Developer Area/Core Subsystems/Authentication Plugins

From Mahara Wiki
Jump to: navigation, search

Mahara has a very powerful framework for providing alternate means to authenticate users.  By default, Mahara ships with the following plugins:

  • internal - allow users to authenticate off Mahara's "usr" table in the database.  This is the default and will work for most cases.
  • imap - authenticate against an IMAP server - not sure how well maintained this code is
  • ldap - authenticate against an LDAP server.  This is well supported and quite a few people are using this method.
  • xmlrpc - authenticate against an MNET IdP server.  Many people are using this method and this is (should be) documented elsewhere.
  • none - allow users to gain access with no authentication.  This is only usable for testing.

Users are associated with one or more institutions, and institutions are associated with one or more authentication plugins, in a selected order.  The first time a user logs in, if Mahara doesn't know any information about them, it polls all authentication plugins to see if any of them have information about them and asks them to create their account.  Users are thereafter associated with that authentication plugin.


Hooks that authentication plugins can provide

Logout


During the  logout process, the active authentication method's logout() method is called. This by default does nothing, but plugins can override it to do things like:

  • ping external systems to initiate single sign off
  • unset single sign on cookies


It takes no arguments and the return value is ignored



TODO information about redirecting and exceptions

Login

At the end of the authentication process, the active authentication plugin's login() method is called.  This by default does nothing, but plugins can override it to do things like:

  • Set a cookie to be read by another application

It also takes no arguments and the return value is ignored.

Other stuff  that should go first