Are there any docs or information on if Moodle can handle ADFS and SAML 2.0? I am trying to find information on how to set this up with Moodle. We have ADFS 2.0 installed in our environment and want to integrate it with Moodle.
Was thinking about this myself today, would be great for a couple of scenarios...
- hosted Moodle sites that don't want to open up LDAP to the Internet at the other end
- Office 365 integration, signing into 365 will get you into Moodle and vice versa, perfect for working in the cloud then seamlessly dropping the content into Moodle
ADFS looks ideal on this front as it's made with hybrid hosted \ local scenarios as a primary requirement.
Are there any willing and interested coders out there who might want to take on a little challenge? Would love to see ADFS as a Moodle auth plugin in the future ;)
Has anyone attempted to pull this off since the last message? Particuarly in an Office365 scenario?
Use the saml plugin. This saml plugin require the installation and configuration of simpleSAMLphp as SP.
This SP is compatible with any SAML IdP, (ADFS 2.0 included).
Here is a quick guide how connect ADFS 2 0 with simpleSAMLphp
What do you mean by works well? You mean the saml plugin? Or your experience with setting it up on your environment?
We are using ADFS in our environment. Although it is not directly used to Login to Moodle.
We use CAS SSO, Shibboleth, and ADFS all together to give us a full SSO Solution.
For Moodle have CAS Configured, For Office 365 we have ADFS Configured.
Shibboleth uses CAS for Logins and ADFS uses Shibboleth. You can see now how the user see really only CAS for SSO Logins.
It is a real simple setup if you have Shibboelth and CAS already setup. You would then have ADFS use Shibboleth for Authentication which in turn uses CAS for Logins. This method works for Office 365 Client Apps and Web Apps so your users can use Lync and Outlook since they hit ADFS first.
Go through the standard ADFS/Office 365 SignleSignOn setup the you need to add a custom attribute to shibboleth to release the DOMAIN\Username to ADFS. You never have to modify the ADFS setup so you can still recieve support from Microsoft.
If you need the specific on how the attribute is built and released just shoot me a message!