We have moodle 1.8 running as part of a CMS system that we wrote.
For authentication on the CMS we use a cookie that stores a user_id for the cms system in it. We can derive the username and other details directly from the CMS this way.
I have written a cookie auth plugin which works for logging in but still requires going to the login form in moodle to enter the username (password is not required).
What i'm after is a way to bypass the login page by Moodle detecting the external cookie as if it was checking for its own cookie.
Is there a check_cookie function/method that moodle uses to confirm the user is logged in ? if so where is it
thanks for your help
Dave
Now users can be logged in automatically by detecting the external cookie is present. I'm not sure if it checks this on every landing page or if this is the best way - but it definitely works for the index page.
function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
$name = $this->config->cookiename;
if (isset($_COOKIE["$name"])){
$_POST["username"] = $_COOKIE["$name"];
$_POST["password"] = md5("*************");
}
}
function user_login($username, $password) {
$name = $this->config->cookiename;
if(isset($_COOKIE["$name"])){
return true; // user ok
} else {
// do something else and return false
}
}
I hope it helps!
After I have authenticated I still need to setup the account with some prepopulated values from my external db (if account doesn't exist) - I had a look at the external db plugin to see how that works - i'm just not clear on what order all the functions get called...
$name = $this->config->cookiename;.
function get_userinfo($username) {
global $CFG;
$dbauth = get_auth_plugin('db');
$dbresult = $dbauth->get_userinfo($username);
return $dbresult;
}
Hope it helps!
However what kind of system are you using to identify the users? We have an LDAP system, you use a simple external db? If you can let me know!
Thanks for you help - I have finally worked out how the auth plugin works and have worked out how to grab the user details from my external database and populate the moodle fields it works great - I have removed my changes from the core code and it still works so that is a bonus
I have just moved on to my next problem of importing courses into moodle, we use a paper code at our university eg ALED504-07C (NET) - 17 characters long - I was going to use this as the short name on the course as it is unique but moodle only allows 15 characters for this- I'm looking at removing the brackets and spaces - hopefully that works
Would you be willing to share your info on how to accomplish this, since I am interested in the same functionality?
Regards
Mariana
Hi Mariana,
sure... here's the situation we have at our university:
We have another portal which uses an encrypted cookie that stores username and time of login which is set when you login to that site. Every page on the portal uses this cookie to decide whether you can see the content.
the moodle auth cookie plugin that I put together (with a lot of help on this site uses the same check_cookie function from the portal combined with the moodle login to check the username in the cookie with moodle if the username doesn't exist a new account is created (this is optional). If the first name and last name fields (and any others you want) are available in your external system they too can be passed on directly to moodle on login - (which is what i have happening)
so your requirements for this system to work are:
1.An encrypted cookie storing user_id or username from another system that can be set when logging in.
A function to decrypt the cookie and retrieve the username or user_id
Generally for a cookie to be effective the two sites will be on the same domain eg www.cookie.com/moodle and portal cookie.com/portal
2.and the plugin I have written - I am working on creating a full plugin that incorporates the encryption/decryption of cookie function.
We are lucky in that our portal is written in php too so we have access to all the functions inside moodle just by including them.
i will attach the plugin code if you like, although the primary requirement the cookie decoder will have to be written separately (at this time)
Do you currently have another portal like site ?
cheers
Dave
Where I have to paste this code in moodle php file. login/index.php is it right?
Where I want to past this code?
function loginpage_hook() {
global $frm; // can be used to override submitted login form
global $user; // can be used to replace authenticate_user_login()
$name = $this->config->cookiename;
if (isset($_COOKIE["$name"])){
$_POST["username"] = $_COOKIE["$name"];
$_POST["password"] = md5("*************");
}
}
function user_login($username, $password) {
$name = $this->config->cookiename;
if(isset($_COOKIE["$name"])){
return true; // user ok
} else {
// do something else and return false
}
}
Rishi
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file.
please help me to solution
Thanks very much for sharing this! Your little bit of code is a lifesaver!
I'm very new to moodle and have been banging my head against the wall trying to figure out how to incorporate our custom SSO system.
Re: Single sign on with external site cookie
hi gianrico ...where can i find that loginpage_hook() function ?? please tell
Re: Single sign on with external site cookie
hi david!..please reupload your externalcookie.zip file..
Hello Martín Langhoff
I am also searching for the same thing from last three days but i din't find the solution for single - sign-on concept , from your reply again i got confidence that i will do that so ,will you please tell me the concept and which plugin i need to use for that and how ?
if you help me on it really it's very helpful for me please help as much as possible please
Thanks & regards in advance
Please note there is no authentication with this type of approach. You are entirely trusting all visitors on your site. I can set my cookie to say that my username is "admin" and your site will log me in as "admin".
http://edlinked.soe.waikato.ac.nz/files/externalcookieMoodle.zip
hope this helps anybody who wants to login from another site straight into moodle - I have also got deep linking working into courses using this method
Hello David,
Thanks for your contribution, the auth plugin helps me a lot. But I still have some questions in using this auth plugin.
I have a main system which will do the user authentication. After the user be authenticated, the main system will store the user/password information in cookie. I want to use your auth plugin to read the cookie, when user click the moodle course(s), it will make the user authentication automatically (single sign on) to moodle.
I have installed your plugin in my moodle, but it still appear the login page when user click the moodle course after he be authenticated by main system. I hope the auth plugin will read the user cookie information, and auto login to moodle accordingly.
I am new to moodle, I don't have idea how to modify your auth plugin to meet the requirement, could you give me some hints to address this?
Thank you.
I'm also very interested in obtaining the modified plugin as I have the same user needs as yours. Wondering if you have any luck so far?
Andy
see the postings further down - as I ended up writing a plugin -= needs a bit of work - which I a will include in a future version.
Thanks for the reply.
Have just given a try at the plugin.
Somehow i could not get it to work properly. Wondering if you can assist me in getting it to work?
Andy
I acheived this by importing a list of usernames and name details - then used the enrolement plugin to place them into courses.
Hope this helps... You will need to modify the "cookie reading" function to suit your own needs , but all I do is check for the cookie using my external script.
Hi David,
I am checking with your externalcookies plugin. I did all work what you have mentioned in readme file.
But I can not access it corrcectly. It shows blank error.
If I enable cookies autherntication in autentication page login url went to login/index.php only not alternate url (moodle/auth/cookies/login.php)
How can I solve the issues. and now i am using moodle only. what should I use for create cookies.
You can see my site : http://125.22.246.153/moodle2
---
http://125.22.246.153/moodle2/auth/cookie/signup.php
Thanks,
Rishi
hi david ,
the link that you mention is not working ,can you please send again your plugin file
Thank you
Does anyone have a copy of this sso plugin?
Many thanks
Andy
Hi David,
We tried many more times and days. But still we can't get good result from your plugin. It is not working.
I thing you please check with your end. Is it working or not?
We have spent lot of times for this unknown script.
I don’t like to waste someone their time for this external plugin.
What I request you to please check your coding and give here full details for how to work with your plugin.
Thanks
Rishi
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
Does anyone have the code for this plugin?
I have put together a plugin but it doesn't really work like I need it to.
Can you please attach it?
Thank you.
Hi David,
The link you mentioned here is not working.
Can you please rearrange it?
Regards..
- Sid
Totally agree with your suggestion.. Very nice post and good information here..Thanks for posting that.. Read
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
function loginpage_hook()
{
global $frm; // can be used to override submitted login form global $user; // can be used to replace authenticate_user_login()
$_POST["username"] = $_SESSION['user_login_id']; $_POST["password"] = '$_SESSION['password']';
}
so abov function loginpage_hook() in moodle/lib/authlib.php for use SSO.
I need to help how to use session/cookie in this funtion but session/cookie it is create by my another PHP application.
I can try to create session/cookie my PHP application with path but it is not available in this function/file please help me to solution
Hi All,
If anyone have the copy of this plugin?
We created some code on our staff intranet that 'posts' a login attempt to moodle's login process.
We modified the login/index.php and auth/ldap/auth.php scripts to check for these requests, and now have SSO from intranet to moodle. So far *touches wood/desk* it has survived upgrades from 2.1 through to 2.9.
Hi David,
Can you please help me to find, where can I get the auth plugin from. The plugin to have login via cookie.