Shibboleth
This page requires updating. Please do so and remove this template when finished.
Location: Settings link in Settings > Site administration > Plugins > Authentication > Manage authentication
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain usernames and passwords. Identity providers (IdP's) supply user information, while service providers (SP's) consume this information and gate access to secure content.
(Taken from Wikipedia, the free encyclopedia)
Configuring Moodle to use Shibboleth
The README.txt file in the auth/shibboleth folder of your Moodle distribution contains set-up instructions.
Shibboleth in the UK
In the UK Becta and JISC have implemented an education federation using Shibboleth to provide single sign on. This means that education establishments in the UK using Moodle should be able to authenticate their users via Shibboleth IF their education organisation joins the UK Access Management Federation and their users' identity is held by the identity provider the LA/RBC use. For maintained schools in the England and Wales this will probably mean contacting their Local Authority or Regional Broadband Consortium (RBC). A list of current UK federation members can be found here.
Additional notes
Some IdPs will only share a minimal set of user fields with your Moodle SP, which can cause problems:
- Moodle errors relating to missing Shibboleth fields can be fixed by altering the data mappings within the Shibboleth authentication plugin, and ensuring that fields are not locked. The user will be asked to manually provide data if Shibboleth does not automatically provide the corresponding information.
- Moodle errors relating to invalid characters in username can be fixed by Allowing extended characters in usernames (found under Security > Site policies).