Forums | Mahara Community

Support /
Authentication methods and user upload


anonymous profile picture
Account deleted
Posts: 15

20 September 2012, 6:04

Hello,


At the department of Informatics at Lund University we use Mahara 1.5.1 for the eportfolio on the Bachelor programme. We now use internal authentication for the users.


However, the university has a central authentication system CAS for all its employees and students, and we think that it would be good to use this for Mahara as well so the students don't need to remember new logins details. We have thus created a new institution using CAS.

My questionnow is: do we still need to create users in Mahara for that institution? If so, what do we do about the required password field in the .csv file? Because of CAS we cannot know or access this data.

On the other hand, if we do not need to create users, does that also mean that anyone that can be authenticated through CAS is a user in our Mahara?

I am very greatful for help and advice on this.

BTW, it would be good if there was a search facility for the topics in the fora. Or maybe I did not notice it...

Kristina Hoeppner's profile picture
Posts: 4717

20 September 2012, 14:49

Hello Odd,

Did you use the CAS plugin from Patrick? If so, users can be auto-created in Mahara as per the readme file: "After authentication to the 'central CAS' server, user account will be autocreated if needed". Thus, you wouldn't have to create the users manually. As I haven't played with the plugin yet, I don't know if you can turn that function of, but I would assume you can.

You can change the authentication method for your existing users to CAS so that they don't get a new account: http://manual.mahara.org/en/1.5/site_admin/users.html#new15-change-the-authentication-method-and-remote-username-in-bulk

If you allow for auto-creation of accounts, anyone with a CAS account would be able to use Mahara.

Sorry that the search does not work well in the forums. Unfortunately, duckduck cannot be configured differently to show results that are further down the list of forum topics and another search we tried didn't yield better results either. We don't yet have fulltext search for Mahara.

Cheers

Kristina

anonymous profile picture
Account deleted
Posts: 15

21 September 2012, 3:05

Hello Kristina,

Tank you for your swift reply, but I still don't understand fully.

The CAS (probably Central Authentication System or such) we use is a kind of authentication portal to a number of systems (faculty db, payroll system, email, etc.). The CAS is run by the university's IT-department. It is probably not the same as the CAS plugin for Mahara...

Anyway, every autumn a new batch of IS programme students begin and those should have a accounts in Mahara. For this year we want the new students to use the same authentication as for CAS (some kind of LDAP) so we now have an institution 'Informatics: CAS' The old students will continue with the internal 'Informatics', so we will not change authentication method for these.

We do not want to permit auto create of accounts, since CAS in that case would allow all potential 50 000 or so users to create an account in Mahara. Nightmarish! Hence, we probably need to create user accounts for the new students using a .csv file, as we have done hitherto with internal authentication.

Is it thus possible to create users using a .csv file without data for the password field for the institution 'Informatics: CAS' which uses a central and external directory for authentication? All I really want to do is to create user in our Mahara that uses the authentication provided through CAS so we don't burden the students with a new set of id's and passwords.

I'm beginning to suspects that I have misunderstood something about authentication...

Sincerely,

Odd

anonymous profile picture
Account deleted
Posts: 15

21 September 2012, 3:39

Well, I was wrong, the CAS module is installed and uses the ldap CAS for authentication... I didn't know there were to different CAS active at the same time :)

I'll try to figure this out, but I'm still confused about the .csv file.

/Odd

anonymous profile picture
Account deleted
Posts: 15

21 September 2012, 4:04

The login for me worked, so the CAS+CAS worked fine!

I also tested to create an account from a .csv file without providing any data for the password field and that worked fine too. Thus, it should work!

I just need a dummy user to test, but that's another story... So I think this discussion is ended now :)

/Odd

Kristina Hoeppner's profile picture
Posts: 4717

02 October 2012, 22:43

Hello Odd,

Sorry for not replying for so long. I haven't used the CAS auth plugin for Mahara so can't give you much info there.

Too bad that you can't turn off the auto-creation of accounts. That could be a nice additional feature.

As for the creation of accounts via the CSV file: You need a password for new accounts. That will be the internal Mahara password. I suggest you create the CSV file including the remote username (CAS username) and then also link it immediately to the CAS auth method. When you upload the CSV file, simply don't email the users about their accounts (there's a check box for that on the screen) and they should be fine to log in with their CAS details and don't have to worry about an internal Mahara password.

You can also update your existing users to CAS by creating a second CSV file in which you include their remote username (CAS login) and change the auth method to CAS as well and place a tick next to the "Update users" checkbox and again, don't email the users.

Cheers

Kristina

anonymous profile picture
Account deleted
Posts: 26

03 October 2012, 1:08

@Kristina, 

>Too bad that you can't turn off the auto-creation of accounts. That could be a nice additional feature.

Yes but my contributed CAS auth plugin extends the official LDAP auth plugin (in OOP meaning) that does not have this option either. 

To implement optional auto-creation of users, you would have to patch 'official mahara code', i.e. function login_submit() in auth/lib.php where the autocreation is handled. 

Problem is that if autocreation is turned off, one would have to redirect user to some error page stating that despite the fact he has successfully passed central authentication, access to Mahara cannot be granted due to some restrictions.

Cheers.

anonymous profile picture
Account deleted
Posts: 26

21 September 2012, 19:27

Hello Kristina,

>As I haven't played with the plugin >yet, I don't know if you can turn that function of, but I would assume you can.

 

No you currently can't turn it off. If authentication succeeds on the CAS side, there is no way to reject Mahara access, so like the Moodle CAS plugin, if you do have a valid CAS/LDAP account in the institution, you can login to Mahara and your account will be 'automagically created or updated' if needed using data from the LDAP server 

 

Cheers.

A post by Account deleted was deleted

A post by Account deleted was deleted

17 results