Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-35153

Allow WAYFless URLs with Shibboleth authentication

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.1
    • Fix Version/s: 2.4
    • Component/s: Authentication
    • Labels:
    • Testing Instructions:
      Hide

      This patch requires a Moodle environment with a working Shibboleth configuration. It assumes that you're using the internal WAYF and have the alternative login URL setup.

      1. Create a course in Moodle. Make a note of the direct link to the course.
      2. Logout. Make sure you aren't authenticated to the Moodle instance and that your session is completely closed.
      3. Craft a direct link to your Moodle instance which incorporates the entityID and the direct link to the course from the first step. This could be http://your-moodle-instance/alt/index.php?entityID=entityURI&target=FullURLToCourse
      4. Point your browser to that link.

      If you're already authenticated to your Shibboleth provider you should go directly to the course. If not, you'll be taken directly to the IDP page. Either way you don't visit the WAYF page.

      Show
      This patch requires a Moodle environment with a working Shibboleth configuration. It assumes that you're using the internal WAYF and have the alternative login URL setup. Create a course in Moodle. Make a note of the direct link to the course. Logout. Make sure you aren't authenticated to the Moodle instance and that your session is completely closed. Craft a direct link to your Moodle instance which incorporates the entityID and the direct link to the course from the first step. This could be http://your-moodle-instance/alt/index.php?entityID=entityURI&target=FullURLToCourse Point your browser to that link. If you're already authenticated to your Shibboleth provider you should go directly to the course. If not, you'll be taken directly to the IDP page. Either way you don't visit the WAYF page.
    • Affected Branches:
      MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-35153-master

      Description

      We have an environment with multiple Moodle instances under Shibboleth authentication. We'd like to create "WAYFless" URLs (see https://spaces.internet2.edu/display/inclibrary/Best+Practices) in the format http://resource-provider-site/session-initiator-url?entityID=IDENTITY-PROVIDER-ENTITYID&target=RESOURCE-LOCATION. auth/shibboleth/index.php seems like it should handle this, but $SESSION->wantsurl isn't getting set and there doesn't seem to be a way for it to get set. One way I see of solving this is to add a check for a 'target' parameter and set wantsurl based on that, if present.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    3/Dec/12