Developer Area/Core Subsystems/Authentication Plugins: Difference between revisions
From Mahara Wiki
< Developer Area | Core Subsystems
Brettwilkins (talk | contribs) (Created page with "Mahara has a very powerful framework for providing alternate means to authenticate users. By default, Mahara ships with the following plugins: * internal - allow users to auth…") |
No edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 11: | Line 11: | ||
<div id="section_1"> | <div id="section_1"> | ||
==== <br /> Hooks that authentication plugins can provide<br /><br /> Logout ==== | ====<br /> Hooks that authentication plugins can provide<br /><br /> Logout==== | ||
<br /> | <br /> | ||
| Line 30: | Line 30: | ||
</div><div id="section_2"> | </div><div id="section_2"> | ||
==== Login ==== | ====Login==== | ||
At the end of the authentication process, the active authentication plugin's login() method is called. This by default does nothing, but plugins can override it to do things like: | At the end of the authentication process, the active authentication plugin's login() method is called. This by default does nothing, but plugins can override it to do things like: | ||
| Line 40: | Line 40: | ||
</div><div id="section_3"> | </div><div id="section_3"> | ||
==== Other stuff that should go first ==== | ====Other stuff that should go first==== | ||
</div> | </div> | ||
[[Category:Developer Area]][[Category:Plugins]][[Category:Authentication Plugins]] | |||
Latest revision as of 17:00, 16 Mayıs 2011
Mahara has a very powerful framework for providing alternate means to authenticate users. By default, Mahara ships with the following plugins:
- internal - allow users to authenticate off Mahara's "usr" table in the database. This is the default and will work for most cases.
- imap - authenticate against an IMAP server - not sure how well maintained this code is
- ldap - authenticate against an LDAP server. This is well supported and quite a few people are using this method.
- xmlrpc - authenticate against an MNET IdP server. Many people are using this method and this is (should be) documented elsewhere.
- none - allow users to gain access with no authentication. This is only usable for testing.
Users are associated with one or more institutions, and institutions are associated with one or more authentication plugins, in a selected order. The first time a user logs in, if Mahara doesn't know any information about them, it polls all authentication plugins to see if any of them have information about them and asks them to create their account. Users are thereafter associated with that authentication plugin.
Hooks that authentication plugins can provide
Logout
During the logout process, the active authentication method's logout() method is called. This by default does nothing, but plugins can override it to do things like:
- ping external systems to initiate single sign off
- unset single sign on cookies
It takes no arguments and the return value is ignored
TODO information about redirecting and exceptions
Login
At the end of the authentication process, the active authentication plugin's login() method is called. This by default does nothing, but plugins can override it to do things like:
- Set a cookie to be read by another application
It also takes no arguments and the return value is ignored.