Overview
This document describes the high level configuration required for enabling Single Sign On between Moodle and ADFS.
This document is intended to be used by customer-side IT Administrators with experience managing Windows Server, Active Directory and ADFS environments.
Configuration may differ based on individual customer environments and software versions. This document should be used as a guide while implementing ADFS with the support of eCreators engineers.
Configuration
The following screenshots describe the minimum configuration to be performed by the customer's IT Administrator to implement Single Sign On between Moodle and ADFS.
IT Administrators should start the configuration process by selecting "Add Relying Party Trust...".
Monitoring \ Metadata
Configuration | Description |
Relying party's federation metadata URL | Value supplied by eCreators during configuration stage. |
Monitor relying party | Ensure Checked |
AUtomatically update relying party | Ensure Checked |
Properties \ Advanced \ Secure Hash Algorithm
Configuration | Description |
Secure hash algorithm | SHA-1 |
Properties \ Encryption \ Certificate Install
Configuration | Description |
Install Certificate | Ensure Certificate is installed. Select "Install Certificate..." and follow wizard. |
Edit Claim Rules \ Add UPN Rule
Configuration | Description |
Claim rule name | Moodle UPN |
Incoming claim type | UPN |
Outgoing claim type | Name ID |
Outgoing name ID format | Transient Identifier |
Pass through all claim values | Ensure Enabled |
Edit Claim Rules \ Metadata Claims LDAP
Configuration | Description |
Claim rule name | Metadata |
Attribute store | Active Directory |
Mapping of LDAP attributes to outgoing claim types
LDAP Attribute | Outgoing Claim Type |
Given-Name | Given Name |
SAM-Account-Name | Windows account name |
Surname | Surname |
E-Mail-Addresses | E-Mail Address |
Additional Attributes
Additional attributes may be supported on request during the initial implementation phase. Additional attributes requested post implementation may require a change request.