Note: You are currently viewing documentation for Moodle 3.4. Up-to-date documentation for the latest stable version of Moodle is likely available here: Shibboleth.

Shibboleth: Difference between revisions

From MoodleDocs
No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Authentication}}
{{Authentication}}
<p class="note">'''Please refer to [[TOC_with_notes#Authentication|these notes]] before editing this page.'''</p>
Location: Settings link in ''Settings > Site administration > Plugins > Authentication > Manage authentication''  
Location: Settings link in ''Administration > Plugins > Authentication > Manage authentication'' in 2.0 onwards or ''Administration > Users > Authentication > Manage authentication'' in 1.9




Line 13: Line 12:


==Shibboleth in the UK==
==Shibboleth in the UK==
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found [http://www.ukfederation.org.uk/content/Documents/MemberList here].


In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found [http://www.ukfederation.org.uk/content/Documents/MemberList here].
==Additional notes==
Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:
*Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
*Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).


==External links==
==External links==
*[http://shibboleth.internet2.edu Shibboleth Internet2 Website]
*[http://shibboleth.internet2.edu Shibboleth Internet2 Website]
*[http://schools.becta.org.uk/index.php?section=lv&rid=11277 Becta - Federated access management for UK schools]
*[http://www.ukfederation.org.uk/ UK Access Management Federation for Education and Research]
*[http://www.ukfederation.org.uk/ UK Access Management Federation for Education and Research]
*[http://www.ukfederation.org.uk/content/Documents/AttributeUsage Current Core Attributes for the UK Federation]
*[http://www.ukfederation.org.uk/content/Documents/AttributeUsage Current Core Attributes for the UK Federation]
[[Category:Authentication]]


[[fr:Shibboleth]]
[[fr:Shibboleth]]
[[ja:Shibboleth]]
[[ja:Shibboleth]]
[[de:Authentifizierung über Shibboleth]]
[[de:Shibboleth-Server]]

Latest revision as of 08:46, 31 August 2017

Location: Settings link in Settings > Site administration > Plugins > Authentication > Manage authentication


Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.

(Taken from Wikipedia, the free encyclopedia)

Configuring Moodle to use Shibboleth

The README.txt file in the auth/shibboleth folder of your Moodle distribution contains set-up instructions.

Shibboleth in the UK

In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found here.

Additional notes

Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:

  • Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
  • Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).

External links