Authentication

Open ID for auth, secondary system for user sync?

 
Picture of Nelson Bartley
Open ID for auth, secondary system for user sync?
 

Good day,


We are currently running a Moodle 3.4 setup attached to a local LDAP server with approximately 7000 users. The LDAP server is both authentication and enrollment for the entire server. 


Now we have several secondary applications we have developed, and would like to get SSO on those apps as well as on Moodle, so that we can link the apps/sites together and seemlessly go between them. (in app browser and such) 


I've been doing my reading of the wiki, the various plugins, and I'm having trouble seeing how this would work. Is there a way to fully register all the users in the system in advance (for class registration/administration), but have their login work through openid? Everything I see says you can't sync a full list of users from an oath2/openid system.


This is a closed system, there is no self registration, all the IDs would match between moodle and open id profile... I'm just not seeing how to do this.


Any ideas guys?

 
Average of ratings: -
Picture of Dave Perry
Re: Open ID for auth, secondary system for user sync?
Testers

I don't have experience of OpenID personally, but it sounds similar to Shibboleth (SSO).

Presumably you'd have to setup an OpenID login server on your own server (an Identity Provider), activate OpenID login method on moodle (some kind of Service Provider, that would trigger a login session to be created), then write your other apps to do the same (trigger a login session - but if another app of yours detects a user has an OpenID session running, it will pick that up and use it).

 
Average of ratings: -
Picture of Nelson Bartley
Re: Open ID for auth, secondary system for user sync?
 

So funny enough, that's exactly what I understood of the system. The current oath2 plugin apparently supports connectid and jwt, so that's the easy part.


The problem is, that means the users all have to login once before they exist in the system. This is not good for class management. What I want to know is how I register all my users into the system before hand and either map them to a connectID or when they finally log in have the connect id auto map to the user already registered.





 
Average of ratings: -
Picture of Werner Visser
Re: Open ID for auth, secondary system for user sync?
 

Hi Nelson,


Did you manage to figure this out?  We similarly would like to register users via a service and automatically log them into Moodle from our app so that the experience is seamless.


Would love to hear from you and if you have a solution?


Thanks

 
Average of ratings: -
Picture of Nelson Bartley
Re: Open ID for auth, secondary system for user sync?
 

No I didn't, and there was minimal involvement from the community.

 
Average of ratings: -