SSO Login script

SSO Login script

by T K -
Number of replies: 7

I am using Moodle 3.4.

I have setup the SSO webservice that is able to authenticate moodle user & password, and returns the token as below:

{
    "token": "f82e4a6173109a17e0a19b8e7a5c6945",
    "privatetoken": null
}
How / where do I use this token from the external site to allow SSO login for my moodle users?


I have the html format here but I dont see where to pass this token to create the logged in session:

<form id="login" class="expose" method="post" action="http://aicbuat-elearning.aicb.org.my/login/index.php">

<input type="hidden" name="username" id="username" size="20" value="<?php echo $username ?>" />

<input type="hidden" type="password" name="password" id="password" size="20" value="<?php echo $password ?>" />

</form>


Average of ratings: -
In reply to T K

Re: SSO Login script

by Mark Johnson -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

You will need to use an authentication plugin. There are several authentication plugins included in the core Moodle distribution, but if your SSO system isn't compatible with one of these, you will need to write your own plugin.

Average of ratings: -
In reply to Mark Johnson

Re: SSO Login script

by T K -
DO I still need authentication plugin even with a custom made SSO Script? we can already generate the token
Average of ratings: -
In reply to T K

Re: SSO Login script

by Mark Johnson -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hold on, I might have this backwards. Are you trying to use an SSO system to log users in to Moodle as well as other systems, or are you trying to use Moodle as an authentication system for other applications?

Average of ratings: -
In reply to Mark Johnson

Re: SSO Login script

by T K -
We have an external student portal, from here students will click onto elearning link, and this will SSO login them into Moodle.

So at moode i have a custom made SSO script, which authenticate the user/pass and generates an valid token for access.
How can I use this token to access Moodle?
Average of ratings: -
In reply to T K

Re: SSO Login script

by Mark Johnson -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Right, I understand better now, thank you. When you log a user in to Moodle normally, this creates a session cookie in their browser, which is used to tell Moodle who they are logged in as whenever the browser makes another request (visiting a page, loading an image, doing an AJAX call, etc). This cookie persists until it expires, the user logs out, or the user closes their browser, depending on your settings.

When you authenticate with Moodle via a web service, you create a token which can be sent with future web service requests to identify the user making the request, via the wstoken parameter. When Moodle recieves this token, it creates a new session for that user, which lasts for the duration of that request only. If you make another web service request, you need to send the token again. This token is valid until it expires, or is revoked.

Does that explain what's happening a bit better?

Average of ratings: -
In reply to Mark Johnson

Re: SSO Login script

by T K -
Yes this explains better.
So now my question is, what script/method can I use to use the token and grant the access? Any sample scripts that I can refer to?
Average of ratings: -
In reply to T K

Re: SSO Login script

by Mark Johnson -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

If you've got the username and password to log the user in to Moodle, generating them a web service token isn't necessary unless you want to use it make web service calls as that user. If you want to be fully logged in to a Moodle session, you need to make some request in the user's browser that sends the username and password to Moodle and follows the login process.

I'm not enough of an expert in SSO to be comfortable offering specific advice, since there's likely a tradeoff between security and convenience if you're doing this yourself, unless you're planning to implement a full standards-based solution. Some options might be to create an alternative login script in Moodle which you can send the username and password to, or to implement an auth plugin which accepts some token genereated when users log in to your student portal.

Average of ratings: -