I went through the MNet protocol wikipage. It looks like both the IdP and SP should be moodles. Or do I have to create similar methods at same urls so that the SP(moodle in my case) can call IdP (my application - java web app / not moodle) for session and user verification?
- SP calls "auth/mnet/auth.php/user_authorise" on IdP via XML-RPC with token and user's useragent string as parameters
- IdP verifies MNet session and returns user data
- SP may fetch additional data from IdP, add user to its own DB, update enrolments on IdP, etc.
Please correct me if I am wrong in interpreting the mnet document.
About passing params, I am able to pass params to moodle.