Articles in this section

Configuring ADFS with Moodle

  • Updated

Overview

This article describes the process to install and configure ADFS with a Moodle LMS.

Client Dependency

  1. Request ADFS Identity Provider Metadata from the Client IT Contact. (This is an XML File containing Certificate and URL Endpoint data.)
  2. Request temporary test account to test user authentication.

Process

Step 1:Enable SAML2 Authentication Method

 
  1. Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication

  2. Click Eye Icon to enable SAML2 Authentication Method in Available Authentication Plugins table.

Step 2: Configure Identity Metadata

  1. Select SAML2 / Settings in Available Authentication Plugins table.

  2. Copy Client supplied XML Metadata from into configuration.

Step 3: Regenerate certificate

Use the following framework to fill in the fields:

Key Example Value
Country Name e.g. AU/NZ
State or Province Name e.g. VIC/NSW/TAS
Locality Name e.g. Melbourne, Sydney, Hobard
Organisation Name Client Name
Organisational Unit Name Client Business Unit e.g. Learning and Development
Common Name Client Website Domain Name e.g. clientname.learnbook.com.au
Email Must be support@ecreators.com.au
Expiry Days Leave as default (10 years)

Step 4: Send Client SP Metadata

Send a communication to the Client IT Contact with the URL to the SP Metadata.

This URL will look like: http://clientname.learnbook.com.au/auth/saml2/sp/metadata.php?download=1

The Client IT Contact will use this information to whitelist the LMS to use ADFS.

Step 5: Additional Configuration

Configure the plugin to use the following options:

Key Value
Dual Login Yes
Debugging Yes
Lower Case Yes
Auto create users Yes

Step 6: Test Claims

  1. Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication
  2. Select Test Settings in Available Authentication Plugins table.
  3. Client Authentication Page should be presented in Web Browser.
  4. Authenticate using temporary test credentials.
  5. View Claims Debugging Output

Claims Debugging Output should look similar to:

Client Side Testing

The Client IT Contact may use this URL to test Claims:

http://clientname.learnbook.com.au/auth/saml2/test.php

Step 7: Configure Profile Mapping

  1. Navigate to Site Administration -> Plugins -> Authentication -> Manage Authentication
  2. Select SAML2 / Edit Settings in the Available Authentication plugins table.
  3. Using the information provided in Step 6: Testing Claims update the configuration using the following information:

IdP to Moodle Mapping

The value of this attribute may vary from system to system, but should be set as the key representing the Window Account Username.

In this example the value is: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname

Data Mapping

These values may vary from system to system, but should be set as the key representing the field.

Field Possible Value
First name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Email address http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Update Local / Locked Value

These values should be set to the following in all cases:

  1. Update Local = On Every Login
  2. Lock Value = Locked
 

Step 8: Test Authentication

  1. Logout and use Login Button to test ADFS Credentials
  2. Using the supplied test credentials complete a user authentication process and ensure all data attributes are mapped correctly.
  3. Logout and login as Administrator Profile
  4. Navigate to Site Administration -> Users -> Browse List of Users
  5. Ensure Data Fields have mapped correctly. 

 

Step 9: Complete

 

 

 

Related articles