UsingWW: LDAP/SSO from Moodle supposed behaviour

Hello.

We have moodle 3.9.x running on ubuntu with php 7.3.x and mysql 5.7.x

Our webwork server is running the latest build

I created the webwork course; set up the secret "password" in webwork and configured the authen_LTI.conf file in WebWork..

I created a test moodle course and added students to them.

I created the external tool to the WebWork class and when users click on that LTI LINK, it shows them the login page of their webwork course.

Shouldn't they be SSO'd in there? or do they still have to login to webwork?

thanks

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Tuesday, 10 August 2021, 3:03 PM

Why when users coming from moodle, click on their LTI link in Moodle, they are presented with the WeBWork login page rather than them automatically sign in?

The WeBWorK course has the classlist of those students from Moodle added.

I modified the AUTHEN_LTI page already...

is it suppose to work this way? What am I missing that would allow them to automatically go into their WebWork course without the need to login to WebWork?

Thanks!

Re: LDAP/SSO from Moodle supposed behaviour

by Danny Glin - Tuesday, 10 August 2021, 3:48 PM

If you have set up both LDAP and LTI authentication, then most likely the configuration that is enabling LDAP is overriding the configuration that is enabling LTI. See https://webwork.maa.org/moodle/mod/forum/discuss.php?d=4971#p15314 for a description of the problem and how to fix it.

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan - Tuesday, 10 August 2021, 3:57 PM

Is the link in Moodle an external learning tool link as opposed to a plain old link? That would also explain what you experience. Follow the steps here to plan external tool links:

https://webwork.maa.org/wiki/LTI-Advanced_Authentication#Moodle_2

It also could be that the LTI setting are not configured correctly. In course.conf, add:

$debug_lti_parameters = 1;

Then follow the link from Moodle and you should see a report of LTI parameters and it may reveal what is not configured right.

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Tuesday, 10 August 2021, 5:03 PM

I did all the above.. where is the "copy link location" in the course settings? i don't see it

I made the changes in course.conf and still nothing

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Tuesday, 10 August 2021, 5:30 PM

even turning on the debug shows nothing in the page... nothing...

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Tuesday, 10 August 2021, 6:07 PM

here is what I have in my:

---------- course.conf file -----------

include("conf/authen_LTI.conf");

include("conf/authen_ldap.conf");

$authen{user_module} = [

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];
$debug_lti_parameters = 1;

------ localOverrides.conf file ------

include("conf/authen_LTI.conf");
# default settings
$debug_lti_parameters = 1;
$debug_lti_grade_passback = 1;

include("conf/authen_ldap.conf");

$authen{user_module} = [

# { "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];

---- in my authen_LTI.conf file ---------

$authen{user_module} = [

{ "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];

$preferred_source_of_username = "username";

Re: LDAP/SSO from Moodle supposed behaviour

by Danny Glin - Tuesday, 10 August 2021, 6:45 PM

You are defining the $authen{user_module} variable three different times. Each time it is defined, it overwrites the previous setting, so the only thing that takes effect is the last definition, which in your case is in course.conf.

You should remove the $authen{user_module} block entirely from authen_LTI.conf and authen_LDAP.conf. If you are enabling multiple authentication methods, then the cleanest thing to do is set the list of authentication methods directly in localOverrides.conf.

Once you've done this, you can put the following after the two "include"s in localOverrides.conf:

$authen{user_module} = [

{ "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method

{ "*" => "WeBWorK::Authen::LDAP",}, #fallback authorization method 1

{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method 2

];

This will enable both LTI and LDAP logins for all courses. If you only want this for a single course (or want to override it for a single course), then you can include it in course.conf, otherwise do not add anything to course.conf.

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Wednesday, 11 August 2021, 12:41 AM

I see..

how come there are warnings at the bottom of the debug upon connection but when I click back to it is gone? is it because it was trying to connect via LTI initially?

Now trying to get their name and username to show up on the masthead other than their webwork userid...

Re: LDAP/SSO from Moodle supposed behaviour

by Danny Glin - Wednesday, 11 August 2021, 2:21 PM

Those warnings are only generated during the initial authentication through LTI. Once that authentication attempt has either succeeded or failed, the LTI code is no longer being invoked, so there are no further warnings.

Re: LDAP/SSO from Moodle supposed behaviour

by L Ng - Wednesday, 11 August 2021, 3:19 PM

Correct... that was my conclusion as well.. now I want to try and figure out how to show their names above instead of the user id

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan - Wednesday, 11 August 2021, 4:01 PM

Just an FYI. User accounts are not required to have first and/or last names. Probably not an issue in practice, but you may want to make it default to the user ID if there is no name to display.

Re: LDAP/SSO from Moodle supposed behaviour

by Ervin Jelvos - Saturday, 18 June 2022, 11:47 AM

Is the link in Moodle an external learning tool link as opposed to a plain old link?

That would also explain what you experience.

Follow the steps here to plan external tool links:

https://webwork.maa.org/wiki/LTI-Advanced_Authentication#Moodle_2

It also could be that the LTI setting are not configured correctly. In course.conf, add:
$debug_lti_parameters = 1;

Re: LDAP/SSO from Moodle supposed behaviour

by Alex Jordan - Tuesday, 10 August 2021, 7:04 PM

If turning on LTI debugging shows nothing, then you aren't reaching an LTI connection attempt, and what Danny pointed you to is most likely the problem.

Re: LDAP/SSO from Moodle supposed behaviour

by Blacky mia - Friday, 17 December 2021, 2:56 PM

Is the link in Moodle an external learning tool link as opposed to a plain old link?

That would also explain what you experience.

Follow the steps here to plan external tool links:

https://webwork.maa.org/wiki/LTI-Advanced_Authentication#Moodle_2

It also could be that the LTI setting are not configured correctly. In course.conf, add:

$debug_lti_parameters = 1;

Then follow the link from Moodle and you should see a report of LTI parameters and it may reveal what is not configured right.

Using WeBWorK

Installation

LDAP/SSO from Moodle supposed behaviour

LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour

Re: LDAP/SSO from Moodle supposed behaviour