If I try and log into a remote site with MNET authentication enabled, I get the attached screen.
I have switched off authentication on the Moodle site as I really only want people authenticating (via LDAP) on my "portal" Moodle and then roaming here - am I asking it to do something it was never designed for?
Clicking the link takes me to a "MNET ID Provider" page.
What is this for? Do I need it? And can I turn it off, as it may confuse users?
Oh hang on... I see what it's doing (now I read it!). The problem is that it doesn't actually work. When you enter your email address it just sticks in a loop. You get a screen that says "You should be able to login at your provider" and a continue button. Pressing the button takes you back to the email entry screen.
You are probably getting your cookies mixed up!
Are the 2 moodles in the same domain? Are you setting different moodle cookies for both? Are you perhaps logged in already?
Are the 2 moodles in the same domain? Are you setting different moodle cookies for both? Are you perhaps logged in already?
They *are* in the same domain but they *definitely* have different cookie prefixes.
It's *possible* the user was logged in already. However, should it not fail more elegantly if that is the case?
It's *possible* the user was logged in already. However, should it not fail more elegantly if that is the case?
Yes, elegance is nice - steps to repro?
1 - go to test.moodle.org;
2 - make sure you are logged out;
3 - click on login (top-right corner) to get to the full login page;
4 - enter your moodle.org username, but not your password;
5 - click the "login" button;
6 - read error, click on the "confirm your email address here" link;
7 - put in your moodle.org email address;
8 - click the "Find login" button;
9 - get "You should be able to login at your provider." error message, but no idea of what (or where) is my "provider" or exactly where I "should" be able to login;
10 - click "Continue" button and get back to the same form.
Note that the username and email address I'm using to test are the same on both sites, so the test case could be different.
2 - make sure you are logged out;
3 - click on login (top-right corner) to get to the full login page;
4 - enter your moodle.org username, but not your password;
5 - click the "login" button;
6 - read error, click on the "confirm your email address here" link;
7 - put in your moodle.org email address;
8 - click the "Find login" button;
9 - get "You should be able to login at your provider." error message, but no idea of what (or where) is my "provider" or exactly where I "should" be able to login;
10 - click "Continue" button and get back to the same form.
Note that the username and email address I'm using to test are the same on both sites, so the test case could be different.
Quite! 
I know that this feature was vitally important when moodles were sending out emails linking logged-out users to content on the content provider. The hope being that when they arrived at the login page for which they had no valid credentials, they'd find their way to their identitiy provider (where they could log in).
Now that this common case has been fixed ,(MDL-12558) what is the use case for the "confirm your email address" feature?
The only use I can see is logged-out user hitting the content provider URL directly - are there any others?
Now that this common case has been fixed ,(MDL-12558) what is the use case for the "confirm your email address" feature?
The only use I can see is logged-out user hitting the content provider URL directly - are there any others?
To make matters worse the email address feature is "stupid". It doesn't actually check that it's even possible (or not) for you to have come from another site. If the only peers you have SSO *out* of the site you still get this message.
Bottom line for me is that anything like this related to login problems needs to be very carefully thought out as you are talking to already confused users. It's support calls on a stick
Bottom line for me is that anything like this related to login problems needs to be very carefully thought out as you are talking to already confused users. It's support calls on a stick
The most common case has been fixed (bravo!) but there are many - many! - other cases where a user follows a "deep" link to a course resource and is challenged to login.
Other parts of moodle send emails. The glossary highlighting embeds links that may point to must-be-logged-in resources.
But most importantly, other users of moodle send emails or embed links in emails or messages (IM?) that don't go via moodle.
So a mechanism to say "yes, you are allowed to use this moodle but you cannot login here, your IDP is over _there_" is important.
Yes, it is confusing. We can clarify the UI a bit, but beyond that, I'm not sure how we can make it better without getting into a whole lot of trouble.
Other parts of moodle send emails. The glossary highlighting embeds links that may point to must-be-logged-in resources.
But most importantly, other users of moodle send emails or embed links in emails or messages (IM?) that don't go via moodle.
So a mechanism to say "yes, you are allowed to use this moodle but you cannot login here, your IDP is over _there_" is important.
Yes, it is confusing. We can clarify the UI a bit, but beyond that, I'm not sure how we can make it better without getting into a whole lot of trouble.
Hi can anyone tell me what mnet is please
i have been asked to look into this but not sure what it is and does - would appreciate any help
regards
Nicola Burton
It's the mechanism in Moodle for connecting to other Moodle (or Mahara) sites. It's short for "Moodle Network". For lots more info see...
http://docs.moodle.org/en/Moodle_Network
http://docs.moodle.org/en/Moodle_Network