Recent Changes - Search:

Categories

Does Portal Guard Support Moodle

Does PortalGuard support Moodle

Tags: education, federation

Problem

You are considering purchasing PortalGuard / have already purchased PortalGuard and are wondering if PortalGuard support federation with Moodle.


Solution

PortalGuard is able to federate with Moodle. Some of the benefits PortalGuard offers for Moodle include:

• Automatically create user accounts in Moodle once the user is created in Active Directory

• All-In-One: SSPR, SSO, 2FA, Password Policies

• Fixed server costs

• Unlimited users supported

• No Programming Required

• Configurable By Student, Faculty, and Dept

The following is instructions on how to install and configure Moodle to run SAML under IIS:

NOTE: The following is performed on the Moodle Server

Download Simple SAML PHP from here:

Extract the downloaded zip file to here: (you will need to move the files around to get it to look like this)

Add application under default Web Site:

Edit config.php from this location:

Change the auth.adminpassword here:

Change the secretsalt value here:

Change email address here:

Change log level to INFO here:

Save and Close.

Edit authsources.php and delete all the lines from here to the bottom of the file (leave the last ‘);’)

Change the identity of the Moodle relying party (your name will be different):

Change the Issuer ID of the PG IdP (your name will be different)

NOTE: The following section is performed on the PortalGuard server.

Create a Relying Party under the PG IdP (this section is performed on the PortalGuard server):

Assertion Consumer URL is http://moodle.cneschools.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

Note: This section is performed on the Moodle server PHP settings for the web site may be running some kind of lock down mode. Under the PHP manager:

Under PHP Settings

Open saml20-idp-remote.php

Make the following changes to saml20-idp-remote.php

Set SingleSignOnService and SingleLogoutService to the following: Also set description to the “Here you can login…”

Update the certFingerprint above (the last line) from the mycert.pem file. Grab the public part of the file and paste into a new .cer file. Right click on the .cer file and choose details tab. You can gate the finger print from the Thumbprint field on the Details tab. Copy this value into notepad and remove all the white spaces before updating the php document above.

Paste the above into a new text file and save it as IdP_signing.cer

Right click IdP_signing.cer and select Properties and then select the Details tab to bring up this view:

Copy the highlighted thumbprint value from here and paste into a new temporary txt file. Remove all the white spaces and then put the value here in the php file:

Download Moodle SAML Auth plug-in from here:

Extract the saml folder from the zip file and put it in the auth folder: saml folder from downloaded plugin zip file

saml folder copied into the auth folder

From moodlebook, navigate to the Manage authentication page:

Should see SAML Authentication here:

Move it up to the top by selecting it and clicking the up arrow until it gets to the top as shown below. Then click the Settings link/button on the right

Change the SimpleSAMLPHP Library Path to the following:

The SAML username mapping can stay what it defaults to because that is what we configured over in the PG IdP relying party as the claim

The logo.gif can also be changed

For user creation in Moodle, this is where we specify the fields that will be taken out of the SAML token and put into Moodle. Update the first three as shown below:

Save changes:

Logout and log back into Moodle

If you see this:

Do this:

Edit saml_config.php from this location

Change this:

To this:

You should now be able to access the PortalGuard login screen.

Test with a Moodle user that does exist in AD

Note: This section is performed on the PortalGuard server.

The created Moodle user once logged in will not have a city and state. Create new RP claims that hard code these values:

Note: This section is performed on the Moodle server.

Login manually as admin to Moodle to make the needed SAML configuration change for City and Country.

Upgrade to new version if prompted to Go Back to Data Mapping under Manage authentication in Moodle and add the City and Country like this: does not need to be “On every login” that was just for our testing because our user was already created.

Existing students need to be converted to use the right authentication method, namely SAML.

If importing from old Moodle to new Moodle with a csv file, search and replace the old auth type with the SAML auth type.

To get user to go directly to PG login page and not have to click the UNIQUID button, make a copy of the current login.php and rename it to manual_login.php

Modify login.php and add this line

Copy manual_login.php to login.php_ORIGINAL

Remove the highlighted lines from manual_login.php

Now clicking the Login button on the Moodle home page will go directly to PG login page.

Use the highlighted link below to get to the manual login page: http://moodle.<your_name>/auth/saml/login_manual.php(approve sites)

Page last modified on February 11, 2016, at 12:59 PM