Moodle in English: OpenID Plugin for Moodle 1.6 now available

Greetings, all,

We just released some code that OpenID enables Moodle -- the code is currently for 1.6 only -- we would welcome collaborating with any devs interested in porting this for 1.7 or 1.8.

The announcement is available here: http://openacademic.org/news/?p=19

For the ReadMe.txt: http://wiki.openacademic.org/index.php/OpenID_Moodle

For those who want to skip the blather (recommended

) and just get the code: http://code.google.com/p/oamoodleopenid/

Cheers,

Bill

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Monday, 15 January 2007, 10:30 AM

Interesting! If it works with 1.6, it'll work ok with 1.7

There you go, that's an easy port!

For 1.8 we have some changes in the API to allow multiple auth plugins to work at the same time. Have you had a chance to look at that? (If you have questions in the process of porting to 1.8, we are keen to lend a hand; please ask in this forum or in the authentication plugins forum).

OpenID can probably be a good complement to the work we've just done with Moodle Network. Good stuff! Why does it use GMP? (I'm curious!)

(It doesn't quite follow Moodle code conventions though... )

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Bill Fitzgerald - Thursday, 18 January 2007, 12:48 AM

Hello, Martin,

Thanks for the info on the 1.7 port -- if only it was always that simple

We haven't looked into 1.8 yet, but I like the sound of multiple authentication methods supported simultaneously -- anything that provides options == Good Thing (tm)

RE: "Why does it use GMP?" This thread sheds more light on the subject...

RE: " OpenID can probably be a good complement to the work we've just done with Moodle Network." -- agreed -- I'd love to talk with you about overlaps -- feel free to contact me at bill (at) openacademic (dot) com -- while I love wheels, I don't particularly enjoy reinventing them.

Cheers,

Bill

Average of ratings: -

Re: OpenID Plugin - MoodleNetwork and OLPC

by Martín Langhoff - Thursday, 18 January 2007, 5:50 AM

Hi Bill,

any idea why it wants to implement Diffie-Hellman in PHP? The OpenSSL PHP extension is both faster and more widely installed than the GMP extension. Does your plugin's config page check for extension_loaded() and warn users if it's missing?

Re moodle network, we can bash it out here in the forums (I suspect other people will be interested too). Also, I'll probably do some work on your plugin once the OLPC guys have their OpenID infrastructure a bit more sorted.

Here's a bit more info: http://mailman.laptop.org/pipermail/sugar/2006-December/000907.html

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martin Dougiamas - Monday, 19 February 2007, 10:27 AM

Thanks, Bill!

Has anyone ported it to 1.8 yet? I'd love to put this in core.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Bill Fitzgerald - Monday, 19 February 2007, 12:35 PM

Hello, Martin,

Not that I know of -- while getting that done is on our roadmap, we are also sorting out other priorities, including a lightweight solution for importing/exporting content between Drupal, Moodle, and Mediawiki --

We would love to work with someone to get this ported to 1.8 -- if anyone is interested, please get in touch --

Cheers,

Bill

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Monday, 19 February 2007, 2:44 PM

I'll probaby tackle a 1.8 port if no-one beats me to it.

Mostly for the OLPC project which is setting up its auth framework to use OpenID. I reviewed the plugin code a bit and for it to be maintainable in core we probably need to split out the bits that are imported from elsewhere (and have their own coding style) and the moodle-specific code which should be IMHO Moodle style.

BTW, Luke Hudson now has a quite polished MediaWiki/Moodle SSO, based on MartinD's work for docs.moodle.org. I don't know where it is, but I'm sure it's somewhere in http://git.catalyst.net.nz/gitweb - Luke?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Bill Fitzgerald - Monday, 19 February 2007, 4:16 PM

Hello, Martin,

By all means, take it apart and make it Moodle-friendly -- we are primarily a Drupal shop, and our goal in working with this was to establish different levels of trust within the OpenID authorization -- we wanted something that Just Worked -- we would love to see this code taken up, improved, and maintained by someone who knows the Moodle codebase better than us --

I'd love to see the Moodle/Mediawiki SSO -- I took a quick look at the link you provided above, but nothing jumped out at me.

Cheers,

Bill

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Anil Sharma - Thursday, 10 May 2007, 1:09 AM

and i'd love to see a simple Moodle / Elgg SSO !

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Saturday, 7 July 2007, 12:08 PM

I am going through the code, attempting to make an auth module for 1.8 with it. Interested in hearing from users of the code...

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Greg Lund-Chaix - Tuesday, 10 July 2007, 5:58 AM

I, for one, would be thrilled to see a 1.8 OpenID module. We're working on adding OpenId auth to the whole suite of tools we're running for the Oregon Virtual School District project.

-Greg

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Saturday, 4 August 2007, 7:22 AM

Hi. I'm currently working on an OpenID auth plugin for Moodle 1.8. If all goes to plan then I'm expecting to publish the first release during the early part of next week (commencing 5th Aug 2007). This plugin does OpenID 1.1 plus an optional (simple) implementation of Identifier Select (based on the OpenID 2.0 feature) against a single fixed provider. I'll post a follow up to this when the code is publicly available.

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Wednesday, 8 August 2007, 4:37 AM

OK, the first public release of the OpenID auth plugin for Moodle 1.8 is now available. This has been developed on Moodle 1.8.1 (2007021510).

I've added it as a 3rd party module:
http://moodle.org/mod/data/view.php?d=13&rid=928

Shortcut to the zip:
http://pdl.uk.com/moodle-openid/moodle-openid-r3.zip

Project home, source repository, bug tracking, etc. is at:
https://launchpad.net/moodle-openid

This is the first release of this plugin so I'm keen to hear about bugs and suggested improvements. The usual warnings about running early release software in a production environment apply.

I'm particularly interested to receive feedback from experienced Moodle developers about anything I've done in this plugin which isn't 'best practice' in Moodle development or anything which is likely to cause a problem for regular users as this is my first Moodle plugin.

Thanks

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Wednesday, 8 August 2007, 7:56 PM

Hi Stu,

how much has this version changed from the 1.6 plugin? Just before I went on holidays (some 3 weeks ago) I got started on a port of the 1.6 plugin to 1.8, and found that the code was spread across several directories.

Ideally, the plugin should sit neatly in auth/openid -- plus a language file in lang of course...

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Tuesday, 14 August 2007, 8:09 PM

Hi Martin,

This work is unrelated to the earlier 1.6 plugin (it's based on work done for another application) although I did get the idea of using the mod directory in order to make the db install work from the 1.6 plugin.

Certainly, in an ideal world, the files would be contained in a single /auth/openid directory - in fact this is how this project started - but I ran into an issue with database installation which required me to move it to /mod/openid. Perhaps you could point me in the right direction?

db/install.xml files in the /auth directories don't seem to be detected by the Moodle admin scripts. How could this plugin be moved entirely to the auth directory and still install the required tables in the database automatically using the standard Moodle system?
Should the lang files, currently in /mod, all be moved to /lang?
Should the Janrain library files (currently in /lib) be contained within the auth directory?

Thanks

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Mike Churchward - Monday, 29 October 2007, 10:27 PM

Hi Stuart -

I just came across this set of posts, and I am interested in what you are doing...

To solve the database issues with some plug-ins, I find it best to provide a block that manages the database rather than a module. It's less confusing that way. The block can be set so that it can't be added to anything but the site-level (or not at all), and doesn't have to output anything. I often have it output the version to admin-level users only.

I'm curious what the difference is between the two auth plug-ins contained in your release?

mike

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Wednesday, 7 November 2007, 1:02 AM

Hi Mike

Thanks for your suggestion about using block rather than mod. I'm hoping to find time to upgrade the library to the new OpenID 2.0 version in the next few weeks (this week if I can find the time) so I'll try moving everything to the block directory at the same time.

As for the two plugins:

- 'openid' works in the standard openid way (eg: user enters their openid URL in a text box and then clicks the login button). This is the auth module most people will want to use.

- 'openid_sso' is for using openid as the mechanism for a single sign-on system. It has been created specifically for the client who funded development of this plugin and essentially uses identifier select in an OpenID 1.x request (backported from OpenID 2.0) in a limited way to avoid exposing users to openid directly (eg: just click the login button). At the moment this module requires a few changes at the server but we are aiming to eventually support a standard OpenID 2.0 server 'out of the box'.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Mike Finney - Sunday, 26 August 2007, 5:58 AM

Hey... one question:
6. Make the three directories in 'mod/openid/store/'
writable by your web server.

How do I do this... I cannot find such a folder...am I reading this wrong?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Tuesday, 28 August 2007, 7:51 PM

Hi, glad you're installing the plugin.

When you unzip the plugin archive and copy all of the files to the locations specified in README, you will have a new directory called 'openid' in your 'mod' directory. This contains a directory called 'store' which, in turn, contains 3 directories: 'associations', 'nonces' and 'temp'. All three of these directories need to be writable by your web server.

On any unix-like system the simplest way to do this is to 'cd' to the 'store' directory and 'chmod 777 *' using a command line client or use your FTP program to set the permissions accordingly (refer to the documentation for your FTP program). If you're on a different OS and can't find out how to do this, please let me know what you're using.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martin Dougiamas - Thursday, 10 January 2008, 1:05 PM

Hi Stuart,

Thanks for all your work on this module.

I've just filed an issue in the tracker (MDL-12903) regarding a standard OpenID client in Moodle 2.0.

The current plugin needs a bit of work to get to that point, namely everything should be brought together under auth/openid (auth modules support db schema, language strings, config screens etc).

Also, that mod/openid/store directory is a big no-no ... Moodle code should never store data in same directory as the scripts (ie $CFG->docroot). All such data should go into $CFG->dataroot.

Are you keen to work further on this? Otherwise is someone else?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Friday, 11 January 2008, 1:40 AM

Hi Martin, I'd be pleased to work on this for the 2.0 release. Now that auth supports db schemas, pretty much everything except the block will comfortably go into the auth/openid directory. I'll also get the store directory moved to $CFG->dataroot. Is there anything else which you can see needs doing at this stage?

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martin Dougiamas - Friday, 11 January 2008, 10:39 AM

Sorry, can you expand on why the block is necessary? Can't we just use the standard login mechanism?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Friday, 11 January 2008, 11:42 AM

We might need to provide a hook for plugins to display a different form in /login/index.php - and to take the results of the POST too. The OpenID form doesn't take username/password - it looks like the image below.

Stuart - is that why you need the block?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Friday, 18 January 2008, 9:52 PM

I overcame the login page issues by creating a duplicate of the Moodle login form in the plugin directory and using that if the plugin is enabled. Certainly hooks in the main Moodle page woule be better though. I guess this is something which may be useful to other auth plugins too.

The block is being used as a second, more convenient login box and also displays when the user is logged in allowing them to add more openids to their account or to change their account to openid if they've already signed up using another method. It's not an essential part of the plugin and could be removed from the default distribution if it's not wanted.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Myles Carrick - Friday, 11 January 2008, 6:57 AM

At the UK Moot, Martín L spoke in one of his workshops of having serious concerns about the basic OpenID model...

Martín - can you elaborate on this perhaps?

I'm working on OpenID in another (non-Moodle) software project at the moment - I'd be keen to understand the concerns...

MC

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Friday, 11 January 2008, 8:02 AM

I am both interested and worried about OpenID. The interest is personal, and through the OLPC project, so I'll be happy to help get things in shape for inclusion in Moodle proper...

The concerns I have come from a review ofthe protocol. When I read it in detail, I found that it is wide open to "phishing" and man-in-the-middle attacks, and that it trains users to let unknown websites "redirect you" to "your trusted" website, where they'll put their usernames and passwords. Sounded like a scammer's wet dream.

Wondering whether I was crazy, mentioned it in the OLPC dev list, and Ben Laurie (one of the key developers of Apache's SSL support) agreed with me. In fact, he's been pointing out how naive the protocol is for a while. He's not the only one either.

The only safe and sane solution for the kind of federated identity/SSO that OpenID wants to provide (and it's a very worthwhile thing to aim for!) is to modify webbrowsers for this. The trust cannot be established or checked with just HTTP and webpages. Luckily, the OpenID gang have heard the many voices and seem to be working towards that.

In the meantime, purely HTTP based OpenID with vanilla browsers is not something I would recommend to anyone who cares about security. Instead I'd put a warning sign with BLINK tags around it.

(OLPC will have OpenID integrated in the webbrowser and OS, in case you are wondering

)

Ben's posts and following discussions can be found here: http://www.google.co.nz/search?q=ben+laurie+openid

And some more links
http://marcoslot.net/apps/openid/
http://www.idcorner.org/?p=161
http://www.google.co.nz/search?q=phishing+man-in-the-middle+openid&btnG=Search&meta=

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Dan Poltawski - Friday, 11 January 2008, 8:26 AM

Just for a bit of MLP (and interesting comment discussion in this post): http://simonwillison.net/2007/Jan/19/phishing/

(And backs up your point quite heavily to me, since it just sounds clunky)

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Friday, 11 January 2008, 9:22 AM

Interesting suggestion, though Simon and most of the comments seem to forget that a phishing site will most probably proxy through to your site -- so it'll show the proper pages, CSS and error messages, while rewriting links and redirect headers to ensure everything goes through the proxy. I've written several proxies like that in Perl, using regexes. Even if you log in users with image-recognition-based or similar gimmicks, it'll all be proxied.

I do not think the OpenID designers were well read in internet security (but man, they're great at the marketing thing

). By now they probably have learned more than they ever wanted to... and if a reworked OpenID protocol (with the help of Ben and others) makes it into a browser plugin, it'll be great.

But let's not worry too much about this -- it'll progress on its own. I'm keen on seeing the OpenID plugin progress towards being merged. It'll be very useful to have it -- though perhaps we slap a big warning on it

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Dan Poltawski - Friday, 18 January 2008, 12:34 AM

Interesting to see that yahoo are going with the 'make it look like our official IDP login' approach:

http://security.yahoo.com/article.html?aid=2006102507

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Monday, 4 February 2008, 10:35 PM

The updated OpenID plugin with almost everything moved to the auth directory is now available for download from Launchpad. The only remaining files still outside the auth directory are:

The 3rd party openid library - should this stay in /lib or should it be moved within the auth/openid directory?
The local version of the auth.php language file - I guess the strings contained in this file would be moved to /lang/$lang_utf8/auth.php if the plugin is included in the main distribution?
The optional block.

The plugin also uses $CFG->moodledata for the store directories now.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by sam marshall - Tuesday, 5 February 2008, 12:39 AM

Re your second point, language files for auth plugins should go in

<plugin directory>/lang/en_utf8

(Or as appropriate for language.)

The system then will find the file provided that it is named auth_<pluginfoldername>.php. (So you should make sure it is!)

Pretty much all plugin types support this structure (e.g. course format language files are in the same directory relative to the course format folder, and are called format_whatever.php), so that they can be installed or uninstalled in a single place.

--sam

PS I checked this in the 1.9 code so it's possible that, if you are still running against 1.8, this facility might not be available for auth plugins - don't know.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Tuesday, 5 February 2008, 1:43 AM

Hi Sam, thanks for the response. I probably didn't explain the lang file thing very well though. I've already moved the main language file to /auth/openid/lang/en_utf8/auth_openid.php and this contains the vast majority of the strings used in the plugin.

What doesn't seem to work is the actual plugin's title in the Moodle admin interface. These seem to be in /lang/$lang_utf8/auth.php when the plugins are included as part of the main Moodle distribution but the only way I could get Moodle to display "OpenID" instead of "auth_openidtitle" in the admin menu and settings pages with this plugin without editing the main copy of auth.php was to create a local version of that language file with my own translations in it.

I'm not sure if my terminology's completely correct but hopefully it does a better job of explaining what's happening.

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by sam marshall - Tuesday, 5 February 2008, 2:53 AM

Oh right, I get it. Yes, if that still happens in Moodle 1.9/HEAD it's a bug IMO - the language infrastructure is ok as I said but somebody needs to make that specific part of the code that gets filter names query the auth_whatever.php before it queries auth.php.

I think I did something similar to this for course formats, it wasn't hard.

You should probably file it as a bug in the moodle tracker with all the details (i.e. names of the PHP script or scripts that displays the information wrong). If you like, and nobody else wants to fix it, you can assign the bug to me - I'll do it if I have time.

In the meantime you probably do need to have that title string in the main language file.

--sam

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by carrasco law - Tuesday, 25 November 2008, 4:30 AM

Hi, I tried to use the openid module in my moodle 1.9 and it doesn't work a blank page appears. I also use it in a moodle 1.8 ... and it works but every time the user enters de OpenId URL into the login form moodle sends an email with a link to confirm the account. Does anyone know what's the problem?

TIA.

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Ely Pa - Sunday, 28 June 2009, 1:09 AM

Testing on Moodle 1.9.4, same "page blank" issue. Any help, please?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Hubert Chathi - Monday, 29 June 2009, 11:14 PM

See if this helps: https://bugs.launchpad.net/moodle-openid/+bug/337591

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Martín Langhoff - Tuesday, 5 February 2008, 4:08 AM

Hi Stuart! Great stuff - I'm trying to make some time to get onto this and see how it plays with the existing School Server infrastructure for OLPC.

How do you normally test your code? Are you running your own OpenID provider? Or do you use one out there?

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Stuart Metcalfe - Tuesday, 5 February 2008, 9:48 PM

How do you normally test your code? Are you running your own OpenID provider? Or do you use one out there?

Hi Martin.

For testing, I use OpenID accounts from a number of providers (MyOpenID, Yahoo, Launchpad, etc.) plus a local provider here (using PHP MyID). The last issue I ran into was with Yahoo the other day when they released their beta service and that was only because I wasn't using the latest version of the OpenID library. When I upgraded it worked just fine.

If you run into problems when working with the school server, drop me a line - I'd be interested to help get it running and I'm fairly familiar with the library.

Stu

Average of ratings: -

Re: OpenID Plugin for Moodle 1.6 now available

by Clark Moodler - Wednesday, 13 February 2008, 12:14 AM

This is exciting - I've been interested in a way to get users back and forth to pbwiki sites more easily.

Also, check out this article:

Google, Microsoft, IBM, VeriSign, Yahoo Join OpenID Board

cheers,
clark

Average of ratings: -