Developer Area/Core Subsystems/Authentication Plugins
Mahara has a very powerful framework for providing alternate means to authenticate users. By default, Mahara ships with the following plugins:
- internal - allow users to authenticate off Mahara's "usr" table in the database. This is the default and will work for most cases.
- imap - authenticate against an IMAP server - not sure how well maintained this code is
- ldap - authenticate against an LDAP server. This is well supported and quite a few people are using this method.
- xmlrpc - authenticate against an MNET IdP server. Many people are using this method and this is (should be) documented elsewhere.
- none - allow users to gain access with no authentication. This is only usable for testing.
Users are associated with one or more institutions, and institutions are associated with one or more authentication plugins, in a selected order. The first time a user logs in, if Mahara doesn't know any information about them, it polls all authentication plugins to see if any of them have information about them and asks them to create their account. Users are thereafter associated with that authentication plugin.
Hooks that authentication plugins can provide
During the logout process, the active authentication method's logout() method is called. This by default does nothing, but plugins can override it to do things like:
- ping external systems to initiate single sign off
- unset single sign on cookies
It takes no arguments and the return value is ignored
TODO information about redirecting and exceptions
At the end of the authentication process, the active authentication plugin's login() method is called. This by default does nothing, but plugins can override it to do things like:
- Set a cookie to be read by another application
It also takes no arguments and the return value is ignored.