Monday, July 30, 2012

Shibboleth SP part 3 (Moodle & Wordpress Configuration)

Integrating Shibboleth login with Moodle

Installation

  • In Moodle, Shibboleth plugin is already installed. We only need to activate the plugin.
  • To use this plugin, the authentication method of the existing users must be changed to shibboleth, if not, they won't be able to login using shibboleth. This can be done by modify the value directly via database for all existing user. Thus, we must disable the login using another authentication method such as LDAP because moodle can not check the user using another autentication method after fail to login using shibboleth.
  • This plugin will import a new user from Shibboleth when user not exist in the moodle database.

Configuration

  • Go to Settings -> Site Administration -> Plugins -> Authentication -> Manage Authentication.
    • Click on the eye icon to activate it.
    • To make Shibboleth the only way to login, set the value of Alternate login URL to http://DOMAIN_NAME/auth/shibboleth/index.php
    • To make Shibboleth an alternative way to login, put a link to http://DOMAIN_NAME/auth/shibboleth/index.php in the instructions input field
    • Click on the Shibboleth Setting
      • On the data mapping, put the attribute name from Shibboleth SP that we want to use.

/etc/apache2/sites-enabled/000-default

  • Add the following rule to enable shibboleth login
<Directory  /var/www/auth/shibboleth/index.php>
        AuthType shibboleth
        ShibRequireSession On
        require valid-user
</Directory>

Integrating Shibboleth login with Wordpress

Installation

  • Go to Plugin -> Add New
  • Search for Shibboleth, click Install Now

Configuration

  • Go to Settings -> Shibboleth
  • On the User Profile Data section, map each attribute name from Shibboleth with the suitable field, check the managed checkbox to prevent the user change the data.
  • On User Role Mappings section, define the attribute name and value from Shibboleth into suitable role.
    • Define the Default Role to assign a role to any user that do not match with Role Mapping. If there is no Default Role, the user will not be able to login with Shibboleth.

.htaccess

  • Add the following rule in .htaccess file which is located in the root web directory, don't forget to enable .htaccess by add "AllowOverride All" in apache conf.
AuthType Shibboleth
ShibRequireSession Off
Require Shibboleth

<< Shibboleth SP part 2 (Typo3 Conf) | Shibboleth SP part 4 (MediaWiki Conf) >>

2 comments:

Unknown said...

how does these instructions work with sp's running out of hosting platforms

arieedzig said...

I think it is not possible on hosting platforms, because you need to have access to apache configuration and module. But you can make a SP using http://simplesamlphp.org/, it should be able to communicate with shibboleth IDP.