Forums | Mahara Community

Open Discussion /
Alumni access to Mahara


anonymous profile picture
Account deleted
Posts: 13

05 July 2011, 8:46

I am employed on a project at the University of Kent which aims to prove a link between employability and PDP. One of the ways we are hoping to acheive this is by monitoring and requesting feedback from a focus group using Mahara. Mahara is to be rolled out campus wide at Kent from September.

One of the issues we need to tackle is how we can give continued access to graduates once they are no longer members of the university. Whilst our users are studying we use LDAP to authenticate but fear we will not get permission to continue with this method post graduation.

I have been looking into controlling the authentication method via institution membership but have not had a lot of success in finding documentation on this. I am seeking answers to questions such as - what happens if a user belongs to more than one instituion with conflicting authentication methods. Which one wins? If one log in fails can the user try another?

It would also seem that there is no automated process for joining users to an institution. Potentially we could have up to 4000 users graduating at a time. Sure our developers can write a script but I was wondering if anyone else had gone down this route yet and had any tips to share.

Ruslan Kabalin's profile picture
Posts: 146

05 July 2011, 10:28

Hello Leo,

For the first part of your question - you may consider using some sort of public authentication mechanisms such as OpenID (though we do not have such plugin for Mahara yet). There is a Janrain Social Login plugin we developed earlier this year that provides authentication to mahara through numberous providers (such as twitter, facebook, linkedin, google, openid and many others), but the Janrain service itself is not free (if you expect more than 2500 unique users per year).

Geoff Rowland's profile picture
Posts: 108

05 July 2011, 10:52

Hi Leo

We, and I suspect lots of other institutions, have been thinking along the same lines. In our case, Mahara authenticates to LDAP via Mnet with Moodle. So, we were thinking that alumni would lose their Moodle account but retain their Mahara account indefinitely (lifelong learning and all that!) .

So, we would also like a bulk way (script?, interface?) to convert Mahara accounts to manual (or some other authentication system, OpenID? SAML?)

Regards

Geoff

Ruslan Kabalin's profile picture
Posts: 146

05 July 2011, 11:20

Regarding your second question about the conflicting authentication methods, each mahara user has an authentication method setting (see particular user account settings). That method specified in account is always used when user logs in. Also it is not necessary that auth method in user account should be related to the same institution user is in. User A can be a member of institution A only, but can authenticate through institution B (if that is required). After sucessful login user wil remain a member of Insitution A only.

Multiple institution membership does not affect authentication methods used for existing user authentication, only the method specified in the user account settings will be used. Institution authentication methods are linked to institutions only and important for the new user creation or initial external authentication (when user is being auto-created).

anonymous profile picture
Account deleted
Posts: 214

05 July 2011, 11:23

Hi Leo,

In terms of coding, it's fairly trivial. If you've already set up your alternative auth mechanism, then you should be able to simply update the relevant users. I'd advise using the API rather than directly hitting the database though.

You could also move all users to a separate institution, in which case you may be interested in the Isolated Institutions feature that we (LUNS) wrote, and are hoping to get into  Mahara 1.5 this year.

As Ruslan suggests, the Janrain plugin (also by LUNS) could also be of interest to you to provide an alternative source of authentication.

In terms of the auth mechanisms side of things, I'm afraid I'm not sure what documentation there is -- this is all from memory of having delved into it in the past for another client:

Each user has an entry in the usr table. One of the fields in there is the 'authinstance'. This is a reference to the 'auth_instance' table. A user may only have one authinstance defined.

If a user belongs to multiple institutions, they will only every authenticate against their primary auth instance. The auth instance is only used for logging in. Once a user is logged in they will have access to all of the institutions they belong to.

Hope that this helps at least a little,

Andrew

Kristina Hoeppner's profile picture
Posts: 4717

05 July 2011, 14:50

Hello Leo,

I'd also suggest moving your students to a different institution. That way it is easier for you as administrator to know who is an alumni and who isn't.

Catalyst has been working on improving things for moving students from one institution to another. The process is documented here and makes it easy to take students out of an institution and put them into a different one that can have a different authentication method altogether. This feature is a Mahara 1.5 feature.

Cheers

Kristina

anonymous profile picture
Account deleted
Posts: 13

06 July 2011, 8:07

Thanks to all for some very useful replies. Heartening to see how many are active on these forums. Perhpas not as daunting a task as I originally envisaged......

7 results