I've written a custom plugin that allows for url login. Users entering my Moodle site this way, all come from the same external site and can be identified based on the url.
When their login fails, I would like to redirect them back to a "login failed" page on the external website, instead of the normal login failed routine on my own moodle site.
Is there a function in Moodle to redirect users from within an authentication plugin? Part of the problem is that by the time the plugin is being processed, the header has already been processed. Setting variables in the header is therefore not effective.
Any help is appreciated.
I believe you could do this with loginpage_hook() in your auth plugin as this is called before output, then using the moodle redirect() function in your plugin. See auth/ldap/auth.php for a non-trivial example of doing that.
Related
I have an ASP .Net MVC5 application using Azure AD Authentication. Whenever I enter URL, it takes me for authentication (if not done already) using a URL of this sort.
https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/authorize?
There are 3 questions
Can I say its using OAuth2 ?
If someone enters a url for a page e.g. https://mydomain/Category/View/1, then it goes for auth (which is alright), but then post successful authentication, it should redirect me to the originally requested URL but currently its taking me to the root URL https://mydomain . But subsequent ones, work fine once authenticated.
Currently the auth happens every 1 hr I believe..how can I extend it to every 4 hrs ?
Will be helpful to see your suggestions.
Cheers.
According to your description of point 2, would you like to achieve that, visiting a url -> direct to login page -> redirect to that url? If so, I think this document can help you.
In my opinion, if I wanna a demo app or app just for simple test, just add all possible url to the redirect configuration form. If I need to do an formal app or I need to make it easy to maintain, I use the idea in the above document. I think the centeral thought is creating a specific place to control url redirecting, including judgment, and only need to add this specific url to the redirect configuration in azure portal. If you wanna a sample, may this document will help you.
To point 3, emmm perhaps you can search for some key words like 'azure ad authentication set token lifetime policy', I found several powershell scripts but I haven't tested. If you haven't got the result I will do some test on it next Monday.
I have a Drupal site and a Moodle subsite within Drupal.
At the moment, the URL structure to access Moodle is as follows: www.mydrupal.com/moodle
I don't want users going directly to Moodle when they return, i.e. they always have to access Moodle via a link in Drupal. This helps to set some essential session variables.
So, is there a way to obfuscate the Moodle part of the URL - like a sequence of characters which is altered at regular intervals?
i.e., www.mydrupal.com/owhefihewhf
I want to use such a measure to discourage bookmarking the Moodle part of the site. Can anyone recommend such a solution?
Changing the URL of your moodle regularly would involve updating the moodle database each time you change the URL.
The easiest workaround which prevents the mentioned case above (bookmarking) would be an page, which includes moodle using an Iframe, like (www.mydrupal.com/learning). So the actual moodle URL would not be visible to the common visitor. The mentioned page can check if session varaibles exist, if so, show iframe, otherwise redirect to Drupal/Loginpage.
Another option would be having an own authentification plugin in Moodle, which will either user Drupal authentification for a SSO, or at least check if your session variables are set.
I am preparing to work on a project where I need to display a dashboard from an online application. Unfortunately, the use of an API is currently not possible. The dashboard can be embedded in an iFrame. However, when it is displayed it will prompt the user viewing the dashboard to login to an account.
I have one paid account to this service. Are there any rails gems to login to the service before the iFrame is processed?
Or would a proxy within my rails app be a better route to go?
Any pointers are appreciated!
Neither a Rails gems nor a proxy within your rails will work and they same have the same limitation.
They are both running on the back-end, server side.
The authentication you need is client side.
Unless you mean proxy the ENTIRE thing, the auth request and all subsequent requests and user interactions with this dashboard. That should work but (see below)
The way authentication works (pretty much universally) is: once you log in to any system, it stores a cookie on your browser and then the browser sends that cookie for every subsequent request.
If you authenticate on the backend, that cookie will be sent to your rails code and will die there, and the users browser will never know about it.
Also - it is not possible to do the auth server side and capture the cookie and then have the user browse the site with their browser directly, for two reasons:
Sometimes auth cookies use information about the browser or HTTP client to encrypt the cookie, so sending the same cookie from a different client wont work
You can not tell a browser to send a cookie to a domain different than your own.
So your options are, off the top of my head right now:
If there is a login page that accepts form submissions from other domains, you could try to simulate a form submission directly to that sites "after login" page. (The page the user gets directed to once they fill up the login form). Any modern web framework as XSRF protection (Cross Site Request Forgery protection) and will disallow this approach for security reasons.
See if the auth this site uses has any kind of OAUTH, Single Sign On (SSO) or similar type of authentication integration that you can do. (Similar to an API, so you may have already explored this option)
Proxy all requests to this site through your server. You will have to rewrite the entire HTML so that all images, CSS, stylesheets, and all other assets are also routed through the proxy or else the URLs are rewritten in the HTML to not be relative. You might hit various walls if a site wasn't designed for this use case. From things like the site using relative URL's for assets that you aren't proxying, the site referencing non-relative URL's causing cross-domain errors, etc. Note its really hard to re-write every single last assets reference, its not only the HTML you're worried about, Javascript can have URL's in it too, and CSS can as well.
You could write a bookmarklet or a browser extension that logs the user into the site.
Have everyone install Lastpass
Have everyone install the TamperMonkey browser extension (and others like it for other browser), and write a small User Script to run custom javascript automatically to log the user in on that site
Scrape that site for the info you need and serve it on your own site.
OK I'm out of ideas. :)
I've developed a simple set of pages using ASP.NET MVC - then hosted them in IIS 7.5.
These are just visual pages with no data behind them.
The server is online and I didn't want the casual observer to be able to access them so simply set IIS up with basic authentication. I then created a limited demo account so that I could send details to customers so they can take a look at these visual pages.
When going to the url:
www.myserver/mysite/home/index
The browsers username and password box pops up as I would expect.
I then type in the details for my demo account.
However after a succesful authentication rather being taken to
www.myserver/mysite/home/index
My browser instead trys to take me to something along the lines of:
www.myserver/mysite/home/index/login.aspx?ReturnURL=.....
If I then return to the original URL it loads correctly.
How can I prevent the redirect following the sucsesful login?
I have a web application that I am trying not to recompile since there is little documentation and the environment is a little sensitive.
With that in mind, all I am trying to do is hijack the authentication mechanism to redirect to one of a couple replacement websites. To that end, there is an authentication service and an authentication controller. The website redirects to /auth/login when the user comes unauthenticated.
In the views folder I have built an alternative /auth/login_new.gsp and from there can authenticate the user and get a redirection back to /auth/redirect.gsp at some frequency but not 100%. That redirect page takes a value from the DB and redirects the user to the correct follow on website. When I run authentication from /auth/login, the site ignores the redirect request to /auth/redirect.gsp.
I had set the show pages for all the different controllers to window.location.href="/auth/redirect.gsp" but I can't get it to go there 100%. I have also reset the layout/domain.gsp file to gut the other functionality of the site and script redirect as well. I was getting errors with duplicate redirect attempts, but now I just go to a dead/gutted homepage...
Any suggestions on how I can dodge the recompile?
Thanks
Leif