Shibboleth: Difference between revisions
No edit summary |
|||
(25 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
{{Authentication}} | |||
Location: Settings link in ''Settings > Site administration > Plugins > Authentication > Manage authentication'' | |||
: | |||
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content. | |||
[[ | (Taken from [http://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29 Wikipedia, the free encyclopedia]) | ||
[[ | |||
==Configuring Moodle to use Shibboleth== | |||
The README.txt file in the ''auth/shibboleth'' folder of your Moodle distribution contains set-up instructions. | |||
==Shibboleth in the UK== | |||
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found [http://www.ukfederation.org.uk/content/Documents/MemberList here]. | |||
==Additional notes== | |||
Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems: | |||
*Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information. | |||
*Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies). | |||
==External links== | |||
*[https://github.com/moodle/moodle/blob/master/auth/shibboleth/README.txt ./auth/shibboleth/README.txt] | |||
*[http://shibboleth.internet2.edu Shibboleth Internet2 Website] | |||
*[http://www.ukfederation.org.uk/ UK Access Management Federation for Education and Research] | |||
*[http://www.ukfederation.org.uk/content/Documents/AttributeUsage Current Core Attributes for the UK Federation] | |||
[[fr:Shibboleth]] | |||
[[ja:Shibboleth]] | |||
[[de:Shibboleth-Server]] |
Latest revision as of 15:31, 27 December 2018
Location: Settings link in Settings > Site administration > Plugins > Authentication > Manage authentication
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.
(Taken from Wikipedia, the free encyclopedia)
Configuring Moodle to use Shibboleth
The README.txt file in the auth/shibboleth folder of your Moodle distribution contains set-up instructions.
Shibboleth in the UK
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found here.
Additional notes
Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:
- Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
- Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).