Installation

LDAP/SSO from Moodle supposed behaviour

LDAP/SSO from Moodle supposed behaviour

by L Ng -
Number of replies: 12

Hello.

We have moodle 3.9.x running on ubuntu with php 7.3.x and mysql 5.7.x

Our webwork server is running the latest build

I created the webwork course; set up the secret "password" in webwork and configured the authen_LTI.conf file in WebWork..

I created a test moodle course and added students to them.

I created the external tool to the WebWork class and when users click on that LTI LINK, it shows them the login page of their webwork course.

Shouldn't they be SSO'd in there? or do they still have to login to webwork?

thanks


In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -

Why when users coming from moodle, click on their LTI link in Moodle,  they are presented with the WeBWork login page rather than them automatically sign in?

The WeBWorK course has the classlist of those students from Moodle added.

I modified the AUTHEN_LTI page already...

is it suppose to work this way? What am I missing that would allow them to automatically go into their WebWork course without the need to login to WebWork?

Thanks!







In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan -

Is the link in Moodle an external learning tool link as opposed to a plain old link? That would also explain what you experience. Follow the steps here to plan external tool links:

https://webwork.maa.org/wiki/LTI-Advanced_Authentication#Moodle_2


It also could be that the LTI setting are not configured correctly. In course.conf, add:

$debug_lti_parameters = 1;

Then follow the link from Moodle and you should see a report of LTI parameters and it may reveal what is not configured right.


In reply to Alex Jordan

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -
I did all the above.. where is the "copy link location" in the course settings? i don't see it

I made the changes in course.conf and still nothing
In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -

even turning on the debug shows nothing in the page... nothing...

In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -
here is what I have in my:

---------- course.conf file -----------

include("conf/authen_LTI.conf");

include("conf/authen_ldap.conf");

$authen{user_module} = [

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];
$debug_lti_parameters = 1;


------ localOverrides.conf  file ------

include("conf/authen_LTI.conf");
# default settings
$debug_lti_parameters = 1;
$debug_lti_grade_passback = 1;


include("conf/authen_ldap.conf");

$authen{user_module} = [

# { "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];


---- in my authen_LTI.conf file ---------

$authen{user_module} = [
        {  "*" => "WeBWorK::Authen::LTIAdvanced", },        #preferred authorization method
        { "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1
        { "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2
];


$preferred_source_of_username = "username";




In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by Danny Glin -

You are defining the $authen{user_module} variable three different times.  Each time it is defined, it overwrites the previous setting, so the only thing that takes effect is the last definition, which in your case is in course.conf.

You should remove the $authen{user_module} block entirely from authen_LTI.conf and authen_LDAP.conf.  If you are enabling multiple authentication methods, then the cleanest thing to do is set the list of authentication methods directly in localOverrides.conf.

Once you've done this, you can put the following after the two "include"s in localOverrides.conf:

$authen{user_module} = [
        {  "*" => "WeBWorK::Authen::LTIAdvanced", },        #preferred authorization method
        { "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1
        { "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2
];


This will enable both LTI and LDAP logins for all courses.  If you only want this for a single course (or want to override it for a single course), then you can include it in course.conf, otherwise do not add anything to course.conf.


In reply to Danny Glin

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -

I see..

how come there are warnings at the bottom of the debug upon connection but when I click back to it is gone? is it because it was trying to connect via LTI initially?

Now trying to get their name and username to show up on the masthead other than their webwork userid...




In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by Danny Glin -

Those warnings are only generated during the initial authentication through LTI.  Once that authentication attempt has either succeeded or failed, the LTI code is no longer being invoked, so there are no further warnings.

In reply to Danny Glin

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng -

Correct... that was my conclusion as well.. now I want to try and figure out how to show their names above instead of the user id


L

In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan -

Just an FYI. User accounts are not required to have first and/or last names. Probably not an issue in practice, but you may want to make it default to the user ID if there is no name to display.

In reply to L Ng

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan -
If turning on LTI debugging shows nothing, then you aren't reaching an LTI connection attempt, and what Danny pointed you to is most likely the problem.