Moodle

Ability to choose from multiple authentication sources of same type

Details

  • Type: New Feature New Feature
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.6, 1.7, 1.8
  • Fix Version/s: DEV backlog
  • Component/s: Authentication
  • Labels:
  • Affected Branches:
    MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE

Description

It would be great if Moodle natively supported the ability to define multple authentication servers of the same type. At the moment (in 1.8) you can define, for example, an LDAP server and a POP3 server, in addition to the native internal auth. However you can not specify two LDAP servers or two POP3 servers.

It would be great if multiple authentication plugins of the same type could be specified and (most importantly for us) when a user logs in, they can choose which authentication method to use.

This would help us enormously as we have two AD servers (on completely different forests) with overlapping usernames. We would need some way for users to choose which server to authenticate against, otherwise they could be authenticating against the wrong server.

(BTW, this two forest setup isn't that uncommon in UK FE colleges as its usage is demanded by a lot of "security-minded" auditors...)

We have had to seriously hack our Moodle installation to achieve the above - before anyone asks, it's really specific to our institution's setup and everything is hard-coded - we'd really like it to work natively so that we can upgrade Moodle without having to recode the authentication routines every time.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Martin Dougiamas added a comment -

This sounds like a really good idea.

Show
Martin Dougiamas added a comment - This sounds like a really good idea.
Hide
Permalink
Martín Langhoff added a comment -

We can resolve this with either multi-instance plugins, or teaching some plugins to talk to multiple backends. For many plugins, multi-instance just does not make sense.

Show
Martín Langhoff added a comment - We can resolve this with either multi-instance plugins, or teaching some plugins to talk to multiple backends. For many plugins, multi-instance just does not make sense.
Hide
Permalink
Gary Blok added a comment -

I would also like to authenticate on 2 forests. I have a Staff forest and a Student forest I need to connect to, but currently am not sure how to do that.

Show
Gary Blok added a comment - I would also like to authenticate on 2 forests. I have a Staff forest and a Student forest I need to connect to, but currently am not sure how to do that.
Hide
Permalink
Craig Redl added a comment -

We run two forests at our University as well, one for Students and one for Staff/Faculty. I'm curious if I should spend a week hacking the core, or just wait for this to be added. Do we have an ETA?

Show
Craig Redl added a comment - We run two forests at our University as well, one for Students and one for Staff/Faculty. I'm curious if I should spend a week hacking the core, or just wait for this to be added. Do we have an ETA?
Hide
Permalink
Iñaki Arenaza added a comment -

Hi Craig,

as far as I know, there are no short term plans to add this into core. I did part of the job a long time ago (something like two years ago or so), but I've never finished it, as other things have side-tracked me

Iñaki.

Show
Iñaki Arenaza added a comment - Hi Craig, as far as I know, there are no short term plans to add this into core. I did part of the job a long time ago (something like two years ago or so), but I've never finished it, as other things have side-tracked me Iñaki.
Hide
Permalink
Craig Redl added a comment -

Thanks Iñaki,

Well Ill start writing it myself then, we need it for January. Ill post the code for anyone interested when Im done.

Craig.

Show
Craig Redl added a comment - Thanks Iñaki, Well Ill start writing it myself then, we need it for January. Ill post the code for anyone interested when Im done. Craig.
Hide
Permalink
Craig Redl added a comment -

Okay no hack needed. Got it working based on thread found at http://moodle.org/mod/forum/discuss.php?d=17198 which suggests to tweak the LDAP Host URL by removing the subdomain and appending port 3268.

So if you have a similar setup as us, here is how it works:

Our students authenticate against http://discovery.mala.bc.ca, while faculty/staff authenticate against http://capitan.mala.bc.ca. Adding both domains to the LDAP Host URL field will not work because it will only check the 2nd domain as "failover" support. This wont check the 2nd domain if the user fails to authenticate against the 1st, it will only check the 2nd domain in the event the 1st is offline.

To access ALL the domains within the global catalog using a single HOST URL, set your Host URL to just the top level domain along with the default 3268 port. We must include the port for it to work. Here is the syntax:

HOST URL: ldap://mala.bc.ca:3268

It now authenticates against all subdomains within the forest successfully. Hope this helps as well.

Craig.

Show
Craig Redl added a comment - Okay no hack needed. Got it working based on thread found at http://moodle.org/mod/forum/discuss.php?d=17198 which suggests to tweak the LDAP Host URL by removing the subdomain and appending port 3268. So if you have a similar setup as us, here is how it works: Our students authenticate against http://discovery.mala.bc.ca, while faculty/staff authenticate against http://capitan.mala.bc.ca. Adding both domains to the LDAP Host URL field will not work because it will only check the 2nd domain as "failover" support. This wont check the 2nd domain if the user fails to authenticate against the 1st, it will only check the 2nd domain in the event the 1st is offline. To access ALL the domains within the global catalog using a single HOST URL, set your Host URL to just the top level domain along with the default 3268 port. We must include the port for it to work. Here is the syntax: HOST URL: ldap://mala.bc.ca:3268 It now authenticates against all subdomains within the forest successfully. Hope this helps as well. Craig.

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.