Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-35153

Allow WAYFless URLs with Shibboleth authentication

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.4
    • 2.3.1
    • Authentication
    • MOODLE_23_STABLE
    • MOODLE_24_STABLE
    • MDL-35153-master
    • Hide

      This patch requires a Moodle environment with a working Shibboleth configuration. It assumes that you're using the internal WAYF and have the alternative login URL setup.

      1. Create a course in Moodle. Make a note of the direct link to the course.
      2. Logout. Make sure you aren't authenticated to the Moodle instance and that your session is completely closed.
      3. Craft a direct link to your Moodle instance which incorporates the entityID and the direct link to the course from the first step. This could be http://your-moodle-instance/alt/index.php?entityID=entityURI&target=FullURLToCourse
      4. Point your browser to that link.

      If you're already authenticated to your Shibboleth provider you should go directly to the course. If not, you'll be taken directly to the IDP page. Either way you don't visit the WAYF page.

      Show
      This patch requires a Moodle environment with a working Shibboleth configuration. It assumes that you're using the internal WAYF and have the alternative login URL setup. Create a course in Moodle. Make a note of the direct link to the course. Logout. Make sure you aren't authenticated to the Moodle instance and that your session is completely closed. Craft a direct link to your Moodle instance which incorporates the entityID and the direct link to the course from the first step. This could be http://your-moodle-instance/alt/index.php?entityID=entityURI&target=FullURLToCourse Point your browser to that link. If you're already authenticated to your Shibboleth provider you should go directly to the course. If not, you'll be taken directly to the IDP page. Either way you don't visit the WAYF page.

      We have an environment with multiple Moodle instances under Shibboleth authentication. We'd like to create "WAYFless" URLs (see https://spaces.internet2.edu/display/inclibrary/Best+Practices) in the format http://resource-provider-site/session-initiator-url?entityID=IDENTITY-PROVIDER-ENTITYID&target=RESOURCE-LOCATION. auth/shibboleth/index.php seems like it should handle this, but $SESSION->wantsurl isn't getting set and there doesn't seem to be a way for it to get set. One way I see of solving this is to add a check for a 'target' parameter and set wantsurl based on that, if present.

            cfulton Charles Fulton
            cfulton Charles Fulton
            Dan Poltawski Dan Poltawski
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Tim Barker Tim Barker
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.