No description
Find a file
2017-03-31 11:55:52 +01:00
classes Get rid of unused global valiables 2016-08-27 16:06:35 +10:00
db Fix #2 remove default archetypes and update documentation 2016-08-27 15:00:07 +10:00
lang/en Add user provisioning. 2017-03-31 11:55:52 +01:00
tests Add user provisioning. 2017-03-31 11:55:52 +01:00
.travis.yml Exclude unwanted ci checks 2016-08-18 23:48:36 +10:00
auth.php Add user provisioning. 2017-03-31 11:55:52 +01:00
externallib.php Move error text to a string file 2016-08-18 21:49:27 +10:00
login.php Use redirect function in user_login_userkey 2016-09-26 12:06:59 +10:00
README.md Add user provisioning. 2017-03-31 11:55:52 +01:00
settings.html Add user provisioning. 2017-03-31 11:55:52 +01:00
version.php Add user provisioning. 2017-03-31 11:55:52 +01:00

Log in to Moodle using one time user key.

Auth plugin for organising simple one way SSO(single sign on) between moodle and your external web application. The main idea is to make a web call to moodle and provide one of the possible matching fields to find required user and generate one time login URL. A user can be redirected to this URL to be log in to Moodle without typing username and password.

Using

  1. Install the plugin as usual.
  2. Enable and configure just installed plugin. Set required Mapping field, User key life time, IP restriction and Logout redirect URL.
  3. Enable web service advance feature (Admin > Advanced features), more info http://docs.moodle.org/en/Web_services
  4. Enable one of the supported protocols (Admin > Plugins > Web services > Manage protocols)
  5. Create a token for a specific user and for the service 'User key authentication web service' (Admin > Plugins > Web services > Manage tokens)
  6. Make sure that the "web service" user has 'auth/userkey:generatekey' capability.
  7. Configure your external application to make a web call to get login URL.
  8. Redirect your users to this URL to be logged in to Moodle.

Configuration

Mapping field

Required data structure for web call is related to mapping field you configured.

For example XML-RPC (PHP structure) description for different mapping field settings:

User name

[user] =>
    Array
        (
        [username] => string
        )

Email Address

[user] =>
    Array
        (
        [email] => string
        )

ID number

[user] =>
    Array
        (
        [idnumber] => string
        )

Web service will return following structure or standard Moodle webservice error message.

Array
    (
    [loginurl] => string
    )

Please navigate to API documentation to get full description for "auth_userkey_request_login_url" function. e.g. http://yourmoodle.com/admin/webservice/documentation.php

You can amend login URL by "wantsurl" parameter to redirect user after they logged in to Moodle.

E.g. http://yourmoodle.com/auth/userkey/login.php?key=uniquekey&wantsurl=http://yourmoodle.com/course/view.php?id=3

Wantsurl maybe internal and external.

User key life time

This setting describes for how long a user key will be valid. If you try to use expired key then you will get an error.

IP restriction

If this setting is set to yes, then your web application has to provie user's ip address to generate a user key. Then the user should have provided ip when using this key. If ip address is different a user will get an error.

Logout redirect URL

You can set URL to redirect users after they logged out from Moodle. For example you can redirect them to logout script of your web application to log users out from it as well. This setting is optional.

URL of SSO host

You can set URL to redirect users before they see Moodle login page. For example you can redirect them to your web application to login page. You can use "enrolkey_skipsso" URL parameter to bypass this option. E.g. http://yourmoodle.com/login/index.php?enrolkey_skipsso=1

TODO:

  1. Implement logout webservice to be able to call it from external application.
  2. Add a test client code to README.