Can anyone advise on setting up Moodle with dual login methods. I have setup that uses openid connect and as such uses the 'alternativeloginurl' setting in config.php ; which automatically redirects requests to moodle.example.com to moodle.example.com/auth/oidc
This works great because SSO users are brought to the correct login page (or are automatically signed on if an SSO session is open)
however we now have the need to allow a small number of manual accounts (non institutional accounts) login to Moodle.
it seems we would need to break the current login flow for SSO users just to allow a handful of manual accounts to sign in, because any attempt to get to moodle.example.com/login/index.php redirects to the oidc login page. Is the concept of multiple authentication methods broken by specifying an 'alternative' login page?
thanks,
Rob.
Moodle 3.3
As far as I know, if you use that option you are now responsible for handling logins yourself. However, see https://moodle.org/mod/forum/discuss.php?d=86952
I think you could redirect the POST request back to the standard Moodle login handler if your external auth fails.
I haven't tried it....
Thanks Howard - you are correct! the standard login handler will except the posted params - just create you own html page anywhere with a post action to https://moodle.example.com/login/index.php
here's an example for anyone else:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Moodle Login</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
body {
padding-top: 45px;
padding-bottom: 40px;
}
/* Set height of the grid so .sidenav can be 100% (adjust as needed) */
.row.content {height: 450px}
/* Set gray background color and 100% height */
.sidenav {
padding-top: 20px;
background-color: #ffffff;
height: 100%;
}
/* Set black background color, white text and some padding */
footer {
background-color: #555;
color: white;
padding: 15px;
}
/* On small screens, set height to 'auto' for sidenav and grid */
@media screen and (max-width: 767px) {
.sidenav {
height: auto;
padding: 15px;
}
.row.content {height:auto;}
}
</style>
</head>
<body>
<div class="container-fluid text-center">
<div class="row content">
<div class="col-sm-2 sidenav">
<p><a href="#">Link</a></p>
<p><a href="#">Link</a></p>
</div>
<div class="col-sm-8 text-left">
<div class="container">
<div class="jumbotron">
<h1>Moodle Login</h1>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor</p>
</div>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip</p>
</div>
<form class="form-horizontal" action="https://<moodle.example.com>/login/index.php" method="post" name="form" id="form">
<div class="form-group">
<label class="control-label col-sm-3" for="username"><i class="fa fa-user" aria-hidden="true"></i> Username:</label>
<div class="col-sm-6">
<input type="text" name="username" class="form-control form-control-lg" id="username" placeholder="Enter username">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="pwd"><i class="fa fa-key" aria-hidden="true"></i> Password:</label>
<div class="col-sm-6">
<input type="password" name="password" class="form-control form-control-lg" id="pwd" placeholder="Enter password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-6">
<button type="submit" value="Login" class="btn btn-primary">Submit</button>
</div>
</div>
</form>
</div>
<div class="col-sm-2 sidenav">
<img src="https://moodle.org/logo/preview-moodle-logo.png">
</div>
</div>
</div>
<footer class="container-fluid text-center">
<p><i class="fa fa-copyright" aria-hidden="true"></i> Example Inc.2017</p>
</footer>
</body>
</html>
@Robert ... just wanted to say thanks for sharing (rated useful). Very timely as was in a discussion/cussion with an entity that wants to make their initial login screen point to a identity management system (CustomOauth2). Needed a way to keep those that admin the moodle with the 'regular' login for times when the IDM hickups ... which it did.
Anyhoo your page saved some time and expense to entity.
'spirit of sharing', Ken
@Ken.....you are most welcome! glad to be of some assistance.
all the best.
Rob.
Hello
I've done two different Logins (Shibboleth and manual login) with changes over the apache configs (mod_rewrite).
When you want I can provide more informations about that. The key points are, that once is the default moodle frontapage used for manual logins and the second time its the normal login page "../login/index.php" used for the Shibboleth authentication.
We have done that for support two subdomains to different logins (demomoodle and the normal access to moodle).
Kind regards
Adrian
you could shibbolize the 2 virtual hosts but you would need to use name based virtual hosts and turn on canonical names for the shib metadata bindings, this includes; including the schema(https) and ports in the virtual hosts. Then you will have Shibboleth SP bindings on both virtual hosts
e.g.
#production moodle
<VirtualHost moodle.example.com:443>
ServerName https://moodle.example.com
UseCanonicalName On
## Vhost docroot
DocumentRoot "/var/www/html/moodle"
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /moodle/auth/shibboleth/index.php>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off
Require valid-user
</Location>
</VirtualHost>
#Demo moodle
<VirtualHost demomoodle.example.com:8443>
ServerName https://demomoodle.example.com
UseCanonicalName On
## Vhost docroot
DocumentRoot "/var/www/html/moodle"
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /moodle/auth/shibboleth/index.php>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off
Require valid-user
</Location>
</VirtualHost>
Thanks for sharing this example. But we need in fact the "manual login" and not two shibb authentication methods.
So then it's just a vhost and html page!
<VirtualHost demomoodle.example.com:80>
ServerName demomoodle.eample.com
DocumentRoot /var/www/html/manuallogin.html
</VirtualHost>
This would be when you are using some form of single sign on and you have configured Moodle to use an alternative login url to bypass the discovery phase of SSO. (i.e. entering moodle.example.com auto redirects to shibboleth IDP or openID etc.) This essentially blocks any non domain users from logging in and there is also no way of logging in with a manual account if things go wrong with SSO