Disable login feature

Disable login feature

by Jesus Ortega Miguel -
Number of replies: 6

Hi,

I'm working in a login plugin for mymmoodle site. It performs a login using a token so the user doesn't need to input their username nor password.

In fact, the user will not know their credentials for the moodle platform, he will be logged in by using the tokend provided by another application.

Is it possible to hide permanently the login screen and the login form in moodle?

Thanks a lot for your help!


Average of ratings: -
In reply to Jesus Ortega Miguel

Re: Disable login feature

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Then how will (for example) the admin login?
Average of ratings: -
In reply to Howard Miller

Re: Disable login feature

by Jesus Ortega Miguel -
It will also use an external token to identify itself.

The process is simple, with a token we ask the moodle plugin to login, the plugin checks the token with an authentication server and then the user is loged into moodle.

I want to prevent the user and password login. I found out in site configuration I can edit the "change password" page and a secondary login page but the main login form in moodle is still there.
Average of ratings: -
In reply to Jesus Ortega Miguel

Re: Disable login feature

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
That's a very, very bad idea.

When something goes wrong - and it will - your site admins can't login.

What I have seen some sites do is to create a "secret" manual login page on some other path - a bit like Wordpress (you need to know to go to /wp-admin). That's not core Moodle and something you would need to write. 
Average of ratings: Useful (1)
In reply to Jesus Ortega Miguel

Re: Disable login feature

by Michael Milette -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
Hi Jesus,

As Howard mentioned, I agree that Site Administrators need to be able to login using the manual authentication. Check their profile. There are no other authentication method options for these users.

So, it is a bad idea to completely disable manual logins. What if your token system breaks and you need to login in order to fix it?

My recommendation would be:

1. Use CSS to hide the link to the login form
2. Install the Local Login plugin from https://github.com/michael-milette/moodle-local_login
3. In the Moodle settings, enter the path to your new token login form

When you need to login as an administrator, you will still be able to by going to https://yoursite.url/local/login thanks to the Local Login plugin.

The only down side is that, if you fail to login, you will be redirected to your token login page and will need to re-enter the local login URL again to make another attempt. This should not be a problem if you bookmark the mew login page.

Another option might be to have your custom token login page display the normal login form if it does not receive a valid token. That way, you avoid the above-mentioned downside.

Hope you find this useful.

Best regards,

Michael Milette
Average of ratings: Useful (1)
In reply to Jesus Ortega Miguel

Re: Disable login feature

by Michael Milette -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators
By the way, it is nice to make it easier to login, but have you considered how users are going to successfully and securely logout with your token system?

Just something to think about as I noticed that this is often an oversight.

Michael Milette
Average of ratings: Useful (1)
In reply to Michael Milette

Re: Disable login feature

by Jesus Ortega Miguel -
My idea is to manually log out the user by clicking the "logout" button.

Probably I should re-check this point, we are trying to avoid using too many plugins or at least minimize the quantity.

Maybe as you said, is not a good idea to fully disable the password login.

Thank you a lot for your advice and help, it was really useful and made me rethink some points of the plugin I'm working at.

Best reagards,

Jesús
Average of ratings: -