Authentication

 
 
Picture of David Bolger
SSO via HTTP header
 

Hi all!

I have linked Moodle 2.4 with my LDAP server and it is working perfectly to create new users and allow users log in. I am now trying to set up Single Sign-on using Open AM.

I have the username being delivered as part of the HTTP header ($_SERVER['REMOTE_USER']) but can't figure out how to force Moodle to accept this as a login authentication.

I tried editing the auth.php file, removing the SSO check from the user_login function and just replacing it with a "return true;". I also tried replacing the $username variable in the get_userinfo function with $_SERVER['REMOTE_USER'];

However after these changes, all I've managed to do is force Moodle to ignore the username/password passed to it by the Login button and instead to create an entirely new user every time the Login button is pressed, with the REMOTE_USER value as the username.

Obviously this isn't the right way to go about this. Can anybody suggest a simpler way to have Moodle automate logins using the REMOTE_USER header as the username?

Thanks!

David

 
Average of ratings: -
Picture of David Bolger
Re: SSO via HTTP header
 

Hi all,

I'm still working on this but have got no further. Basically what I think I need is an auth plugin that takes the $_SERVER['REMOTE_USER'] value as a username, and immediately considers the login authenticated with that username and directs the user to their front page. I imagine that this is very simple, if I knew where to put the variables. Has anybody any suggestions?

Thanks,

David

 
Average of ratings: -
Picture of Adam Morris
Re: SSO via HTTP header
 

I'm actually working on SSO myself with Moodle. Do you have the code you've done?

Did you hook up the web server with kerberos? Also have you seen the CAS authentication option? http://docs.moodle.org/24/en/CAS_server_(SSO)

 
Average of ratings: -
Picture of Adam Morris
Re: SSO via HTTP header
 

You might also consider using the PAM plugin to use the server's built-in PAM stack. You can configure that to use kerberos pretty easily.

 
Average of ratings: -
Picture of David Bolger
Re: SSO via HTTP header
 

Thanks for your suggestion, Adam. We ended up using a custom auth module that is working great smile

 
Average of ratings: -
Picture of Sascha Beh
Re: SSO via HTTP header
 

Hi David,

I need the exact same functionality. Could you share the code that you have written?

 

Thanks!

 
Average of ratings: -
Picture of Jennifer McVicker
Re: SSO via HTTP header
 

I'd also be interested in seeing your code.  Can you share it?  I need to build a SSO solution for our site that logs the user in to moodle *before* they get to the moodle site.

 
Average of ratings: -