Installing and upgrading help

Default and Alternative login URL

 
Picture of Robert Duncan
Default and Alternative login URL
 
Hi,

Can anyone advise on setting up Moodle with dual login methods. I have setup that uses openid connect and as such uses the 'alternativeloginurl' setting in config.php ; which automatically redirects requests to moodle.example.com to moodle.example.com/auth/oidc

This works great because SSO users are brought to the correct login page (or are automatically signed on if an SSO session is open)

however we now have the need to allow a small number of manual accounts (non institutional accounts) login to Moodle.

it seems we would need to break the current login flow for SSO users just to allow a handful of manual accounts to sign in, because any attempt to get to moodle.example.com/login/index.php redirects to the oidc login page. Is the concept of multiple authentication methods broken by specifying an 'alternative' login page?

thanks,
Rob.

Moodle 3.3
 
Average of ratings: -
Picture of Howard Miller
Re: Default and Alternative login URL
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

As far as I know, if you use that option you are now responsible for handling logins yourself. However, see https://moodle.org/mod/forum/discuss.php?d=86952

I think you could redirect the POST request back to the standard Moodle login handler if your external auth fails. 

I haven't tried it....

 
Average of ratings: -
Picture of Robert Duncan
Re: Default and Alternative login URL
 

Thanks Howard -  you are correct! the standard login handler will except the posted params - just create you own html page anywhere with a post action to https://moodle.example.com/login/index.php


here's an example for anyone else:

<!DOCTYPE html>
<html lang="en">
<head>
  <title>Moodle Login</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  
  <style>
    body {
  padding-top: 45px;
  padding-bottom: 40px;
}
    
    /* Set height of the grid so .sidenav can be 100% (adjust as needed) */
    .row.content {height: 450px}
    
    /* Set gray background color and 100% height */
    .sidenav {
      padding-top: 20px;
      background-color: #ffffff;
      height: 100%;
    }
    
    /* Set black background color, white text and some padding */
    footer {
      background-color: #555;
      color: white;
      padding: 15px;
    }
    
    /* On small screens, set height to 'auto' for sidenav and grid */
    @media screen and (max-width: 767px) {
      .sidenav {
        height: auto;
        padding: 15px;
      }
      .row.content {height:auto;} 
    }
  </style>
</head>
<body>

  
<div class="container-fluid text-center">    
  <div class="row content">
    <div class="col-sm-2 sidenav">
      <p><a href="#">Link</a></p>
      <p><a href="#">Link</a></p>
    </div>
    <div class="col-sm-8 text-left"> 
      <div class="container">
  <div class="jumbotron">
    <h1>Moodle Login</h1> 
    <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor</p> 
  </div>
  <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip</p> 
</div>
  
  <form class="form-horizontal" action="https://<moodle.example.com>/login/index.php" method="post" name="form" id="form">
  <div class="form-group">
    <label class="control-label col-sm-3" for="username"><i class="fa fa-user" aria-hidden="true"></i> Username:</label>
    <div class="col-sm-6">
      <input type="text" name="username" class="form-control form-control-lg" id="username" placeholder="Enter username">
    </div>
  </div>
  <div class="form-group">
    <label class="control-label col-sm-3" for="pwd"><i class="fa fa-key" aria-hidden="true"></i> Password:</label>
    <div class="col-sm-6"> 
      <input type="password" name="password" class="form-control form-control-lg" id="pwd" placeholder="Enter password">
    </div>
  </div>
  <div class="form-group"> 
    <div class="col-sm-offset-3 col-sm-6">
      <button type="submit" value="Login" class="btn btn-primary">Submit</button>
    </div>
  </div>
</form>
    </div>
    <div class="col-sm-2 sidenav">
<img src="https://moodle.org/logo/preview-moodle-logo.png">
    </div>
  </div>
</div>
<footer class="container-fluid text-center">
  <p><i class="fa fa-copyright" aria-hidden="true"></i> Example Inc.2017</p>
</footer>
</body>
</html>


 
Average of ratings: Useful (2)
Picture of Ken Task
Re: Default and Alternative login URL
Particularly helpful Moodlers

@Robert ... just wanted to say thanks for sharing (rated useful).  Very timely as was in a discussion/cussion with an entity that wants to make their initial login screen point to a identity management system (CustomOauth2).   Needed a way to keep those that admin the moodle with the 'regular' login for times when the IDM hickups ... which it did. sad

Anyhoo your page saved some time and expense to entity.

'spirit of sharing', Ken


 
Average of ratings: -
Picture of Robert Duncan
Re: Default and Alternative login URL
 

@Ken.....you are most welcome! glad to be of some assistance.


all the best.

Rob.

 
Average of ratings: -
Picture of Adrian Perez Rodriguez
Re: Default and Alternative login URL
 

Hello

I've done two different Logins (Shibboleth and manual login) with changes over the apache configs (mod_rewrite).

When you want I can provide more informations about that. The key points are, that once is the default moodle frontapage used for manual logins and the second time its the normal login page "../login/index.php" used for the Shibboleth authentication.

We have done that for support two subdomains to different logins (demomoodle and the normal access to moodle).

Kind regards
Adrian

 
Average of ratings: -
Picture of Robert Duncan
Re: Default and Alternative login URL
 

you could  shibbolize the 2 virtual hosts but you would need to use name based virtual hosts and turn on canonical names for the shib metadata bindings, this includes; including the schema(https) and ports in the virtual hosts. Then you will have Shibboleth SP bindings on both virtual hosts

e.g.

#production moodle
<VirtualHost moodle.example.com:443>
  ServerName https://moodle.example.com
  UseCanonicalName On
  ## Vhost docroot
  DocumentRoot "/var/www/html/moodle"
<Location /Shibboleth.sso>
    SetHandler shib
</Location>
<Location /moodle/auth/shibboleth/index.php>
    ShibRequestSetting requireSession 1
    AuthType shibboleth
    ShibExportAssertion Off
    Require valid-user
</Location>
</VirtualHost>
#Demo moodle
<VirtualHost demomoodle.example.com:8443>
  ServerName https://demomoodle.example.com
  UseCanonicalName On
  ## Vhost docroot
  DocumentRoot "/var/www/html/moodle"
  
<Location /Shibboleth.sso>
    SetHandler shib
</Location>
<Location /moodle/auth/shibboleth/index.php>
    ShibRequestSetting requireSession 1
    AuthType shibboleth
    ShibExportAssertion Off
    Require valid-user
</Location>
</VirtualHost>


 
Average of ratings: -
Picture of Adrian Perez Rodriguez
Re: Default and Alternative login URL
 

Thanks for sharing this example. But we need in fact the "manual login" and not two shibb authentication methods.

 
Average of ratings: -
Picture of Robert Duncan
Re: Default and Alternative login URL
 

So then it's just a vhost and html page!

<VirtualHost demomoodle.example.com:80>

ServerName demomoodle.eample.com

DocumentRoot /var/www/html/manuallogin.html

</VirtualHost>


This would be when you are using some form of single sign on and you have configured Moodle to use an alternative login url to bypass the discovery phase of SSO. (i.e. entering moodle.example.com auto redirects to shibboleth IDP or openID etc.) This essentially blocks any non domain users from logging in and there is also no way of logging in with a manual account if things go wrong with SSO

 
Average of ratings: -