MNet: Difference between revisions
(Move and edit introduction) |
No edit summary |
||
Line 5: | Line 5: | ||
The initial release of MNet is bundled with a Authentication Plugin, which makes single-sign-on between Moodles possible. A user with the username <em>jody</em> logs in to her Moodle server as normal, and clicks on a link that takes her to a page on another Moodle server. Normally, she would have only the privileges of a guest on the remote Moodle, but behind the scenes, single-sign-on has established a fully authenticated session for Jody on the remote site. | The initial release of MNet is bundled with a Authentication Plugin, which makes single-sign-on between Moodles possible. A user with the username <em>jody</em> logs in to her Moodle server as normal, and clicks on a link that takes her to a page on another Moodle server. Normally, she would have only the privileges of a guest on the remote Moodle, but behind the scenes, single-sign-on has established a fully authenticated session for Jody on the remote site. | ||
'''WARNING:''' MNet requires the use of xmlrpc. Please go to your phpinfo page if you are interested in using this and search for --with-xmlrpc. If your php has not been compiled with xmlrpc then you need to address that first! At present it appears that PEAR xmlrpc will not work. | '''WARNING:''' MNet requires the use of '''xmlrpc'''. Please go to your phpinfo page if you are interested in using this and search for --with-xmlrpc. If your php has not been compiled with xmlrpc then you need to address that first! At present it appears that PEAR xmlrpc will not work. | ||
[[Image:Administration Block Users Authentication MoodleNetwork.jpg|thumb|MNet setting in ''Admin > User > Authentication > Moodle Network]] | [[Image:Administration Block Users Authentication MoodleNetwork.jpg|thumb|MNet setting in ''Admin > User > Authentication > Moodle Network]] | ||
Revision as of 16:38, 29 June 2010
Template:Moodle 1.8 The network feature allows a Moodle administrator to establish a link with another Moodle, and to share some resources with the users of that Moodle. This features was introduced in Moodle 1.8.
Overview
The initial release of MNet is bundled with a Authentication Plugin, which makes single-sign-on between Moodles possible. A user with the username jody logs in to her Moodle server as normal, and clicks on a link that takes her to a page on another Moodle server. Normally, she would have only the privileges of a guest on the remote Moodle, but behind the scenes, single-sign-on has established a fully authenticated session for Jody on the remote site.
WARNING: MNet requires the use of xmlrpc. Please go to your phpinfo page if you are interested in using this and search for --with-xmlrpc. If your php has not been compiled with xmlrpc then you need to address that first! At present it appears that PEAR xmlrpc will not work.
Security
The MNet feature requires that your server has the Curl and OpenSSL extensions installed. When you install or upgrade to Moodle 1.8, your system will generate a new OpenSSL certificate for encrypted communication with other Moodles, and will thereafter rotate encryption keys on a monthly basis (approx).
Communication takes place over an XML-RPC transport, and the XML-RPC documents are wrapped first in an XMLDSIG (XML digital signature) envelope, and then in an XMLENC (XML encryption) envelope. The encryption all happens within PHP, and does not require an https (Apache SSL) server.
References:
A special mode can be enabled which would allow a machine with a specified IP address to make calls to the XML-RPC layer without using either encryption or signature envelopes. This mode is provided to enable Moodle to communicate with other software systems in which the integration of signatures and encryption might be prohibitively difficult. It is not envisioned that unencrypted inter-Moodle networking will ever be enabled.
Peer to Peer Network
This is the basic layout of the system. It can be very useful to run one Moodle per faculty or departments, each with its own user management, and yet permit users to roam across the Moodle installs... subject to permissions of course.
Setup
The instructions will cover 2 Moodle installations: MoodleA and MoodleB. Both are installed correctly and have never had a Moodle Network configuration.
Note: If you experience problems, ensure debugging is turned on in Site Administration > Server > Debugging. Extra diagnostic messages may be displayed (particularly from Moodle 1.9.2)
- Get them to talk to each other
- Ensure Admin > Server > Environment indicates you have curl installed
- If MoodleA and MoodleB are hosted in the same domain, ensure they have a different cookie prefix. Note that changing the cookie prefix will log you out! You can change the cookie prefix via Admin > Server > Session Handling.
- On both, go to Admin > Network > Settings and turn Networking ON.
- On MoodleA go to Admin > Network > Peers - put the URL of MoodleB under "Add New Host" and click Add. The URL should include the directory where your Moodle code is located, for example www.mymoodle.org/moodle.
- Do the equivalent on MoodleB.
- Get user roaming going
- On both, go to Admin > Users > Authentication and enable Moodle Network authentication plugin. Click on 'Settings' and enable auto_add_remote_users.
- On MoodleA go to Admin > Network > Peers, click on 'MoodleB', and click on 'Services'. Enable SSO-IDP publish and subscribe, and SSO-SP publish and subscribe.
- Do the equivalent on MoodleB.
- On both, go to Admin > Users > Permissions > Define Roles, only roles that have "Roam to a remote Moodle moodle/site:mnetlogintoremote" will be allowed to roam. Grant the privilege as appropriate.
- On both, go to the homepage, and add the 'Network Servers' block.
- To test, it is recommended to use a different browser (even on a different machine) that is logged in to neither. Login to MoodleA with a non-administrator account that has the permissions to roam. You should see the Network Servers block, and clicking on it you should go to MoodleB with a newly autocreated account.
- Get remote enrolments going -- this is optional. It allows administrator of MoodleB can enrol users that are "native" to MoodleB in courses in MoodleA, and viceversa.
- On both, go to Admin > Courses > Enrolment and enable Moodle Network enrolment plugin (click Save). Click on 'Edit' and enable 'allow_allcourses' or select some courses or categories to be remotely enrolled.
- On MoodleA go to Admin > Network > Peers, click on 'MoodleB', and click on 'Services'. Enable Enrolment publish and subscribe.
- Do the equivalent on MoodleB.
- To use, in MoodleA go to Admin > Networking > Enrolments. You will see MoodleB listed. Click on MoodleB and you will see a list of courses that MoodleB offers for remote enrolment. Select the course you want, and then enroll the users you want to that course.
Using it
Connecting to a Community hub
A Community hub is a Moodle server that is configured to accept connections from other Moodle servers, and to provide a set of services to users of these other servers. This guideline will direct you to connect to a Community hub, assess the services it has to offer, and enable those services for your users.
Setup
- Get talking to the Hub
- Ensure that the Admin > Server > Environment page indicates you have curl and openssl installed
- Go to Admin > Network > Settings and turn Networking on
- Go to Admin > Network > Peers and enter the URL of Community Hub under "Add New Host". Click Add
- The host details for the Community Hub should appear with the Site Name field already populated. Click Save changes
- The details will be written to your database and two new tabs will appear in this window: 'Services' and 'Logs'. Click Services
- A list of services will appear, each with a checkbox for 'publish' and 'subscribe'. Check the checkboxes for any services you want to publish or subscribe to
Using it
If the Community Hub has already enabled a service for you, there will be a tick alongside the appropriate checkbox, for example: if the Hub is publishing Moodle Networked Enrolment, then a tick will appear alongside the subscribe checkbox for this service. Note that in order to enable some functionality, prominently single-sign-on, you may have to publish a service, e.g. the Identity Provider service. The Community Hub will access this service on your Moodle, asking it to authenticate your users.
- Enable Roaming
- Subscribe to SSO (Service Provider) by checking the box
- Publish SSO (Identity Provider) by checking the box
- Click Save changes
- Go to Admin > Users > Permissions > Define Roles, and grant the capability Roam to a remote Moodle moodle/site:mnetlogintoremote to an appropriate role
- Go to Admin > Users > Authentication and enable the Moodle Network authentication plugin
- Go to your homepage, turn on editing, and add the 'Network Servers' block
- Using a different web-browser, log on as a non-admin user who inhabits the role you granted the roaming capability to
- Note that the Community Hub is listed in the Network Servers block on the homepage. Click on the link to that server
- Some of your user details will be transferred to the Community Hub server, and a browsing session will be started for you as if you had logged on there directly
- Enable Networked Enrolment
- Return to the web browser you've been using as the site administrator
- Go to Admin > Network > Peers and click on the entry for the Community Hub.
- Click on the Services tab
- Subscribe to Moodle Networked Enrolment
- Go to Admin > Courses > Enrolment and enable the Moodle Network enrolment plugin. Click Save changes
- Click on edit to view the details for networked enrolments.
- Go to Admin > Networking > Enrolments to see a list of Moodle servers that offer this service to you
- Click on a server name to view a list of courses that the server offers to your users
- Click on a course name, to view a list users that you can enrol in this course
- Enrol users
- Profit!
Running a Community hub
A Community hub is a regular Moodle site that runs in a special mode. As a Moodle Administrator, when you add another Moodle site to your list of network peers, your Moodle will contact that site to find out what it is called, and to request its public key for encrypted communication. Normally, the remote server will simply provide this information without making any record of the transaction.
A Community hub is different. As soon as you add an entry for a Community hub to your system, the Community hub will create an entry for your server in its list of hosts, and may immediately begin to offer services to the users of your site.
This section will guide you to set up a Community hub, and select services to offer to all comers.
Setup
- Enable Networking
- Ensure that the Admin > Server > Environment page indicates you have curl and openssl installed
- Go to Admin > Network > Settings and turn Networking on
- Go to Admin > Network > Peers and tick the checkbox for Register all hosts. Click on Save Changes
- On the same page, the first entry in your list of hosts should be All hosts. Click this link
- Click on Services and enable any services you want to offer to all comers
See also
- Moodle Network FAQ
- Moodle Network development notes
- Using Moodle MNet forum
- Using Moodle Examples of how people are using Moodle networks forum discussion