The document discusses authentication systems for the Claroline learning management system. It describes Claroline's local authentication which stores usernames and passwords locally, and external authentication which integrates with directory services like LDAP. It also discusses single sign-on authentication using solutions like CAS, and how to configure Claroline with external authentication and CAS. Potential improvements are also outlined such as packaging authentication drivers for download.

1. Claroline and
Authentication
Systems
Mathieu Laurent
Developer at CERDECAM
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

2. Table of content
Claroline Local Authentication
Principles, Functionalities
●
Claroline External Authentication
Principles, Advantages, PEAR::Auth, How to configure with
●
Claroline, Possible improvements
Claroline and Single Sign-On (SSO)
Principles, Advantages, SSO solutions, How to configure CAS
●
and Claroline, Possible improvements
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

3. Table of content
Claroline Local Authentication
Principles, Functionalities
●
Claroline External Authentication
Principles, Advantages, PEAR::Auth, How to configure with
●
Claroline, Possible improvements
Claroline and Single Sign-On (SSO)
Principles, Advantages, SSO solutions, How to configure CAS
●
and Claroline, Possible improvements
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

4. Local Authentication
Principles
Login and password stored in database
●
Clear or encrypted password
●
Users MySQL
Claroline
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

5. Local Authentication
Functionalities
Standalone
●
Import list of users (CSV)
●
Manage classes of users
●
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

6. Table of content
Claroline Local Authentication
Principles, Functionalities
●
Claroline External Authentication
Principles, Advantages, PEAR::Auth, How to configure with
●
Claroline, Possible improvements
Claroline and Single Sign-On (SSO)
Principles, Advantages, SSO solutions, How to configure CAS
●
and Claroline, Possible improvements
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

7. External Authentication
Principles
Authentication on the institution's directory or an
●
other external authentication system
Add user information in Claroline, if not exists
●
Users Directory
Claroline
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

8. External Authentication
Advantages
Improves the integration of Claroline into your existing computer
●
network environment
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

9. External Authentication
PEAR::Auth
Claroline external authentication is powered by PEAR:Auth
PEAR::Auth is an official package from http://pear.php.net
●
PEAR::Auth provides methods for creating an authentication
●
system using PHP
PEAR::Auth supports a significant number of systems (LDAP
●
servers, 14 databases from Oracle to ODBC, POP3 servers,
IMAP servers, vpopmail accounts, RADIUS, SAMBA password
files and SOAP)
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

10. External Authentication
How to configure with Claroline (part 1)
platform/conf/auth.drivers.conf.php
●
/* LDAP */
$extAuthSource['ldap']['login' ] =
$clarolineRepositorySys.'/auth/extauth/drivers/ldap.inc.php';
$extAuthSource['ldap']['newUser'] =
$clarolineRepositorySys.'/auth/extauth/drivers/ldap.inc.php';
/* DB GENERIC */
// $extAuthSource['db­generic']['login' ] =
$clarolineRepositorySys.'/auth/extauth/drivers/ldap.inc.php';
// $extAuthSource['db­generic']['newUser'] =
$clarolineRepositorySys.'/auth/extauth/drivers/ldap.inc.php';
...
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

11. External Authentication
How to configure with Claroline (part 2)
claroline/auth/extauth/drivers/*.inc.php.dist
●
$extAuthOptionList = array(
'url' => 'ldap://server_address',
'port' => '636',
'basedn' => 'ou=personne,o=your organisation unit,c=domain',
'userattr' => 'uid',
'useroc' => 'person',
'attributes' => array('sn', 'givenName', 'telephoneNumber','mail'),
'attrformat' => 'AUTH_LDAP_ATTR_AUTH_STYLE',
'debug' => false
);
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

12. External Authentication
Possible improvements
Import users from directory to Claroline
●
Synchronization tool between Claroline and the
●
directory
Use directory's hierarchy to build classes
●
Add a user search tool in the directory to enrol user
●
Packaging of the external authentication drivers
●
(for download on Claroline website)
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

13. Table of content
Claroline Local Authentication
Principles, Functionalities
●
Claroline External Authentication
Principles, Advantages, PEAR::Auth, How to configure with
●
Claroline, Possible improvements
Claroline and Single Sign-On (SSO)
Principles, Advantages, SSO solutions, How to configure
●
CAS and Claroline, Possible improvements
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

14. Single Sign-On Authentication
Principles (part 1)
Authentication process enabling user to authenticate
once and gain access to multiple systems
For example :
Once authenticated in the library catalogue, students
don't have to re-enter their password to access
their Claroline courses or their web mail.
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

15. Single Sign-On Authentication
Principles (part 2)
1. Request on Claroline (click
on « Magic Login »)
2. Request on SSO (with the
Claroline
SSO cookie)
1
4
3. Authentication by SSO
(receive a ticket)
5
Users
4. Redirection to Claroline
(give the ticket)
3
2
5. Validation between
Claroline and SSO (with
SSO
the ticket)
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

16. Single Sign-On Authentication
Advantages
Unique way for the authentication
●
Type once password to access all applications
●
(more easy for users)
Use more secure password
●
No clear password on the network, use secure
●
connections for authentication (SSL)
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

17. Single Sign-On Authentication
SSO Solutions
CAS (Central Authentication Service)
●
Shibboleth
●
OpenId
●
LCS
●
OpenLDAP
●
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

18. Single Sign-On Authentication
How to configure CAS and Claroline
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

19. Single Sign-On Authentication
Possible improvements
SSO drivers
●
Packaging of the SSO drivers (for download on
●
Claroline website)
Combine with external authentication system to
●
add new user on Claroline
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems

20. Thanks. Questions ?
Site : http://www.claroline.net/
●
Documentation : http://www.claroline/doc/en
●
Support : http://www.claroline.net/forum/
●
Contact : info@claroline.net
●
[ACCU - Vigo / 24th May 2007]
Claroline and authentication systems