Single sign-on to Moodle with external sign-in form
I am developing a moodle site where I have to use an external service to authenticate users. This SSO service should be the only form of authentication.
The external service provider requires me to use my login form on my server, so I need to disable the moodle login form.
I've looked at various authentication plugins, but none of them seem to do what I need.
So far I think this is what I will be doing:
- Modify your login / index.php file so that it does nothing but redirects the user to an external login form.
- The SSO service will return to a new page on my Moodle server that confirms the credentials.
- All relevant user data is collected from the SOAP web service connected to the single sign-on service.
- If the (unique) username provided by the SSO service exists in the mdl_users table, the row is updated with the appropriate user data.
- If the username does not exist, a new user is generated automatically. The user is then logged into the Moodle site and directed to their first page.
This is my first experience with Moodle, so I have a few questions:
- How can I create a new user automatically? Is it enough to just add a new entry to mdl_users?
- How do I sign a user?
- Can I do this kind of functionality as an authentication plugin or do I need to do a hack in the login / index.php file?
- How can I disable unnecessary parts of the Moodle user control (i.e. password reset, user info fields that are collected from SOAP service, etc.)?
I really hope you can help me :)
source to share
- Call create_user_record () (line 4008 from lib / moodlelib.php in the master branch). This does insert into mdl_user, but it also does a lot of checks and calls other functions to take care of dependencies, event triggers, etc. This function is called automatically via authenticate_user_login () (see below) if the authenticated user does not already exist.
- This includes a call to authenticate_user_login () (line 4378 from lib / moodlelib.php) followed by complete_user_login () (line 4577 from lib / moodlelib.php).
- This can be achieved by creating an authentication plugin and you should be able to find everything you need to know at https://docs.moodle.org/dev/Authentication_plugins , including links to sample code and a suggested template.
- You can lock user profile fields through your auth plugin and you can actually set the user / external password page to reset through the admin interface at /admin/settings.php?section=manageauths.
Hope it helps.
source to share