Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:2.0:single_sign_on:saml_moodle [2025/05/16 23:58] – [Configuring the Service Provider (Moodle)] kainhoferen:2.0:single_sign_on:saml_moodle [2025/05/17 00:09] (current) – [Setup completed, test Single-Sign-On] kainhofer
Line 77: Line 77:
  
 Towards the end of the configuration screen, a whole section "Data mapping" is dedicated to fields mapping. Each profile field has four settings: "Data mapping" (SAML attribute from Admidio), "Update local", "Update external" and "Lock value". None of these values is required, but if they are mapped, Admidio's profile data is properly imported into Moodle's profile. Towards the end of the configuration screen, a whole section "Data mapping" is dedicated to fields mapping. Each profile field has four settings: "Data mapping" (SAML attribute from Admidio), "Update local", "Update external" and "Lock value". None of these values is required, but if they are mapped, Admidio's profile data is properly imported into Moodle's profile.
-{{ :en:2.0:sso:sso_moodle_saml_09_plugin_settings_mapping.png?direct&800 |}}+{{ :en:2.0:sso:sso_moodle_saml_09_plugin_settings_mapping.png?direct&900 |}}
  
  
  
 The last section would allow Moodle to act as a SAML IdP, which is not relevant in our case. Enabling IDP means that Moodle's user accounts can be used by other applications. This, however, is not our scope in this tutorial. The last section would allow Moodle to act as a SAML IdP, which is not relevant in our case. Enabling IDP means that Moodle's user accounts can be used by other applications. This, however, is not our scope in this tutorial.
-{{ :en:2.0:sso:sso_moodle_saml_10_plugin_idp.png?direct&200 |}}+{{ :en:2.0:sso:sso_moodle_saml_10_plugin_idp.png?direct&600 |}}
  
  
Line 89: Line 89:
  
 Admidio and Moodle should now be set up to use Admidio for logging in to Moodle. The SAML plugin even provides a way to test the plugin configuration: Return to Moodle's plugin list (see above), which shows a "Test settings" next to the "Settings" link for the plugin: Admidio and Moodle should now be set up to use Admidio for logging in to Moodle. The SAML plugin even provides a way to test the plugin configuration: Return to Moodle's plugin list (see above), which shows a "Test settings" next to the "Settings" link for the plugin:
-{{ :en:2.0:sso:sso_moodle_03_pluginlist.png?direct&400 |}}+{{ :en:2.0:sso:sso_moodle_03_pluginlist.png?direct&600 |}}
  
 The test settings page allows a test login from Moodle to Admidio without influencing the current session Moodle. If login is successful, the profile data provided by Admidio is displayed. The test settings page allows a test login from Moodle to Admidio without influencing the current session Moodle. If login is successful, the profile data provided by Admidio is displayed.
-{{:en:2.0:sso:sso_moodle_saml_11_plugin_test.png?direct&600|}}{{:en:2.0:sso:sso_moodle_saml_12_plugin_testresults.png?direct&200|}}+ 
 +{{:en:2.0:sso:sso_moodle_saml_11_plugin_test.png?direct&600|}}{{:en:2.0:sso:sso_moodle_saml_12_plugin_testresults.png?direct&400|}}
  
 Once, this dry run is successful, one can attempt a real login through SAML. Once, this dry run is successful, one can attempt a real login through SAML.
Line 98: Line 99:
  
 If you log out of Moodle (or open Moodle in an incognito browser window) and go to the Moodle admin location, you should see the login screen with the choice of logging in with password or via SAML. If you log out of Moodle (or open Moodle in an incognito browser window) and go to the Moodle admin location, you should see the login screen with the choice of logging in with password or via SAML.
 +
 {{:en:2.0:sso:sso_moodle_13_moodle_loginform.png?direct&400|}}{{:en:2.0:sso:sso_moodle_saml_14_admidio_loginform.png?direct&400|}} {{:en:2.0:sso:sso_moodle_13_moodle_loginform.png?direct&400|}}{{:en:2.0:sso:sso_moodle_saml_14_admidio_loginform.png?direct&400|}}
  
  
 After choosing SAML login and loggin in with a user from Admidio, you should be logged in to Moodle. After choosing SAML login and loggin in with a user from Admidio, you should be logged in to Moodle.
-{{ :en:2.0:sso:sso_moodle_saml_16_loginsuccess.png?direct&400 |}}+{{ :en:2.0:sso:sso_moodle_saml_16_loginsuccess.png?direct&600 |}}
  
  
Line 108: Line 110:
 ==== Caveats and Things to Consider ==== ==== Caveats and Things to Consider ====
  
-  * Transferring the country profile field from Admidio into Moodle's country field does not work, because Moodle appears to expect a particular format, which Admidio does not provide. The error message might look overwhelming, but it gives a good indication.{{ :en:2.0:sso:sso_moodle_saml_99_countrymapping.png?direct&400 |}} +  * Transferring the country profile field from Admidio into Moodle's country field does not work, because Moodle appears to expect a particular format, which Admidio does not provide. The error message might look overwhelming, but it gives a good indication.{{ :en:2.0:sso:sso_moodle_saml_99_countrymapping.png?direct&600 |}} 
-  * If you have user accounts from different backends (e.g. local accounts, OpenID Connect login, SAML login) and an account for a user was already created, Moodle tries to match accounts by username (the field selected in the plugin config). However, if the other account has the same email address, but a different user ID through the OIDC or local backend, Moodle will try to create a new account with the SAML user ID, but fails since another account with the same email already exists.{{ :en:2.0:sso:sso_moodle_saml_15_login_duplicateemail.png?direct&400 |}}+  * If you have user accounts from different backends (e.g. local accounts, OpenID Connect login, SAML login) and an account for a user was already created, Moodle tries to match accounts by username (the field selected in the plugin config). However, if the other account has the same email address, but a different user ID through the OIDC or local backend, Moodle will try to create a new account with the SAML user ID, but fails since another account with the same email already exists.{{ :en:2.0:sso:sso_moodle_saml_15_login_duplicateemail.png?direct&600 |}}
  • en/2.0/single_sign_on/saml_moodle.1747432703.txt.gz
  • Last modified: 2025/05/16 23:58
  • by kainhofer