Online Help

SafeNet Trusted Access for Moodle

Overview

The application template provides the ability to enable single sign-on for users accessing the Moodle application through SafeNet Trusted Access.

The following use cases can be configured for Moodle:

SP-initiated SSO

Single logout

Just-in-Time (JIT) provisioning

Configuring SafeNet Trusted Access for Moodle is a three-step process:

1.Moodle setup

2.SafeNet Trusted Access setup

3.Verify authentication

Moodle Setup

As prerequisites,

Moodle v3.7.1 is installed and configured.

Linux operating system (for example, Ubuntu flavor) is installed.

Moodle site must be configured using HTTPS protocol.

Download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Moodle:

1.Download the Moodle SAML plugin .zip file by using the URL, https://moodle.org/plugins/pluginversions.php?plugin=auth_saml2

2.Extract the zip file and save it on your local machine.

3.Run the following command on Ubuntu terminal to copy the extracted folder (saml2) to the Moodle Authentication directory:

sudo cp –r <Extracted folder path> <Moodle Directory>/auth

For example,

sudo cp –r /home/user/Downloads/saml2 /var/www/html/moodle/auth

4.Log in to Moodle Site as an administrator using the <Web address>/login URL. Here, <Web address> is the URL from where Moodle will be accessed.

For example, https://10.101.32.415/moodle/login

5.Under Plugins check, in the Plugins requiring attention table, ensure that the SAML2 authentication method is listed.

6.Click Upgrade Moodle database now.

7.Under Upgrading to new version, click Continue.

8.In a text editor, open the IdP metadata that you downloaded earlier from the STA console and copy the entire metadata text.

9.Under New settings – SAML2, perform the following steps:

a.In the IdP metadata xml OR public xml URL field, paste the metadata text that you copied in the previous step.

b.Scroll down, in the Dual login field, select No.

c.Optional: By default, Just-in-time (JIT) provisioning is disabled. To enable JIT, scroll down, in the Auto create users field, select Yes.

d.At the bottom of the page, click Save changes.

10.In the left pane, click Site administration.

11.In the right pane, under Site administration, click the Plugins tab.

12. On the Plugins tab, scroll down, under Authentication, click Manage authentication.

13.Under Manage authentication > Available authentication plugins, perform the following steps:

a.Enable the SAML2 plugin by clicking the icon.

b.Click on the Settings link, corresponding to the SAML2 plugin.

14. Under SAML2, scroll down, in the SP Metadata field, click Download SP Metadata. The Moodle metadata will be downloaded automatically and save it on your local machine.

You will need the Moodle metadata file while configuring SafeNet Trusted Access.

Note:  If JIT provisioning is enabled, do not follow the next step.

15.Perform the following steps to assign SAML authentication to existing users:

a.In the left pane, click Site administration.

b.In the right pane, under Site administration, click the Users tab.

c.Under Accounts, click on the Browse list of users link.

d.Click the Edit iconcorresponding to the user whose authentication method you want to modify.

e.Under General, in the Choose an authentication method field, select SAML2.

f.Scroll down, click Update profile.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Moodle, the second step is to activate the Moodle application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Moodle application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Moodle) and proceed to the next step.

2. Under STA Setup, perform the following steps:

a.Click Upload Moodle Metadata.

b.On the Metadata upload window, click Browse to search and select Moodle metadata, you saved in step 14 of Moodle Setup.

Under Account Details, the service provider metadata information is displayed.

c.Under User Portal Settings, in the SERVICE LOGIN URL field, enter <Web address>/login, where <Web address> is the URL where Moodle will be accessed.

For example, https://10.101.32.415/moodle/login

d.Click Save Configuration to save the details and activate the Moodle application in SafeNet Trusted Access.

 

Verify Authentication

Using STA Console

Navigate to the Moodle site URL, <Web address>/login, where <Web address> is the URL, where Moodle will be accessed.

For example, https://10.101.32.415/moodle/login

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Moodle site after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Moodle application icon. You should be successfully logged in to the Moodle site after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.