to add/replace for a 1.4.3 Moodle version. So just replace.
Go in Authentification admin and choose CAS. Next, just play.
Any feedback will be appreciate.
Thanks in advance.
Romuald
I have download the file and added it to my moodle setup but cannot see any CAS login.
Can you please outline the steps to adding the files.
Which file goes where?
Any database table insertion or any other setup required.
Thank you very much in advance.
B.
Can you please outline the steps to adding the files.
Which file goes where?
Any database table insertion or any other setup required.
Thank you very much in advance.
B.
Romuald, I'm giving it a look now. Have you tested it against 1.5? Given that I don't have access to CAS (and I don't really know that much about it), I cannot judge whether it works or not ;)
We've done a version for 1.5 but this cas module need the modification of login module too. This module have to be change for the 1.5.
The part of your ldap module i use is: .. All.
I've change the function auth_user_login. The other thing i've to change is the 'ldap' code you use by 'cas'.
In the auth_get_users of my 1.4.3+ version, i've done modifications, it could interest you. Fisrt I've clear returned text because i've people with ' in their name like N'GO MA. I've also add an else case to put the name of the attribute in the value if the attribute is not in LDAP. Like this, i can put fixed values in fields. For exemple, i haven't the country information in my LDAP. But i know that every user is french. So i put FX in the coutry attribute in the parameter screen and so, the country field of users take FX value.
foreach ($attrmap as $key=>$value){
if(isset($users[$ldapuser][$value][0])){
$user->$key=$users[$ldapuser][$value][0];
$user->$key = *addslashes(clean_text(stripslashes($user->$key), FORMAT_MOODLE));*
* }else{
//Modif RLR pour import LDAP
$user->$key=$value;
}
* } I hope it could help.
Romuald
In fact, the more i look the code of the two modules, the more i think it's the same module. I just come on top of yours by adding a CAS call 
.
.
I'm using the last build I think. It seem there's a bug. In auth_ldap_connect function:
foreach ($urls as $server){
$url = trim($url);
instead of:
foreach ($urls as $server){
$url = trim($server);
Yes, I see you're using all of it
By the way, it's not "my" module -- Petri Asikanen is the original author, he's just been busy lately. Let's say that I'm covering for him, and added a few things in 1.5 (which is a bit buggy right now).
I've looked at the zipfile, checked out the README, and so I come to you with a couple questions about the changes to the LDAP auth code...
- Does CAS use LDAP? (I'm not familiar with CAS, stupid question? ;)
- The change you're describing to deal with names with apostrophes shouldn't be needed. If there's an apostrophe, it'll be escaped and stored correctly in the database. Is there any reason to remove it? (In early 1.4.3 sometimes we didn't escape them correctly, but it shouldn't be needed).
- You're checking for some config values, here's my notes on them:
- auth (your code won't be called if it's not 'cas' ;)
- cas_use_cas -- redundant with auth==='cas' unless you want to block students from logging in during maintenance; but 1.5 has that feature separately
- cas_create_user -- tell me more about this. Do you see any scenario where you do _not_ want to create the user?
If I just look at that modified lib.php file, I can see CAS just using LDAP. I read the rest ofthe code, however, and I don't understand where the CAS library (cas/CAS/CAS.php) fits in. I see that at least some of that code comes from your uni, so I assume that it's all under the GPL?
If that lib is safe to include in Moodle, then it should land in lib/cas... is that the stuff that Eloy linked from Sourceforge?
So far, really promising.
The files in login are a bit more tricky. Can you give me a bit of a walkthrough of how they work?
(great work, btw)
By the way, it's not "my" module -- Petri Asikanen is the original author, he's just been busy lately. Let's say that I'm covering for him, and added a few things in 1.5 (which is a bit buggy right now).
I've looked at the zipfile, checked out the README, and so I come to you with a couple questions about the changes to the LDAP auth code...
- Does CAS use LDAP? (I'm not familiar with CAS, stupid question? ;)
- The change you're describing to deal with names with apostrophes shouldn't be needed. If there's an apostrophe, it'll be escaped and stored correctly in the database. Is there any reason to remove it? (In early 1.4.3 sometimes we didn't escape them correctly, but it shouldn't be needed).
- You're checking for some config values, here's my notes on them:
- auth (your code won't be called if it's not 'cas' ;)
- cas_use_cas -- redundant with auth==='cas' unless you want to block students from logging in during maintenance; but 1.5 has that feature separately
- cas_create_user -- tell me more about this. Do you see any scenario where you do _not_ want to create the user?
If I just look at that modified lib.php file, I can see CAS just using LDAP. I read the rest ofthe code, however, and I don't understand where the CAS library (cas/CAS/CAS.php) fits in. I see that at least some of that code comes from your uni, so I assume that it's all under the GPL?
If that lib is safe to include in Moodle, then it should land in lib/cas... is that the stuff that Eloy linked from Sourceforge?
So far, really promising.
The files in login are a bit more tricky. Can you give me a bit of a walkthrough of how they work?
(great work, btw)
Ok,
Cas explain: Cas is a server for Single Sign On. The server is using an LDAP to do the authentication. When you connect to a 3Cassified" application, next you can go in any other "Cassified" application without login again. In our university we are using U-portal (e-sup version). So you connect to th portal. Next you can go to Moodle from the portal without new authentication phse. That's why i need to modify login Module.
-auth: in fact, my problem is that you use the word ldap in some functions. But for cas module word should be cas so i've to modify the code (in SQL statements for example).
- cas_use_cas. I can desactivate Cas to just use an ldap authentication. To use cas you need a Cas Server wich do the sso. If, for any reason this server is down, i can use directly the ldap. No SSO in this case, but Moodle acces with Moodle authentication .
-cas_create_user. I import users from my LDAP all night with filters. I don't want people, even if they are in the LDAP to connect to Moodle if not in this import. So you can connect to Moodle only if you are already in (by the import).
-The CAS module is in sourceforge. I've change my readme for the 1.5 to refer to it. The adresse is: http://esup-phpcas.sourceforge.net. I prefer to let it separeted. Easier to maintain, just a directory to copy.
Martin,
I've done little refactoring in Cas CVS, i think you can look what i've done and you will see the differences between Cas and LDAP functions ....
Todo:
- Refactoring /login
- Merging Cas and LDAP ?
- Clear the code
- Refactoring of parameters Screen (with LDAP last version)