Home » Blogs » Jonathan's blog

Authenticating with Moodle and single sign on

One of Moodle's great strengths is its ability to allow users to login or authenticate against another system containing user accounts, e.g. FirstClass.

What's really nice, is that it isn't discriminatory with the mechanisms by which authentication can take place. For example, Moodle supports, LDAP, FirstClass, POP3, IMAP, NNTP, a range of databases and a few other protocols which I'm not familiar with. This is really quite sexy and the first open source project which I've seen that has attempted to create this notion called 'single sign on' - the ability to have one source of user account information and have multiple systems each querying the same data.

Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure and is therefore highly desirable but difficult to implement.    The OPEN Group
This is essential in an era where many of us belong to one or more online tools or communities, whether that be Amazon, iTunes music store, FirstClass, blogs, wikis, Ebay.

What is needed is an identity server, a server which manages user accounts and user information. Online systems then need to interface with this server through an appropriate technology (protocols) to query and update the data held there.

Moodle has only gone part the way down this road and is far from a full implementation of 'single sign on'. For example, Moodle doesn't allow you to modify the user's login details, such as the password, on the server hosting user information. Another example is that the user still has to log in to a variety of systems even if it queries one users database. When I can login to Ebay and then be automatically logged into my blog software without entering login details again and able to change my password from within any system, that's when I know we've mastered 'single sign on'. Didn't Microsoft attempt to do this once using .NET? Does this work? Has anyone played with .NET?

For now, I've managed to enable Moodle users to login using their FirstClass username and password. Handy.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Ian Terrell

This looks like a good development. I'd like tyo talk to you about it. Any chance of using University ID's? I doubt it surely?

  • By visitor at 7 May 2005 - 10:00am
  • reply

Fred

I'm wondering if you would mind sharing the settings you used to get FirstClass to authenicate Moodle users. I've been playing around with this a bit and haven't had success.

Thanks

Fred

  • By visitor at 4 Aug 2005 - 3:16pm
  • reply

Jonathan

Hello Fred, I'd be happy to help you share the settings for authenticating Moodle users against FirstClass. What version of Moodle are you running? We have been developing using Moodle 1.5 and comes with LDAP integration with FirstClass, built in. Navigate to the /auth directory at the top level. Inside you will find a directory /fc. In here you will find all the connection settings that you will need to configure for your particular setup.

/auth/fc

You will need to enable Flexible Provisioning Protocol (FPP) on the FirstClass server and create a new account with subadministrator preferences. See the Readme.txt file, below, for more.

Moodle - FirstClass authentication module
-----------------------------------------
This module uses the FirstClass Flexible Provisining Protocol (FPP) to communicate between the FirstClass server
and the Moodle host. 

Installation
------------

1. Enable FPP on the FirstClass server
FPP is not doumented in the FirstClass documentation and is not enable by default.
To enable the protocol you need to edit the file \FCPO\Server\Netinfo. Open the file and insert the
following lines.  

// TCP port for Flexible Provisioning Protocol (FPP).
TCPFPPPORT = 3333


2. Create an account on the FirstClass server with privilege "Subadministrator".
Using the FPP protocoll this module logs in to the FirstClass server and issuess batch admin commands.
Batch admin command can only be issued in the context of a user with subadministrative privileges.

Default account name is "fcMoodle".


3. Check that the FPP protocoll is working by running a Telnet session. If everyting is working you
should get a "+0" answer from the server. 

> telnet yourhost.domain.com 3333
+0

Check that the "fcMoodle" is working by entering the following sequens of commands:

> telnet yourhost.domain.com 3333
+0
fcMoodle
+0

the_password_you_gave_fcmoodle
+0

Get user some_user_id 1201

1201 0 some_user_id
+0



4. On the Moodle host go to the directory where you have installed Moodle.
Open the folder "auth", where all other authentication modules are installed,
 and create a new directory with the name "fc". 

Copy the files "config.html", "fcFPP.php" and "lib.php" to the "auth" directory.

Now you need to add som strings to the language file. This distribution contains
string for the English (en) and Swedish (sv) translation.

Open the file "auth.php" in the folder "lang/sv" and paste the text from the file
"auth.php - sv.txt" at the end of the file above the line "?>"

Open the file "auth.php" in the folder "lang/en" and paste the text from the file
"auth.php - en.txt" at the end of the file above the line "?>"
  • By Jonathan at 7 Aug 2005 - 10:14am
  • reply

Jody

Hi Jonathan,
We are running a Moodle Server on our school network. We would like to authenticate our users via LDAP with thier logon's in Active Directory. As I have just started here and have had only moderate experience with Linux, can you please explain to me in laymans terms how to go about configuring LDAP through the moodle server??

  • By visitor at 11 Nov 2005 - 5:56am
  • reply

Alan

Hi Jody.

I have the same setup and was wondering if you managed to do this successfully. If so, would you mind sharing the how's please ?

Thanks
ALan

  • By visitor at 18 Aug 2006 - 2:10am
  • reply

tb

in the configuration screen for authentication, http://yourmoodleserver/admin/auth.php?

§1) Select LDAP, enter the URL for your LDAP-server ldap://yourLDAPserver and correct version (3)

§2) I have prevent bind.

§3) cn=users,dc=yourhost,dc=com (my usertype is POSIX)

Hope that's enough to get you going...

  • By visitor at 6 Feb 2007 - 12:53am
  • reply

Jonathan

Hi TB

Just wanted to thank you for your contribution and for solving the issue that some of the Moodle users have experienced.

  • By Jonathan at 7 Feb 2007 - 12:46am
  • reply

sonique mp3

HI! I would like to say that you have a very cool site with lots of inetresting information. I had fun being here. I also know one cool music site http://www.mp3city.com.ua/ with great music. Check it out!

  • By visitor at 27 Dec 2006 - 12:43pm
  • reply

Barbara Napholtz

Hi -- Do you know if we can enable FPP on a FirstClass server on an X-Serve running OSX 10.4.10? I'm asing because "\FCPO\Server\Netinfo" looks like a Windows path and I don't have any of those path components on my machine.

Any insight you could give would be great.

Thanks.

Barbara Napholtz
Web Developer
Morristown-Beard School

  • By visitor at 25 Sep 2007 - 12:59pm
  • reply

Jonathan

Hello Barbara,

Enabling FPP was done on a FirstClass server running on Mac OS X 10.4

However, it was ages ago that I did this, so hard to remember. The "\FCPO\Server\Netinfo" directory is within the Post Office directory of your FC installation. Have a look in there and see what you can find.

regards

Jonathan

  • By Jonathan at 25 Sep 2007 - 1:16pm
  • reply

Barbara Napholtz

Thanks for the speedy reply, Jonathan. I've found server/netinfo in our backup postoffice ... I'll keep digging for other options. Unless my boss scraps the project on me, I'll be happy to provide this forum with documentation of the steps involved once I get the access working. We're running FirstClass Server 9 on Tiger.

Barbara Napholtz
Web Developer
Morristown-Beard School

  • By visitor at 25 Sep 2007 - 2:05pm
  • reply

Barbara Napholtz

Jonathan -- Once more -- thanks.

We're running OS X Server 10.4.10 and FirstClass Server 9.0.

The netinfo file was found at:
/Library/FirstClass\ Server/Volumes/Master/fcns/server/netinfo

Had I realized that our locate database doesn't contain entries for this path [ another headache for another day ... ], I wouldn't have had to have posted a question to this blog in the first place ...

Thanks for being there!

Barbara Napholtz
Web Developer
Morristown-Beard School

  • By visitor at 25 Sep 2007 - 6:59pm
  • reply

Jonathan

Hi Barbara,

You are very welcome... and glad I was able to help - though you have stirred the dim and distant memory bank in saying that the directory is actually deep-rooted within the Library folder.

After you posted, I took a look at your school's website and was impressed with the level of technology you have already embedded into the site. As someone who manages the Stepping Stones School website here in the UK, I was interested to have a trawl around, particularly as I am currently involved in the re-vamp of our site.

Good to hear from you,

with best wishes

Jonathan

  • By Jonathan at 25 Sep 2007 - 9:00pm
  • reply

Prabowo

Hi Jonathan
I'm currently trying authenticating my moodle (1.9) against LDAP (Ms. Windows 2003), i don't get any error but i always get "Invalid login, please try again" every time i tried login.
this is my configuration :

LDAP server settings
--------------------
Host URL : ldap://10.100.70.5
Version : 3 (since i using win2k3 serv)
LDAP encoding : utf-8

Bind settings
-------------
Hide passwords : No
Distinguished Name : CN=moodle,OU=ProgrammerOU,DC=xxx
Password : ***

User lookup settings
--------------------
User type : MS Active Dir
Contexts : ou=ProgrammerOU
Search subcontexts : Yes
Dereference aliases Choose... : No
User attribute : cn
Member attribute: [empty]
Member attribute uses dn : 0
Member attribute uses dn : [empty]

....

Course creator
--------------
Creators : OU=ProgrammerOU,DC=xxx

thanx before

  • By visitor at 18 Apr 2008 - 2:40am
  • reply

Tom Heath

We are running FirstClass 9.1 on OS X 10.4, and I found the server/netinfo folder, but there is no netinfo file. There is a directory called ports that looks like it might be related, but I can't find any reference to it anywhere. Any ideas?

  • By visitor at 29 May 2008 - 12:12pm
  • reply

Jeff Patterson

What about authenticating the other way. ie students log into a system such as FirstClass and then click a button that takes them to their moodle account.

Does Moodle have any provision for logging in this way? I assume there is a post URL with parameters tat would work, but this is clunky.

jeffpatterson@gaggle.net

  • By visitor at 7 Jun 2008 - 7:01am
  • reply

Post new comment

5
v
v
b
Enter the code without spaces and pay attention to upper/lower case.