Moodle integration
pxh
As we have clients wanting SAML based authentication for Moodle, I've
been looking at SimpleSAMLPHP and the feide auth plugin -
http://code.google.com/p/simplesamlphp-moodle/ - which is great
(thanks to all involved).
I've made a number of changes to make it a bit more configurable, and
to interleave the standard Moodle session logic a bit more, and would
like to offer these changes up to anyone interested. Also, as I have
commiter access on the Moodle project, I would also like to propose
the feide auth module as an addition to the Moodle contrib area - if
that is OK with the authors (hopefully they are listening here)?
Cheers,
Piers Harding.
smartin
For example I added support to receive 'courses ids' from
simplesamlphp and enrol student/teacher with their specific
permission.
(enrollment / unenrollment based on multivalued attributes)
Also added a parameter for storing the url SP to let that SP and
Moodle operate in differents protocols/domains/ports.
I'd be glad to collaborate with you to integrate these changes in your
plugin before release.
On Jul 29, 1:36 am, pxh <piers.hard...@gmail.com> wrote:
> Hi -
>
> As we have clients wanting SAML based authentication for Moodle, I've
Anders Lund
[...]
> I've made a number of changes to make it a bit more configurable, and
> to interleave the standard Moodle session logic a bit more, and would
> like to offer these changes up to anyone interested. Also, as I have
> commiter access on the Moodle project, I would also like to propose
> the feide auth module as an addition to the Moodle contrib area - if
> that is OK with the authors (hopefully they are listening here)?
Hi Piers,
the ones here at UNINETT that has most insight into this work is at
vacation this week. I think they're back next week, and I'll talk to
them about this then. My guess is that they'll be happy about your
proposal to add this to the Moodle contrib area.
- Anders
--
Anders Lund <ander...@uninett.no> .~.
UNINETT, N-7465 Trondheim, Norway / V \
Phone: +47 73 55 79 08 | Mob: +47 93 03 41 26 /( )\
^ ^
pxh
This would be great - I think it would be good to wait until Anders
gets back to us.
Cheers,
Piers Harding.
On Jul 29, 10:58 pm, smartin <pitb...@gmail.com> wrote:
> Hi, I'm also using the feide auth module and made some changes.
>
> For example I added support to receive 'courses ids' from
> simplesamlphp and enrol student/teacher with their specific
> permission.
> (enrollment / unenrollment based on multivalued attributes)
> Also added a parameter for storing the url SP to let that SP and
> Moodle operate in differents protocols/domains/ports.
>
> I'd be glad to collaborate with you to integrate these changes in your
> plugin before release.
>
> On Jul 29, 1:36 am, pxh <piers.hard...@gmail.com> wrote:
>
> > Hi -
>
> > As we have clients wanting SAML based authentication for Moodle, I've
pxh
thanks for looking into this - I'll wait till next week to here back
from you. This is work I've
been doing on behalf of the New Zealand Ministry of Education, and we
have also done the integration for
Mahara (e-Portfolio), and will be doing the same for Koha (library
management system).
Cheers,
Piers Harding.
On Jul 29, 11:31 pm, Anders Lund <anders.l...@uninett.no> wrote:
> On Tue, 2009-07-28 at 16:36 -0700, pxh wrote:
>
> [...]
>
> > I've made a number of changes to make it a bit more configurable, and
> > to interleave the standard Moodle session logic a bit more, and would
> > like to offer these changes up to anyone interested. Also, as I have
> > commiter access on the Moodle project, I would also like to propose
> > the feide auth module as an addition to the Moodle contrib area - if
> > that is OK with the authors (hopefully they are listening here)?
>
> Hi Piers,
>
> the ones here at UNINETT that has most insight into this work is at
> vacation this week. I think they're back next week, and I'll talk to
> them about this then. My guess is that they'll be happy about your
> proposal to add this to the Moodle contrib area.
>
> - Anders
>
> --
Peter Schober
> thanks for looking into this - I'll wait till next week to here back
> from you. This is work I've
> been doing on behalf of the New Zealand Ministry of Education, and we
> have also done the integration for
> Mahara (e-Portfolio), and will be doing the same for Koha (library
> management system).
Would you care to share any pointers for your Mahara work?
-peter
pxh
so I'll get back to you when that's been sorted out.
In the mean time I've uploaded the code here (sorry - no instructions
done yet) http://www.piersharding.com/download/mahara-feide.tar.gz .
Cheers.
On Jul 30, 10:06 am, Peter Schober <sp+lists.simples...@univie.ac.at>
wrote:
> * pxh <piers.hard...@gmail.com> [2009-07-29 20:45]:
Peter Schober
> Hi - I'm in the process of getting it put up on the Mahara git site,
> so I'll get back to you when that's been sorted out.
Thanks. I'm only starting to set up Mahara, but good to know such a
thing has already been created.
> In the mean time I've uploaded the code here (sorry - no instructions
> done yet) http://www.piersharding.com/download/mahara-feide.tar.gz .
Any reason it's called auth/feide though instead of, say,
auth/saml or auth/simplesamlphp? e.g. @subpackage auth-feide, class
AuthFeide, class PluginAuthFeide, etc.
$ fgrep -i feide -r . | wc -l
51
Feide is the Norwegian national identity management infrastructure, so
I'm not sure this is appropriate (just my 2「).
-peter
pxh
homage to the original auth/feide for Moodle - after all, it is where
I cut my teeth on SimpleSAMLPHP, and SAML2 integration.
It can be changed, but I would only do that if the original author
(Erlend Strømsvik) for the Moodle version wanted to change like wise,
as I would want to keep them in sync (Moodle, and Mahara are
inherently connected after all).
Cheers.
On Jul 30, 1:51 pm, Peter Schober <sp+lists.simples...@univie.ac.at>
wrote:
> * pxh <piers.hard...@gmail.com> [2009-07-30 01:32]:
Anders Lund
> Ah - glad you asked. the reason I called it auth/feide was to pay
> homage to the original auth/feide for Moodle - after all, it is where
> I cut my teeth on SimpleSAMLPHP, and SAML2 integration.
> It can be changed, but I would only do that if the original author
> (Erlend Strømsvik) for the Moodle version wanted to change like wise,
> as I would want to keep them in sync (Moodle, and Mahara are
> inherently connected after all).
I don't think you have to talk to Erlend to change from Feide to a more
generic term (saml, simplesaml, etc.). Perhaps just mention somewhere in
a README or similar that this is based on work done originally by
Erlend?
Adding Erlend to Cc in case he has some remarks.
- Anders
> On Jul 30, 1:51 pm, Peter Schober <sp+lists.simples...@univie.ac.at>
> wrote:
> > * pxh <piers.hard...@gmail.com> [2009-07-30 01:32]:
> >
> > > Hi - I'm in the process of getting it put up on the Mahara git site,
> > > so I'll get back to you when that's been sorted out.
> >
> > Thanks. I'm only starting to set up Mahara, but good to know such a
> > thing has already been created.
> >
> > > In the mean time I've uploaded the code here (sorry - no instructions
> > > done yet)http://www.piersharding.com/download/mahara-feide.tar.gz.
> >
> > Any reason it's called auth/feide though instead of, say,
> > auth/saml or auth/simplesamlphp? e.g. @subpackage auth-feide, class
> > AuthFeide, class PluginAuthFeide, etc.
> > $ fgrep -i feide -r . | wc -l
> > 51
> >
> > Feide is the Norwegian national identity management infrastructure, so
> > I'm not sure this is appropriate (just my 2¢).
> > -peter
--
Anders Lund <ander...@uninett.no> .~.
Snorre Løvås
> I don't think you have to talk to Erlend to change from Feide to a more
> generic term (saml, simplesaml, etc.). Perhaps just mention somewhere in
> a README or similar that this is based on work done originally by
> Erlend?
I guess I'm kind of the "owner" of this work since it was made in
connection with a project we, UNINETT ABC, had with some
municipalities a while back...
I was going to wait until I was back at work before writing a answer
to this thread, but here goes the short answer:
* We will be more than happy to add any enhancements to the source as
long as it doesn't break anything and isn't just "ugly hacks"
* The module should be made less Feide specific. Less tied to Feide,
more tied to SimpleSAMLphp.
* Attributions are encouraged :)
Snorre
UNINETT ABC
Ny Media
> Adding Erlend to Cc in case he has some remarks.
-Erlend Strømsvik
pxh
So if everyone is happy with it, then I'll rename what I've done to
auth/saml (I'll need to check this with the Moodle dev team too), and
propose it for Moodle contrib.
I'll also, align the Mahara auth module with this.
I'll feedback here when I have some progress.
Cheers,
Piers Harding.
On Jul 30, 7:51 pm, Snorre Løvås <snorre.lo...@gmail.com> wrote:
pxh
pxh
I've registered the auth plugin with the Moodle project - it's entry
can be found here http://moodle.org/mod/data/view.php?d=13&rid=2574
(will not be visible until entry is approved), start of documentation
here http://docs.moodle.org/en/AUTHSAML_authentication_plugin, and
code is http://cvs.moodle.org/contrib/plugins/auth/saml/.
Cheers.
Snorre Løvås
> I've registered the auth plugin with the Moodle project - it's entry
> can be found here http://moodle.org/mod/data/view.php?d=13&rid=2574
Great.
I suggest we retire "our" project on googlecode in the current state
and future development is done on this module instead. That way we can
maintain the code one place and as a part of the Moodle community.
I just had a look at the code (first time I've looked at it
personally) and have a question:
Can Moodle handle arbitrary identifiers as a mapping to the user's
local account? The module uses e-mail as an identifier, which may be
far from unique depending on the policies and quality of the
information in the IdP(s).
If possible it would be nice to be able to select which SAML-attribute
should be used as the identifier as we have implemented in the
Drupal-module. For Feide it would be eduPersonPrincipalName, or even
better a targeted identifier for a specific SP-instance, but another
federation might have other unique attributes they wish to use.
Regards,
Snorre
CTO, UNINETT ABC
pxh
On Aug 4, 5:34 am, Snorre Løvås <snorre.lo...@gmail.com> wrote:
> > I've registered the auth plugin with the Moodle project - it's entry
> Great.
>
> I suggest we retire "our" project on googlecode in the current state
> and future development is done on this module instead. That way we can
> maintain the code one place and as a part of the Moodle community.
core contributors of Moodle also have access, and anyone who shows the
right willing, and proves themselves (usually through building up
credibility with patch submission) can get access.
>
> I just had a look at the code (first time I've looked at it
> personally) and have a question:
> Can Moodle handle arbitrary identifiers as a mapping to the user's
> local account? The module uses e-mail as an identifier, which may be
> far from unique depending on the policies and quality of the
> information in the IdP(s).
>
before I got the code put up on Moodle/contrib.
(see http://cvs.moodle.org/contrib/plugins/auth/saml/config.html?view=markup
and search for $config->username).
Hopefully this achieves what you need.
Cheers,
Piers Harding.
Peter Schober
> Can Moodle handle arbitrary identifiers as a mapping to the user's
> local account? The module uses e-mail as an identifier, which may be
> far from unique depending on the policies and quality of the
> information in the IdP(s).
>
> If possible it would be nice to be able to select which SAML-attribute
> should be used as the identifier as we have implemented in the
> Drupal-module. For Feide it would be eduPersonPrincipalName, or even
> better a targeted identifier for a specific SP-instance, but another
> federation might have other unique attributes they wish to use.
You might be able to reuse some code Lukas Haemmerle from SWITCH has
written for the Moodle-Shibboleth integration. It comes with an admin
GUI to configure attribute mappings from SAML to Moodle.
Shouldn't matter where the plugin got the SAML attributes from
(webserver environment or PHP/sSp session).
-peter