User provisioning and attribute profile mapping with Moodle and WSO2 Identity Server
This is the continuation of how to configure SAML2 Web SSO with WSO2 Identity Server and Moodle. I will guide you on how the attribute mappings and user provisioning can be done using WSO2 Identity Server and Moodle.
In order to do this we need to make sure that the attributes on the WSO2 Identity Server maps with the corresponding attributes in Moodle. This plugin provides the capability to auto provision users in Moodle. If a new user who is not registered in Moodle but is registered in the WSO2 Identity Server needs to be created in Moodle we can make use of these mappings.
Let's get started on the configurations.
First let's carry out the configs on the moodle end.
1) Same way as we did in the post [1]. Navigate to the Moodle's authentication plugins section and select the Settings of the OneLogin SAML SSO Authentication plugin.
2) Check the following two options.
- Create user if not exists
- Update user data
3) Next we need to do the attribute mappings. Provide the WSO2 identity Server claims which you want to map with the attributes on Moodle. Refer the below mapping which i created as an example.
Username - http://wso2.org/claims/displayName
Email Address - http://wso2.org/claims/emailaddress
First Name - http://wso2.org/claims/givenname
Surname - http://wso2.org/claims/lastname
Role - http://wso2.org/claims/role
4) Set the role mappings to the admin role as below. You can see what the new configurations look like now on the Moodle end.
Save the configuration.
Now let's configure the Identity server to pass these attributes in the SAML response over to the Moodle end so the mappings can happen correctly.
1) Log into the WSO2 Identity Server and edit the service provider configuration.
2) Expand the claim configuration section and add the following local claims. You can enable the ones you want to retrieve from the users as mandatory claims so that they will be automatically set on the Moodle's end. You can read more about mandatory claims and claim mappings here. [2]
Add the claims as indicated in the image below
3) Save the configurations.
Note - In order to map the site administrator of Moodle to the admin user of the Identity Server make sure that all the user attributes in the profile of the admin user are exactly identical to the Moodle admin user which you created in Moodle initially.
Let's try it out
First let's log in as the admin user.
Navigate to the url http://localhost/moodle/ which will redirect you to the Identity Server. Provide the Identity Server admin credentials. You will see you are successfully logged in as the admin user of Moodle.
[1] http://shenavid.blogspot.com/2017/10/configure-wso2-identity-server-for.html
[2] https://docs.wso2.com/display/IS530/Configuring+Claims+for+a+Service+Provider
[3] https://docs.wso2.com/display/IS530/Configuring+Users#ConfiguringUsers-Addinganewuserandassigningroles
Now let's see how Moodle will provision and auto create new users which are available on the WSO2 identity Server in Moodle automatically.
1) Add a new user in the WSO2 Identity Server. You can refer the documentation [3] on how to add a new user to the Identity Server.
2) Login to Moodle using that user. I created a user named moodleuser in the WSO2 Identity Server and assigned the user to the role Application/moodle_php_saml in order to test this scenario.
3) You will be prompted to enter the missing attribute values which Moodle needs for the user creation.
4) Submit after entering the details. Then you will be successfully logged into Moodle.
5) Let's now verify if the attributes have been mapped correctly. For that go to Profile -> Edit Profile of the logged in user. As you can see per the below image the attributes have been mapped successfully without additional configuration on the Moodle end.
We have successfully configured SAML2 Web SSO with Moodle and completed the attribute mappings for user provisioning. I hope this post was helpful!
References
[2] https://docs.wso2.com/display/IS530/Configuring+Claims+for+a+Service+Provider
[3] https://docs.wso2.com/display/IS530/Configuring+Users#ConfiguringUsers-Addinganewuserandassigningroles
"great
ReplyDeleteDigital Marketing Training Course in Chennai | Digital Marketing Training Course in Anna Nagar | Digital Marketing Training Course in OMR | Digital Marketing Training Course in Porur | Digital Marketing Training Course in Tambaram | Digital Marketing Training Course in Velachery
"
Nice information.. Hi dear, This is an nice and valuable post thanks for this information! Visit .
ReplyDeleteDigital Marketing Training Course in Chennai | Digital Marketing Training Course in Anna Nagar | Digital Marketing Training Course in OMR | Digital Marketing Training Course in Porur | Digital Marketing Training Course in Tambaram | Digital Marketing Training Course in Velachery
This is so amazing. Great Tips !! Keep publishing great content for your blog. Keep writing and sharing your thoughts with us.
ReplyDeleteDigital Profile Mapping