HACP / AICC GetParam returns login page

HACP / AICC GetParam returns login page

by David Miller -
Number of replies: 15

I'm testing MOODLE v1.8, on IIS.

I'm trying to use HACP (AICC) to lauch to enternal resrouces.

When I call the external resource, it receives the aicc_url and aicc_sid in the query string.  I'm using that to postback to aicc_url and sending the GetParam back along with the aicc_sid.  The result is my MOODLE window now displays the login page. I was expecting it to return the information returned by GetParam.  I was under the impression the aicc_sid was identifying the session running in MOODLE.

Is there a system setting / configuration item that I have not set correctly?

Thank you,
Dave Miller

Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by Camilo Rivera -
Hello David, did you find a solution using HACP?
Thank you
Average of ratings: -
In reply to Camilo Rivera

Re: HACP / AICC GetParam returns login page

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers
Hi,
David is right about aicc_sid and Moodle PHP session relation. Looking at the code, confirm_sesskey() is used to validate the AICC HACP session_id provided by the content and if you look at the implementation of that function you could:
  1. try to access the PHP session cookie from your external content and submit it together with your HTTP POST payload: this is somewhat difficult since for security reasons you cannot access to cookies outside the domain of your Moodle;
  2. disable the session check globally using $CFG->ignoresesskey = true in your config.php file;
  3. disable the session check on a per user basis using $USER->ignoresesskey = true programmatically set by an hack based on a combination of user agent and Moodle AICC HACP page (HTTP POST on aicc.php). See e.g. lib/setup.php for some examples.
(b) and (c) will break your Moodle PHP session and this will break AICC HACP tracking too since the session is used for several other AICC HACP related information so you'll fix your first problem but you'll get many others not fixable issues.

(a) is the right way but it strictly depends on where your external content sits and if you can carefully choose the domain of both Moodle and your external content repository. I guess you have very few chance to let external AICC HACP based contents run in Moodle but... I've no real experience on that so my post is just a quick analysis of the code with a bunch of ideas.

HTH,
Matteo
Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by John Pietsch -

I am also getting a login page returned when I issue a GetParam meessage. THe external content is being found and called. But when the external content (AICC HACP) sends the GetParam message it appears that the when the IACC_URL is called (aicc.php) the require_login() function fails and so does not return the GetParam data. The AICC content is in another domain. Could this be why the require_login() function is failing? I have triied AICC content that is on the same domain and that seems to work. If cross domain is the issue, what can I do?

Thanks, John Pietsch

Average of ratings: -
In reply to John Pietsch

Re: HACP / AICC GetParam returns login page

by Perry Burton -

i am using v 2.0 and I am getting the same results as John.   Has anyone figured out a workaround or setting change?

Average of ratings: -
In reply to Perry Burton

Re: HACP / AICC GetParam returns login page

by David Miller -

Its been nearly 4 years since my first posting, with on and off interest from our client base about integrating our content with their LMS system. I this issue still true today, that trying to post back from an external training source is denied? Is it simply the fact Moodle is not able to support this? Our latest clients (using a variety of LMS services)  have inquired about our abilities - claim it is possible (they are using Cornerstone, Pathways), everytime  I return to Moodle it seems to still be an issue. Are we simply not understanding the features of Moodle?

Thank you,

Dave Miller

Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi David,
IMHO:

  1. Moodle requires some PHP session information to grant the user the access to the AICC HACP implementation (like in many other areas e.g. to resources), in terms of authentication and authorization based on the current user profile;
  2. the availability of such information suffers of the limitations imposed within the browser security context;
  3. you can overcome such limitations using:
    1. the hacks above: quite hard and tricky;
    2. a reverse proxy between the domain of your external content and the domain under which Moodle is running, to masquerade any content as a subfolder of your Moodle domain: quite easy and pretty successful, even never tried by myself. Apache and mod_proxy could be your friends... together with this.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: HACP / AICC GetParam returns login page

by Mark Harmon -

Matteo,

I'm so glad to see people on here with the same problems as me, and it seems as if you have found a solution.  I'm very in experienced in server scripting, but I can make my way round.

The link you gave does not give any steps on how to implement this, it just seems to explain the process.  Can you gudie me through the steps?

I've found some instructions about reverse proxies - they give you the code, but never tell you where it goes, so that leaves me lost.

I really appreciate the help and attenion that's being paid for this.  We're working with a company that claims this is all they do, and that no other clients have ever had trouble getting their AICC files to work.

Thanks!

Mark

Average of ratings: -
In reply to Mark Harmon

Re: HACP / AICC GetParam returns login page

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Mark,
give the approach described here a try.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: HACP / AICC GetParam returns login page

by Ben Dunlap -

Am I mistaken or would the reverse-proxy workaround apply only in contexts where getParam() is being called by a client-side script in the end user's browser?

Just asking because I've hit the general problem discussed here, and  described by MDL-27036, but in my case the external course is calling getParam() from server-side code. Is that fairly typical or is it much more common for getParam() to be done in Javascript?

Average of ratings: -
In reply to Ben Dunlap

Re: HACP / AICC GetParam returns login page

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Ben,
you're right: reverse-proxy deployment gives a simple working solution for client side calls because of it helps the browser on keeping the same web session, as expected, during the user tracking experience by moving cookies back and forth.

A server call (are you using kind of AICC proxy or injecting AICC tracking data?) requires more attention:

  1. you need a solution to keep the web session alive&available for each call under the scope of the user tracking experience (same of above);
  2. you also need to keep care that the web session will always be the one opened the first time by the user triggering the AICC experience on Moodle: the reason is that you need both authentication through a valid Moodle user profile (e.g. it could be re-created at each call) and a "fixed session" to let the AICC machine state, Moodle side, to happily run i.e. it requires the session to be unique along the whole user tracking experience. Client side calls automatically satisfy this requirement if (1) has been already satisfied.

MDL-27306 will address, if and when available, both client and server side calls since it will mask the whole above under a Tracking Session Token which is charged to make the things run as expected, regardless the need of fixed web sessions.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: HACP / AICC GetParam returns login page

by Ben Dunlap -

Thanks Matteo. I'm not privy to the external-server side of things right now and I'm very new to Moodle and AICC so I'm not totally sure how to answer your question:

are you using kind of AICC proxy or injecting AICC tracking data?

What I do know at this point is that my Apache logs show that shortly after the browser makes the first request to the external server where the course is hosted, we get a POST from that server's IP and the POST is an AICC GetParam() call. Moodle naturally tries to redirect to the login page and the process fails there, as expected I guess.

Anyway thanks for the tips -- will be very helpful if I decide to try to hack in a temporary solution.

Average of ratings: -
In reply to Ben Dunlap

Re: HACP / AICC GetParam returns login page

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Ben,
OK, now I've better understood your scope smile. You could discover the reason why the web session is not preserved even if the content is local to your Moodle through a sniffer , to look at the HTTP headers: Fiddler could be your friend.

If you AICC content is Flash/Java/AJAX based i.e. not plain HTML give HttpOnly settings a try.

HTH,
Matteo

Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by David Miller -

Thank you Matteo, I will revist this with your recommendations, and hopefully report back with success.

Thanks again,

Dave Miller

Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by David Miller -

Quite honestly, Moodle just doesn't seem to support AICC / HACP like other LMS packages. Our clients using other LMS have claimed the "cross browser" issue does not exist for them. Finally, today I downloaded Dokeos LMS today, not only is user interface 100x better, the same ZIP / AICC process works fine. I've wasted at least an elapsed year on something that works out of the box with someone else. I'm simply shocked.

Thanks for your guidance Matteo, but a workaround in moodle, for something many of the Moodle competitors have solved is just nuts.

 

Average of ratings: -
In reply to David Miller

Re: HACP / AICC GetParam returns login page

by Dan Marsden -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators

I don't disagree - but no one has cared about AICC enough in Moodle to do something about it.

we do have a plan: MDL-27036

..but at this stage no-one with funding or the free time to do the work.

Average of ratings: -