Single Sign On fra kundens intranett

Fra Efaktor Wiki

Summary

Denne dokumentasjonen er skrevet på engelsk.

This page describes the Single Sign On (SSO) from a client intranet to Moodle. More details will be documented later.



Webservice based SSO

We normally configure the SSO based on SOAP webservices, but also support XML-RPC, REST and AMF. The selected webservice works as a channel between the client intranet and Moodle and all authentication follows this service.



What the client do

  • The client configures a webservice on their intranet and connect it to their user catalog (normally Active Directory (AD) or another LDAP based user management service).
  • The client add a login button somewhere on their intranett that is connected to this webservice.
  • When an user clicks on the button the following happens:
    • The webservice sends a token to Moodle and Moodle return it as a confirmation (handshake)
    • Then the webservice sends the username, firstname, lastname and email (as a minimum) to Moodle. No passwords are sent and saved in Moodle.
    • Moodle accept the user and log in the user directly
  • The client allow for login confirmation requests from Moodle when a user log in directly to Moodle.


What eFaktor do in Moodle

  • eFaktor configures a webservice according to the clients needs. Normally a SOAP or REST webservice.
  • eFaktor modifies a Moodle authentication plugin so it fits the clients needs.
  • eFaktor configures the set of rules to handle the login requests from the client.
    • If user exist and same username and email --> log in the user.
    • If user exist with same email but different username --> overwrite the username in Moodle and give a message to the user.
    • If user exist with same username but different email --> return an error message: Please contact administrator
    • If no users with same username and/or email: Create the user and log in.
  • When a two way connection and the user log in directly to Moodle:
    • Detect the user as a client account and send a request for confirmation from the client intranet
    • The client intranet webservice checks the user and confirm a valid login
    • Moodle log in the user without saving any password.