Overview
This article describes the process to install and configure ADFS with a Moodle LMS.
Client Dependency
- Request ADFS Identity Provider Metadata from the Client IT Contact. (This is an XML File containing Certificate and URL Endpoint data.)
- Request temporary test account to test user authentication.
Process
Step 1:Enable SAML2 Authentication Method
- Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication
- Click Eye Icon to enable SAML2 Authentication Method in Available Authentication Plugins table.
Step 2: Configure Identity Metadata
- Select SAML2 / Settings in Available Authentication Plugins table.
- Copy Client supplied XML Metadata from into configuration.
Step 3: Regenerate certificate
Use the following framework to fill in the fields:
Key | Example Value |
Country Name | e.g. AU/NZ |
State or Province Name | e.g. VIC/NSW/TAS |
Locality Name | e.g. Melbourne, Sydney, Hobard |
Organisation Name | Client Name |
Organisational Unit Name | Client Business Unit e.g. Learning and Development |
Common Name | Client Website Domain Name e.g. clientname.learnbook.com.au |
Must be support@ecreators.com.au | |
Expiry Days | Leave as default (10 years) |
Step 4: Send Client SP Metadata
Send a communication to the Client IT Contact with the URL to the SP Metadata.
This URL will look like: http://clientname.learnbook.com.au/auth/saml2/sp/metadata.php?download=1
The Client IT Contact will use this information to whitelist the LMS to use ADFS.
Step 5: Additional Configuration
Configure the plugin to use the following options:
Key | Value |
Dual Login | Yes |
Debugging | Yes |
Lower Case | Yes |
Auto create users | Yes |
Step 6: Test Claims
- Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication
- Select Test Settings in Available Authentication Plugins table.
- Client Authentication Page should be presented in Web Browser.
- Authenticate using temporary test credentials.
- View Claims Debugging Output
Claims Debugging Output should look similar to:
Client Side Testing
The Client IT Contact may use this URL to test Claims:
http://clientname.learnbook.com.au/auth/saml2/test.php
Step 7: Configure Profile Mapping
- Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication
- Select SAML2 / Edit Settings in the Available Authentication plugins table.
- Using the information provided in Step 6: Testing Claims update the configuration using the following information:
IdP to Moodle Mapping
The value of this attribute may vary from system to system, but should be set as the key representing the Window Account Username.
In this example the value is: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
Data Mapping
These values may vary from system to system, but should be set as the key representing the field.
Field | Possible Value |
First name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Last name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Email address | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Update Local / Locked Value
These values should be set to the following in all cases:
- Update Local = On Every Login
- Lock Value = Locked
Step 8: Test Authentication
- Logout and use Login Button to test ADFS Credentials
- Using the supplied test credentials complete a user authentication process and ensure all data attributes are mapped correctly.
- Logout and login as Administrator Profile
- Navigate to Site Administration -> Users -> Browse List of Users
- Ensure Data Fields have mapped correctly.
Step 9: Complete