External authentification
From ClarolineDoc
Preliminary Note. This document doesn't treat SSO authentification with CAS.
Since Claroline 1.6, the LMS is able to rely on external systems concerning authentication and user profile management. The external authentication is based on a collection of drivers stored inside the Claroline/auth/extauth/drivers directory.
These drivers can be loaded by the Claroline kernel when a user attempts to log on the platform.
To use one of these drivers :
- Open the concerned driver into a text editor and adapt the parameters to your own context .(claroline/extauth/drivers).
- Uncomment the concerned line in the main Claroline configuration file (claroline/inc/conf/auth.conf.php)
How does it work?
These drivers can be called by the Claroline authentication system in two circumstances :
1. When a user has never logged in to the platform beforehand, and tries to log in to Claroline for the first time. No record concerning this user is found in the Claroline system, so it attempts to look for this user on the external authentication systems list specified by its configuration file. When it finds it, Claroline duplicates the user profile into its own user table, stating that it comes from this specific external authentication system.
The driver treating this case is called by the Claroline Kernel by line like this below into the Claroline configuration file :
$extAuthSource['authSourceName']['newUser'] = "path/file";
2. When a user logs in to the platform next time, a record concerning this user is already stored into the Claroline system. On the base of this record, Claroline knows where this user's profile comes from. Then it tries to connect to the concerned external authentication system to check if this user's account is still allowed to connect with this password. It also takes the occasion to update from the external authentication system any user data currently stored in the Claroline system.
The driver treating this case is called by the Claroline Kernel by line like this below into the Claroline configuration file :
$extAuthSource['authSourceName']['login' ] = "path/file";
Driver settings
Each Claroline driver sets 5 parameters :
- $authSourceName : set the identity of the external authentication source.
example : $authSourceName = 'phpnuke';
- $authSourceType : set the technical type of the external authentication source.
example : $authSourceName = 'DB';
- $extAuthOptionList : set the parameters needed to connect to the external authentication source and the field to retrieve in it.
example : $extAuthOptionList = array(
'url' => 'ldap://server_address',
'port' => '636',
'basedn' => 'ou=personne,o=your organisation unit,c=domaine',
'userattr' => 'uid',
'useroc' => 'person',
'attributes' => array('sn', 'givenName', 'telephoneNumber','mail'),
);
- $extAuthAttribNameList : set how the data retrieved from the external authentication source matches the Claroline data structure. The keys are the Claroline attributes and the values are the authentication external attributes.
example : $extAuthAttribNameList = array (
'lastname' => 'sn',
'firstname' => 'givenName',
'email' => 'mail',
'phoneNumber' => 'telephoneNumber',
'authSource' => 'ldap'
);
- $extAuthAttribTreatmentList : set any optional preliminary treatment to the data retrieved from the external authentication source before committing it into Claroline. The keys are the concerned Claroline attribute, and the values are the name of the function which make the treatment. You can use standard PHP function or functions defined by yourself.
example : $extAuthAttribTreatmentList = array (
'lastname' => 'utf8_decode',
'firstname' => 'utf8_decode',
'loginName' => 'utf8_decode',
'email' => 'utf8_decode',
'officialCode' => 'utf8_decode',
'phoneNumber' => 'utf8_decode',
'status' => 'treat_status_from_extauth_to_claroline'
);
PEAR Documentation
The external authentification system of Claroline is based on the PEAR library Auth.
- Pear :: Manual :: Auth (http://pear.php.net/manual/en/package.authentication.auth.php)
- PEAR : Manual :: Auth Drivers (http://pear.php.net/manual/en/package.authentication.auth.intro-storage.php)
