Over the years, Catalyst has worked on Single Sign On (SSO) bodies of work with ADFS, OpenAM and Shibboleth.
SSO capabilities
Integrating with our client's authentication solutions means helping them achieve SSO capabilities. This means that their students log in once and have a seamless experience across all of their browsing activity. When this is done in partnership with a consistent look and feel, a student is able to cross into and out of Moodle while preserving a common user session. They are never prompted to enter login and password details as part of their browsing journey.
The identity and access management landscape is a smorgasbord of acronym soup, a collection of dense inscrutable specifications. The industry standard for cross-site authentication, Security Assertion Markup Language (SAML), is a mature and secure protocol that has great support. Other common protocols include LDAP, OAuth and OpenID, but none of these offer a perfectly seamless SSO experience. For example, LDAP authentication often means typing in your login and password again and again for each app and OAuth may mean the user has to approve each application in a pointless confirmation step. Only SAML offers proper Single Logout; sign out once, and sign out everywhere.
Rolling out SAML-based authentication
Our experience is that rolling out SAML-based authentication into Moodle is not a trivial task. This has been detrimental to the adoption of SAML-based identity management. This is in contrast to using SAML in other applications, where it’s often as simple as either uploading an XML file or adding a URL to an admin screen.
SAML in Moodle
SAML in Moodle has been a bit of a second-class citizen by comparison, requiring not only a Moodle authentication plugin but also another whole extra application (either SimpleSamlPHP or Shibboleth) to be installed, configured and managed. Configuring these applications can be tricky and requires specialist domain knowledge. For many Moodle administrators, this meant the benefits of SAML were never realised.
Catalyst decided to start from scratch and write a clean simple Moodle authentication plugin the way it should be done. Setting it up(external link) is a breeze and can be done in a minute.
Catalyst hopes that this improves the adoption of SAML and offers a smoother experience to your students. If you have any SAML or Moodle queries or would like to see more features added to this plugin to support your business better, contact us, we’d love to help.