Forums | Mahara Community
Multiple Institutions - login options denied: CAS XMLRPC
06 February 2018, 9:27 PM
Hi! Trying to add a second Institution on a Mahara that has a working SSO with a Moodle instance.
Mahara version: 16.04.1
Moodle version 3.2.4 (Build: 20170710)
The Institution that we have in Mahara ( in addition to the default "No institution") works well and has in config page 3 ways of login:
The new test institution are denied these 3 ways.
CAS is not possible to choose: In the drop-down menu with different alternatives the CAS alternatives i s not clickable and says:
": You can only have one instance of the CAS authenification plugin "
XML-RPC complains on that we can't use the same webroot for the moodle instance - but that is what we need.
So what are we missing here?! Of course they can only automatically get one institution, but how does that work?
Does Mahara only let user belong in one institution?!
Any clues appreciated!
Best Regards, Niklas
09 February 2018, 8:36 AM
CAS is a third-party plugin and it might be restricted to only work with one institution on a Mahara site.
As for MNet, it definitely only works with one institution. That is a known restrictions and one of the reasons why LTI (available from Mahara 17.04 onwards) is better. With MNet you can only connect one Moodle to one Mahara institutions but not to more than one as MNet doesn't allow for a differentiation between institutions as you connect to the entire site.
You don't have that restriction with LTI. Though right now I would think that CAS can't be set as parent authority to LTI and work out of the box. We needed to make some adjustments to SAML to make that work.
Are you able to use Shibboleth / SAML instead of CAS and thus work with a built-in auth method in Mahara?
If you can't upgrade and need to rely on MNet, you could do a workaround by allowing multiple institutions on your instance, have everyone authenticate via MNet / CAS into one institution and then add people to their respective institutions on Mahara. Their authentication method will remain with the initial institution unless you change that. That way, all can log in but still also be in another institution, e.g. to receive templates automatically.