I haven't been able to find any other postings related to this so I thought I would see if anyone can help me.
We have moodle 1.8 running as part of a CMS system that we wrote.
For authentication on the CMS we use a cookie that stores a user_id for the cms system in it. We can derive the username and other details directly from the CMS this way.
I have written a cookie auth plugin which works for logging in but still requires going to the login form in moodle to enter the username (password is not required).
What i'm after is a way to bypass the login page by Moodle detecting the external cookie as if it was checking for its own cookie.
Is there a check_cookie function/method that moodle uses to confirm the user is logged in ? if so where is it
thanks for your help
Dave
I did some more reading through the code and discovered the require_login() function in moodlelib- with a few tweaks everything works fine.
Now users can be logged in automatically by detecting the external cookie is present. I'm not sure if it checks this on every landing page or if this is the best way - but it definitely works for the index page.
Now users can be logged in automatically by detecting the external cookie is present. I'm not sure if it checks this on every landing page or if this is the best way - but it definitely works for the index page.
It should "just work" with a small auth plugin -- doesn't it? Shouldn't need to change core code...
I have done something similar to what you need, developing a new auth system. In particular to obtain user authentication with an external coockie i have overridden the function loginpage_hook() with this code:
function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
$name = $this->config->cookiename;
if (isset($_COOKIE["$name"])){
$_POST["username"] = $_COOKIE["$name"];
$_POST["password"] = md5("*************");
}
}
In this case when someone wants to log, this function, that is automatically called, will check if a cookie named "$name" exists. If so, it sets $_POST["username"], with the value from the cookie, and it sets $_POST["password"] with a static value (in your case you could set also $_POST["password"] with the username). In this way the function user_login($username, $password) of my auth system is called properly and returns always true (it means that it has authenticated the user). Your user_login() function could look like this:
function user_login($username, $password) {
$name = $this->config->cookiename;
if(isset($_COOKIE["$name"])){
return true; // user ok
} else {
// do something else and return false
}
}
I hope it helps!
thanks for your input on this... i couldn't find what parameters were required for loginpage_hook - do you set the config_cookie name in the preference file?
After I have authenticated I still need to setup the account with some prepopulated values from my external db (if account doesn't exist) - I had a look at the external db plugin to see how that works - i'm just not clear on what order all the functions get called...
After I have authenticated I still need to setup the account with some prepopulated values from my external db (if account doesn't exist) - I had a look at the external db plugin to see how that works - i'm just not clear on what order all the functions get called...
Should not the cookie contents be encrypted when stored by your lead authenticating app? Otherwise someone could spoof the cookie contents, and be anyone they wanted in your moodle! I use mcrypt() functions in php for decryption.
--James
For James: we don't need to encrypt our cookie content because we have another cookie, that is a session key, that is released automatically from our policy agent after that you have successfully authenticated yourself. In this way even if you create a cookie with all the correct informations you have always to be authenticated on the system because you don't have a valid session key cookie.
However is always a good idea to encrypt cookie content, if you can give us some more details it would be very helpful 
For David: I have created a complete and new auth system. It means that I have written also a "config.html" file where I put all the configuration variables. This page is a form and is called every time you want to set the preferences of this auth system. In that form the admin can set, for example, the name of the cookie that I then retrieve with:
$name = $this->config->cookiename;.
The functions that you find in any auth system are called when, for example, the user wants to view and/or modify his profile. In that case the functions that are called are probably update_user_record() and user_update(). I said probably because the first one updates the internal informations (those stored in the "user" table on your moodle db) and is called on every change, the second one, instead, updates the external information (those on your external db) and is called only if you set properly this auth system preferences. However in my case, once that the user is authenticated, I retrieve his profile informations from an external db. It is not so hard with OOP, you simply have to create an instance of external db auth system and then call the function that you need. For example consider the function get_userinfo(), in your auth system could look like this:
function get_userinfo($username) {
global $CFG;
$dbauth = get_auth_plugin('db');
$dbresult = $dbauth->get_userinfo($username);
return $dbresult;
}
Hope it helps!
However what kind of system are you using to identify the users? We have an LDAP system, you use a simple external db? If you can let me know!
My cookie is also an encrypted string that gets decrypted by a function i call.
Thanks for you help - I have finally worked out how the auth plugin works and have worked out how to grab the user details from my external database and populate the moodle fields it works great - I have removed my changes from the core code and it still works so that is a bonus
I have just moved on to my next problem of importing courses into moodle, we use a paper code at our university eg ALED504-07C (NET) - 17 characters long - I was going to use this as the short name on the course as it is unique but moodle only allows 15 characters for this- I'm looking at removing the brackets and spaces - hopefully that works
Thanks for you help - I have finally worked out how the auth plugin works and have worked out how to grab the user details from my external database and populate the moodle fields it works great - I have removed my changes from the core code and it still works so that is a bonus
I have just moved on to my next problem of importing courses into moodle, we use a paper code at our university eg ALED504-07C (NET) - 17 characters long - I was going to use this as the short name on the course as it is unique but moodle only allows 15 characters for this- I'm looking at removing the brackets and spaces - hopefully that works
Hello David
Would you be willing to share your info on how to accomplish this, since I am interested in the same functionality?
Regards
Mariana
Would you be willing to share your info on how to accomplish this, since I am interested in the same functionality?
Regards
Mariana
Hi Mariana,
sure... here's the situation we have at our university:
We have another portal which uses an encrypted cookie that stores username and time of login which is set when you login to that site. Every page on the portal uses this cookie to decide whether you can see the content.
the moodle auth cookie plugin that I put together (with a lot of help on this site
so your requirements for this system to work are:
1.An encrypted cookie storing user_id or username from another system that can be set when logging in.
A function to decrypt the cookie and retrieve the username or user_id
Generally for a cookie to be effective the two sites will be on the same domain eg www.cookie.com/moodle and portal cookie.com/portal
2.and the plugin I have written - I am working on creating a full plugin that incorporates the encryption/decryption of cookie function.
We are lucky in that our portal is written in php too so we have access to all the functions inside moodle just by including them.
i will attach the plugin code if you like, although the primary requirement the cookie decoder will have to be written separately (at this time)
Do you currently have another portal like site ?
cheers
Dave
Where I have to paste this code in moodle php file. login/index.php is it right?
Where I want to past this code?
function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
$name = $this->config->cookiename;
if (isset($_COOKIE["$name"])){
$_POST["username"] = $_COOKIE["$name"];
$_POST["password"] = md5("*************");
}
}
function user_login($username, $password) {
$name = $this->config->cookiename;
if(isset($_COOKIE["$name"])){
return true; // user ok
} else {
// do something else and return false
}
}
Rishi
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file.
please help me to solution
Gianrico,
Thanks very much for sharing this! Your little bit of code is a lifesaver!
I'm very new to moodle and have been banging my head against the wall trying to figure out how to incorporate our custom SSO system.
Thanks very much for sharing this! Your little bit of code is a lifesaver!
I'm very new to moodle and have been banging my head against the wall trying to figure out how to incorporate our custom SSO system.
In reply to Gianrico Ingrosso
Re: Single sign on with external site cookie
hi gianrico ...where can i find that loginpage_hook() function ?? please tell
In reply to jayaprakash jayakumar
Re: Single sign on with external site cookie
hi david!..please reupload your externalcookie.zip file..
Hello Martín Langhoff
I am also searching for the same thing from last three days but i din't find the solution for single - sign-on concept , from your reply again i got confidence that i will do that so ,will you please tell me the concept and which plugin i need to use for that and how ?
if you help me on it really it's very helpful for me please help as much as possible please
Thanks & regards in advance
Please note there is no authentication with this type of approach. You are entirely trusting all visitors on your site. I can set my cookie to say that my username is "admin" and your site will log me in as "admin".
for all those who have asked ... I have posted the auth plugin with basic instructions - here
http://edlinked.soe.waikato.ac.nz/files/externalcookieMoodle.zip
hope this helps anybody who wants to login from another site straight into moodle - I have also got deep linking working into courses using this method
http://edlinked.soe.waikato.ac.nz/files/externalcookieMoodle.zip
hope this helps anybody who wants to login from another site straight into moodle - I have also got deep linking working into courses using this method
Hello David,
Thanks for your contribution, the auth plugin helps me a lot. But I still have some questions in using this auth plugin.
I have a main system which will do the user authentication. After the user be authenticated, the main system will store the user/password information in cookie. I want to use your auth plugin to read the cookie, when user click the moodle course(s), it will make the user authentication automatically (single sign on) to moodle.
I have installed your plugin in my moodle, but it still appear the login page when user click the moodle course after he be authenticated by main system. I hope the auth plugin will read the user cookie information, and auto login to moodle accordingly.
I am new to moodle, I don't have idea how to modify your auth plugin to meet the requirement, could you give me some hints to address this?
Thank you.
Hi,
I'm also very interested in obtaining the modified plugin as I have the same user needs as yours. Wondering if you have any luck so far?
Andy
I'm also very interested in obtaining the modified plugin as I have the same user needs as yours. Wondering if you have any luck so far?
Andy
Hi Andy,
see the postings further down - as I ended up writing a plugin -= needs a bit of work - which I a will include in a future version.
see the postings further down - as I ended up writing a plugin -= needs a bit of work - which I a will include in a future version.
Hi David,
Thanks for the reply.
Have just given a try at the plugin.
Somehow i could not get it to work properly. Wondering if you can assist me in getting it to work?
Andy
Thanks for the reply.
Have just given a try at the plugin.
Somehow i could not get it to work properly. Wondering if you can assist me in getting it to work?
Andy
The users have to be in moodle already with the Auth Method of Cookie- no password is required in their accounts but they do need to be enrolled in the courses you want them to access.
I acheived this by importing a list of usernames and name details - then used the enrolement plugin to place them into courses.
Hope this helps... You will need to modify the "cookie reading" function to suit your own needs , but all I do is check for the cookie using my external script.
I acheived this by importing a list of usernames and name details - then used the enrolement plugin to place them into courses.
Hope this helps... You will need to modify the "cookie reading" function to suit your own needs , but all I do is check for the cookie using my external script.
Hi David,
I am checking with your externalcookies plugin. I did all work what you have mentioned in readme file.
But I can not access it corrcectly. It shows blank error.
If I enable cookies autherntication in autentication page login url went to login/index.php only not alternate url (moodle/auth/cookies/login.php)
How can I solve the issues. and now i am using moodle only. what should I use for create cookies.
You can see my site : http://125.22.246.153/moodle2
---
http://125.22.246.153/moodle2/auth/cookie/signup.php
Thanks,
Rishi
hi david ,
the link that you mention is not working ,can you please send again your plugin file
Thank you
Does anyone have a copy of this sso plugin?
Many thanks
Andy
Hi David,
We tried many more times and days. But still we can't get good result from your plugin. It is not working.
I thing you please check with your end. Is it working or not?
We have spent lot of times for this unknown script.
I don’t like to waste someone their time for this external plugin.
What I request you to please check your coding and give here full details for how to work with your plugin.
Thanks
Rishi
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
Does anyone have the code for this plugin?
I have put together a plugin but it doesn't really work like I need it to.
Hello. Unfortunately the resource is not avaialble anymore.
Can you please attach it?
Thank you.
Can you please attach it?
Thank you.
Hi David,
The link you mentioned here is not working.
Can you please rearrange it?
Regards..
- Sid
Totally agree with your suggestion.. Very nice post and good information here..Thanks for posting that.. Read
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
Hi All,
If anyone have the copy of this plugin?
We created some code on our staff intranet that 'posts' a login attempt to moodle's login process.
We modified the login/index.php and auth/ldap/auth.php scripts to check for these requests, and now have SSO from intranet to moodle. So far *touches wood/desk* it has survived upgrades from 2.1 through to 2.9.
Hi David,
Can you please help me to find, where can I get the auth plugin from. The plugin to have login via cookie.