Note: You are currently viewing documentation for Moodle 3.8. Up-to-date documentation for the latest stable version of Moodle may be available here: Shibboleth.

Shibboleth: Difference between revisions

From MoodleDocs
mNo edit summary
 
(18 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{Authentication}}
Location: Settings link in ''Settings > Site administration > Plugins > Authentication > Manage authentication''
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.


Taken from [http://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29 Wikipedia, the free encyclopedia]
(Taken from [http://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29 Wikipedia, the free encyclopedia])
 
==Configuring Moodle to use Shibboleth==


In the UK Becta and JISC have a plan to implement a schools, FE and HE federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For Local Authority (LA) schools this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC).
The README.txt file in the ''auth/shibboleth'' folder of your Moodle distribution contains set-up instructions.


External Links
==Shibboleth in the UK==
:[http://shibboleth.internet2.edu Shibboleth Internet2 Website]
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found [http://www.ukfederation.org.uk/content/Documents/MemberList here].
:[http://www.oodles.org.uk/moodle/mod/resource/view.php?id=105 Current Core Attributes for school sector members of the UK Access Management Federation]
:[http://www.becta.org.uk/corporate/display.cfm?section=22&id=4665 Becta Website Technical policy and Standards - Shibboleth Pilots]


Configuring Moodle to use Shibboleth
==Additional notes==
Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:
*Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
*Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).


In addition to the online instructions you are recommended to read the README.txt file in the auth/shibboleth folder in yor Moodle distribution.
==External links==
*[http://shibboleth.internet2.edu Shibboleth Internet2 Website]
*[http://www.ukfederation.org.uk/ UK Access Management Federation for Education and Research]
*[http://www.ukfederation.org.uk/content/Documents/AttributeUsage Current Core Attributes for the UK Federation]


[[Category:Administrator]]
[[fr:Shibboleth]]
[[Category:Authentication]]
[[ja:Shibboleth]]
[[de:Shibboleth-Server]]

Latest revision as of 08:46, 31 August 2017

Location: Settings link in Settings > Site administration > Plugins > Authentication > Manage authentication


Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.

(Taken from Wikipedia, the free encyclopedia)

Configuring Moodle to use Shibboleth

The README.txt file in the auth/shibboleth folder of your Moodle distribution contains set-up instructions.

Shibboleth in the UK

In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found here.

Additional notes

Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:

  • Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
  • Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).

External links