Single Sign On fra kundens intranett
Denne dokumentasjonen er skrevet på engelsk.
This page describes the Single Sign On (SSO) from a client intranet to Moodle. More details will be documented later.
Webservice based SSO
We normally configure the SSO based on SOAP webservices, but also support XML-RPC, REST and AMF. The selected webservice works as a channel between the client intranet and Moodle and all authentication follows this service.
What the client do
- The client configures a webservice on their intranet and connect it to their user catalog (normally Active Directory (AD) or another LDAP based user management service).
- The client add a login button somewhere on their intranett that is connected to this webservice.
- When an user clicks on the button the following happens:
- The webservice sends a token to Moodle and Moodle return it as a confirmation (handshake)
- Then the webservice sends the username, firstname, lastname and email (as a minimum) to Moodle. No passwords are sent and saved in Moodle.
- Moodle accept the user and log in the user directly
- The client allow for login confirmation requests from Moodle when a user log in directly to Moodle.
What eFaktor do in Moodle
- eFaktor configures a webservice according to the clients needs. Normally a SOAP or REST webservice.
- eFaktor modifies a Moodle authentication plugin so it fits the clients needs.
- eFaktor configures the set of rules to handle the login requests from the client.
- If user exist and same username and email --> log in the user.
- If user exist with same email but different username --> overwrite the username in Moodle and give a message to the user.
- If user exist with same username but different email --> return an error message: Please contact administrator
- If no users with same username and/or email: Create the user and log in.
- When a two way connection and the user log in directly to Moodle:
- Detect the user as a client account and send a request for confirmation from the client intranet
- The client intranet webservice checks the user and confirm a valid login
- Moodle log in the user without saving any password.