Copyright (c) 2017: All Rights Reserved, Learning Stacks LLC
Moodle-IMIS integration has three parts:
-
Moodle web services that IMIS can use to create Moodle user accounts and enrol Moodle users in courses.
-
A Moodle authentication plugin that provides Single Sign On (SSO) capabilities with IMIS.
-
A Moodle plugin that detects when an IMIS user completes a course in Moodle and sends that completion information back to IMIS.
IMIS Bridge requires access to three standard Moodle web service functions:
- core_user_get_users
- core_user_create_users
- enrol_manual_enrol_users
These services are made available by configuring a user, role and custom web service using standard Moodle capabilities.
Single Sign On capabilities are provided by Learning Stacks AUTH_IMISBRIDGE Moodle authentication plugin.
This plugin provides the following features:
-
Attempts to log into Moodle directly are redirected to the IMIS Sign On page. Upon successful authentication the browser is redirected back to the originally requested Moodle page.
-
Users already authenticated in IMIS are allowed to directly access the requested page, assuming they have the required Moodle privileges.
-
Single Sign On can be bypassed and an authorized user can log directly into Moodle by accessing url <moodle wwwroot>/login/index.php?nosso and entering a valid username and password.
-
Each time a User logs into Moodle their User Profile is updated from IMIS. This feature can be disabled.
This plugin requires the LOCAL_IMISBRIDGE plugin (see next section).
Course completion reporting is provided bu Learning Stacks LOCAL_IMISBRIDGE plugin.
This plugin provides the following features:
- When an IMIS User completes a Moodle course a Course Completion message is sent to IMIS. This feature can be disabled.
This plugin also provides the API for calling IMIS Bridge web services and is used by the AUTH_IMISBRIDGE plugin.
IMIS Bridge requires access to several Moodle web service methods.
- core_user_get_users
- core_user_create_users
- enrol_manual_enrol_users
For additional information on configuring Moodle Web Services (for Moodle 35) see https://docs.moodle.org/35/en/Using_web_services.
Within moodle you can navigate to Site administration > Plugins > Web services > Overview for a guided step-by-step procedure for setting up a web service.
The following recommended configuration creates a web service with the required functions and limits access to specified user that represents the IMIS Bridge system.
-
Enable Web Services
- Access Site Administration > Advanced features
- Check Enable web services
- Save changes
-
Enable Protocols
- Access Site Administration > plugins > Web services > Manage protocols
- Enable the REST protocol
- You do not need to enable the Web services documentation
- Save changes
-
Create a role that limits access to the required methods
-
Access Site Administration > Users > Permissions > Define Roles
-
Click Add a new role
-
For Use role or archetype select No role then Continue
-
Fill in the required fields
Field Value Short name imisbridge Custom full name imisbridge Role Archetype None Context types where this role may be assigned System Allow role assignments None Allow role overrides None Allow role switches None Allow role to view None -
Click Allow on the following Capabilities
- enrol/manual:enrol
- moodle/course:useremail
- moodle/user:create
- moodle/user:update
- moodle/user:viewdetails
- moodle/user:viewhiddendetails
- webservice/rest:use
-
Save changes
-
-
Create service User
-
Access Site administration > Users > Add a new user
-
Fill in required fields
Field Value Username imisbridge (all lower case) Choose an authentication method manual accounts Password Any valid password First Name imisbridge (or any desired value) Surname service (or any desired value) Email address Any string with valid email address syntax. e.g., imisbridge@nowhere.com -
Click Create user
-
-
Assign the imisbridge role to the imisbridge user in the system context
- Access Site Administration > Users > Permissions > Assign system roles
- Select role imisbridge
- In Potential users find and select imisbridge service
- Click Add
-
Create Service
-
Access Site Administration > Plugins > Web Services > External services
-
Click Add
-
Fill in required fields
Field Value Name imisbridge Enabled Checked Authorised users only Checked -
Click Add service
-
-
Add Functions
- Click Add functions
- Add the following functions
- core_user_get_users
- core_user_create_users
- enrol_manual_enrol_users
- Click Add functions
-
Create Token for imisbridge user
-
Access Site adminstration > Plugins > Web services > Manage Tokens
-
Fill in required fields
Field Value User Find and select imisbridge service Service Select imisbridge IP restriction Can leave blank or set to the IP address og the IMIS Bridge service Valid until Leave disabled or set any desired expiration date -
Click Save changes
-
-
Assign the user to the service
- Access Site administration > Plugins > Web services > External Services
- Under Custom services > imisbridge click Authorised users
- In Not authorised users find and select imisbridge service
- Click Add
- Under Change settings for the authorised user > imisbridge service, if any missing capabilities are identified, allow these capabilities on the imisbridge role.
Both components must be installed together.
- Unzip auth_imisbridge.zip into folder <lms_root>\auth\imisbridge.
- Unzip local_imisbridge.zip into folder <lms_root>\local\imisbridge.
- Perform the Moodle upgrade process
| Setting | Description |
|---|---|
| SSO Login URL | Enter the full URL where the user should be redirected to login via IMIS |
| SSO Logout URL | Enter the URL where the user should be redirected after logging out. |
| Synch Profile | If checked, the User's Moodle profile will be updated each time they log in. |
If Synch Profile is checked, the Moodle user profile will be updated with data from IMIS. The fields in this section define the fields to be update, their source, when they are updated, and what can be changed by the user.
| Setting | Description |
|---|---|
| Text Field associated with the Moodle profile field | Enter the name of the field returned from the IMIS Bridge MoodleGetUserProfile service that contains the associated value. The spelling is case sensitive. |
| Update Local | Set to On every login |
| Update External | Set to Never |
| Lock Value | Set to Unlocked to allow user to change the value. |
| Setting | Values |
|---|---|
| Base API URL | The URL at which the IMIS Bridge web services are located |
The testing feature built into Moodle does not allow testing of the custom web service or any of the functions used. Instead use a tool capable of submitting a GET or POST request. For example Postman, Curl, powershell Invoke-WebRequest, or even a browser can be used.
To view the documentation for a function access Site administration > Plugins > Web services > API Documentation. Clicking an a function shows the details of making that request.
For example, to test access to the core_user_get_users function using the browser enter the following URL into the browsers' address bar:
<moodle wwwroot>/webservice/rest/server.php?moodlewsrestformat=json&wsfunction=core_user_get_users&criteria[0][key]=username&criteria[0][value]=imisbridge&wstoken=<imisbridge user token>
The response should be a JSON string that should look like
{
"users": [
{
"id": 3,
"username": "imisbridge",
"fullname": "imisbridge service",
"email": "imisbridge@nowhere.com",
"department": "",
"firstaccess": 0,
"lastaccess": 0,
"auth": "none",
"suspended": false,
"confirmed": true,
"lang": "en",
"theme": "",
"timezone": "99",
"mailformat": 1,
"description": "",
"descriptionformat": 1,
"profileimageurlsmall": "http://imisbridge.local.com/theme/image.php/boost/core/1574703494/u/f2",
"profileimageurl": "http://imisbridge.local.com/theme/image.php/boost/core/1574703494/u/f1",
"preferences": [
{
"name": "auth_forcepasswordchange",
"value": "0"
},
{
"name": "email_bounce_count",
"value": "1"
},
{
"name": "email_send_count",
"value": "1"
},
{
"name": "_lastloaded",
"value": 1574715282
}
]
}
],
"warnings": []
}
-
End to end test (verifies new user creation, SSO and completion reporting)
- Create a new user in IMIS that does not yet have a corresponding Moodle user account.
- Setup a course in IMIS and the corresponding course in Moodle
- Login into IMIS as the new user
- Register for the course in IMIS
- From IMIS open the course in Moodle.
- Complete the course in Moodle.
- Verify the course shows as completed in IMIS.
- As admin inspect the Moodle user account and verify profile details match IMIS.
-
SSO redirection
- Log out of Moodle and IMIS.
- Attempt to access the LMS home page.
- Verify you are redirected to the IMIS SSO login page.
- Log into IMIS.
- Verify you are redirected to the LMS home page.
-
Logout redirection (if set)
- Login into IMIS.
- Access the LMS home page.
- Click the Moodle logout link.
- Verify you are redirected to the SSO Logout URL configured in AUTH_IMISBRIDGE. If this is not set verify redirection to IMIS Login.
-
Profile update
- Log out of Moodle.
- Change the user's surname in IMIS.
- Login into IMIS and navigate to the LMS.
- Verify the surname has been updated in Moodle.
-
SSO Bypass
- Log out of Moodle and IMIS.
- Access
<wwwroot>/login/index.php?nossoand and verify you can log in as the Moodle admin with username and password, without being redirected to IMIS.