Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Main Forum
Installation
Saml2 with Google
Questions on getting Xerte Toolkits installed on your server and questions about authentication and user logins.
  • Page:
  • 1

TOPIC:

Saml2 with Google 3 years 11 months ago #7080

  • tad
  • tad's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 20
  • Thank you received: 0
I'm trying to switch the authentication of our Xerte deployment to the Google login of our users.
The login works, but there are no details of my name or login in the Xerte system.
Which parameters should I use for the username, surname, ... to pass through?

Please Log in or Create an account to join the conversation.

Saml2 with Google 3 years 11 months ago #7082

  • tom
  • tom's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 1283
  • Thank you received: 323
Hi, The attributes requested by Xerte are defined in settings.php (in folder library/Authentication/Xerte/Saml2/settings.php)
That file does not exist, but an example is provided (in settings.php.dist in teh same folder).

That file contains (amongst others):
"attributeConsumingService"=> array(
            "serviceName" => "Xerte Online Toolkits",
            "serviceDescription" => "Xerte Online Toolkits",
            "requestedAttributes" => array(
                array(
                    "name" => "urn:oid:0.9.2342.19200300.100.1.1",
                    "isRequired" => true,
                    "nameFormat" => "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
                    "friendlyName" => "uid"
                ),
                array(
                    "name" => "urn:oid:2.5.4.42",
                    "isRequired" => true,
                    "nameFormat" => "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
                    "friendlyName" => "givenName"
                ),
                array(
                    "name" => "urn:oid:2.5.4.4",
                    "isRequired" => true,
                    "nameFormat" => "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
                    "friendlyName" => "sn"
                ),
                array(
                    "name" => "samlUserdata']['urn:oid:1.3.6.1.4.1.25178.1.2.9",
                    "isRequired" => false,
                    "nameFormat" => "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
                    "friendlyName" => "organisation"
                ),
            )
        ),

The attributes are actually set in library/Xerte/Authentication/Saml2/xertesso.php (starting at line 54)
The following user(s) said Thank You: tad

Please Log in or Create an account to join the conversation.

Saml2 with Google 3 years 11 months ago #7083

  • tad
  • tad's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 20
  • Thank you received: 0
I've switched to Saml2 as authentication with your help.
Login is possible, but Iv'e had problems with the old projects.
The username is not the same anymore. Now it's the full e-mailadres and before it was only the first part.
I've tried changing the username in the database, but then I only saw the projects in the recycle bin.
Then I've changed the names of the folders in the database not just user.sdf, but user.sdf@hi...
The list of projects are now available, but can't be edited, because they look empty.
Also the students can't access the projects via a link on a particular site anymore. They always get the authentication page for Google, but they need it without login. The Saml login is only for editing.
I've switched back to ldap for the moment.
What is the right strategy I should use for the students and for our teachers who've made already a lot of content?

Please Log in or Create an account to join the conversation.

Saml2 with Google 3 years 11 months ago #7084

  • tom
  • tom's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 1283
  • Thank you received: 323
This is just not trivial and requires some intimate knowledge on Xerte

1. Changing the authentication should NOT change the way students use the LO's, so I don't understand why all of a sudden students would need to login (unless the LO is set to be protected by password, instead of public and/or 'Other'

2. When changing the login, the database needs to change. There will be extra items in the logindetails table (new users) and those changes need to be reflected by
a. changing database entries and file system changes yourself (changes are required in the templatedetials, the templaterights, the folderdetails table and the aditional_sharing table in the database, and changes in the foldername in the USER-FILES folders)
b. Move ownership from the old username to the new username in the management page (possible user by user since version 3.9)
c. Create a script.

3. You could also customize xertesso.php, in such a way that the username coming from google is transformed into the old username, or uses an attrinute containing the old username. Drawback is that you would need to reapply that change everytime the installation is upgraded.
The following user(s) said Thank You: tad

Please Log in or Create an account to join the conversation.

Last edit: by tom.

Saml2 with Google 3 years 11 months ago #7086

  • tad
  • tad's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 20
  • Thank you received: 0
Thank you for your help.
It's solved with a small change in our xertesso.php on line 54
//$xertedata = $_SESSION[0]; // uid
$uidAdjusted = $_SESSION[0]; // uid
$xertedata = substr($uidAdjusted,0,strrpos($uidAdjusted,'@'));
I'll have to change it every update, but that's no problem.

Please Log in or Create an account to join the conversation.

Last edit: by tad.
  • Page:
  • 1
Forum
Main Forum
Installation
Saml2 with Google
Time to create page: 0.062 seconds
Main Pages
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search