Authentication: SAML2 SSO Auth

Maintained by Picture of Daniel MirandaDaniel Miranda, Picture of AulaWeb Università di GenovaAulaWeb Università di Genova
Authentication using exists SimpleSAMLphp Service Provider
116 sites
10 fans
Current versions available: 4

SAML2 SSO Authentication using exists SimpleSAMLphp Service Provider

You'll need the following pre-requirement:

  • A working SimpleSAMLphp Service Provider (SP) installation ( working means that the metadata from SP must be registered in Identity Provider (IdP). Can be found in /config/authsources.php
  • The absolute path for the SimpleSAMLphp installation on server
  • The authsource name from SP in which your users will authenticate against

There are a couple of related SAML plugins for Moodle. Below are the main diferences between this plugin, named as saml2sso, and the others. 

The key for this plugin is that you can use your exists Service Provider (SP) without need to exchange the metadata with the Identity Provider (IdP) for every new Moodle instances. (for instances in the same host name)

The following options can be set in config:

  • SimpleSAMLphp installation path
  • Dual login (Yes/No) - Can login with manual accounts like admin
  • Single Sign Off (Yes/No) - Should we sign off users from Moodle and IdP?
  • Username mapping - Which attribute from IdP should be used for username
  • Username checking - Where to check if the username exists
  • Auto create users - (Allow create new users)
  • SP source name (generally default-sp in SimpleSAMLphp)
  • Logout URL to redirect users after logout
  • Allow users to edit or not the profile
  • Ability to break the full name from IdP into firstname and lastname

To bypass the authentication and login directly in Moodle (ex.: using admin account), add the saml=off parameter in the URL (ex.: https://my.moodle/login/index.php?saml=off)


Screenshot #0
Screenshot #1


Picture of Daniel Miranda
Daniel Miranda (Lead maintainer)
Picture of AulaWeb Università di Genova
AulaWeb Università di Genova
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Alain Raap
    Mon, Jan 7, 2019, 6:14 PM
    I used to version of may 2018, I see there's a new version, so I'll download the new version here
  • Picture of Alain Raap
    Mon, Jan 7, 2019, 8:27 PM
    I installed the latest version, but this broke my working SSO environment. What has changed in this latest version?
  • Picture of AulaWeb Università di Genova
    Tue, Jan 8, 2019, 2:45 AM
    Hi Alain,
    I need some clue... error messages, screenshoots, ecc... Could you move to GitHub and opening a a issue? It is easier to track than this forum.
  • Picture of Alain Raap
    Wed, Jan 9, 2019, 10:05 PM
    I sent you a PM about the issue
  • Picture of karthik Soundararajan
    Fri, Feb 22, 2019, 4:03 PM
    Plugin install was successful. However when I navigate to plugin overview to verify the plugin, then it displays a message "missing from disk" and settings link is invisible.

    Moodle ver. 3.6
    plugin version - 2018121500
    plugin release = '3.5.3'
  • Picture of AulaWeb Università di Genova
    Mon, Apr 1, 2019, 7:37 PM
    Hi Karthik,
    have you unzip the plugin files into the <$moodle_home>/auth/saml2sso/ folder?

    If you unzip as-is the file you downloaded from Github, it will create a directory named
    resulting the error you reported.
    You have to rename it saml2sso.
  • Picture of Anthony Radziszewski
    Sat, Aug 17, 2019, 2:02 AM
    Hi there,

    It looks like the saml login button is now added to the Moodle login/index.php page. Do you have a saml icon for that button? The current one looks like a narrow Microsoft image on that page.
  • Picture of AulaWeb Università di Genova
    Sun, Sep 1, 2019, 4:31 PM
    Thank you for the report Anthony.
    I changed the default icon with a neutral one. However, you can use any pics setting its url in the control panel of the plugin.
  • Picture of Alain Raap
    Fri, Oct 18, 2019, 5:08 PM
    What is the best way to migrate users from another auth plugin (f.e. manual) to the saml2sso auth plugin? What must be changed in the Moodle database?
    When I install the latest version of your plugin and I go to my Moodle site, the wrong login page is showed (not the login of my IDP). When I end my url with
    ?saml=on it shows my IDP login. What is the right way to configure this?
  • Picture of AulaWeb Università di Genova
    Thu, Oct 24, 2019, 2:21 AM
    Hi Alain,
    I'm sorry for the delay; I suggest to all visitors to open an issue on GitHub page, which produce a warning for the developers. This forum has not this feature.

    This plugin cannot migrate users from internal sources by design. In fact, there is no guarantee that an account with an internal username is the same identity on the IdP which has the same username. Sorry, you have to check one-by-one and switch them from the user profile pages.
    Or, if your are confident, open the locallib.php file and set to false the plugin name around line 20 in order to fool the plugin import function smile

    About the second issue, I don't understand: which page is the "the wrong login page"? The Moodle default?
  • Picture of Alain Raap
    Wed, Nov 13, 2019, 10:57 PM
    Sorry for my late reply. I already solved my migration question and the issue with the login page is clear, with saml=on I go to the IDP with saml = off I go to the Moodle login page
  • Picture of Alain Raap
    Thu, Nov 14, 2019, 5:26 PM
    Is it possible to configure / use more than one authentication source in the SAML2SSO plugin settings?
  • Picture of Daniel Miranda
    Thu, Nov 14, 2019, 8:09 PM
    Hi Alain, I think you are asking about multiauth in SimpleSAMLphp.
    It is possible to use multiauth module in SimpleSAMLphp to achieve this.
    So you need to configure this in SimpleSAMLphp not in SAML2SSO.
    Is that correct?
  • Picture of Alain Raap
    Fri, Nov 15, 2019, 3:56 PM
    Hi Daniel,
    I already found the multiauth configuration option in SimpleSAMLphp, I understand that it's only possible to configure one
    authentication source in the plugin, but also in Moodle. There's only one attribute in the mdl_user table (auth attribute) which
    declares the authentication for the user on your Moodle site. I'll take a look at the multiauth configuration, thanks.
  • Picture of Daniel Miranda
    Fri, Nov 15, 2019, 8:49 PM
    What are your thoughts about multiauth Alain?
    I can say that it is possible to use multiauth, for example, using a SQL database and a LDAP at the sametime (this is my scenario) or you can have more then one Identity Provider, for example a external IdP (this is my scenario too).

    So, I have my users doing authentication against my own IdP and a external IdP. When the user choose my IdP it is possible to authenticate against a SQL database and/or a LDAP server.

    I have made a simplesSAMLphp module that try to authtenticate a user, first in SQL database and if it fails then try again in LDAP. You can see this module in my github (
1 2 3 4 5
Please login to post comments