SSO Moodle => Google Apps

Common steps for Moodle 1.x and 2.x:

• Open a new Command line window and run this commands (OpenSSL installed is needed)

• Creating RSA Private Key :

• openssl genrsa -out rsaprivkey.pem 1024

• 

• Creating Certificate :

• openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem

• ( Provide the required organization information )

• 

• Access to admin panel http://admin.google.com

• Go to Security > Advances settings > Setup Singe Sign On

• 

• Click on Replace certificate and upload the generated rsacert.pem file

• 

• Replace SSO URLs, this is the description of each one:

• Sign-in page URL: This is the URL Google will redirect to when your domain end users try to access Google Apps. This is the URL:

• http://[MOODLE_URL]/login/index.php

• Sign-out page URL: This is the URL Google will redirect to when your domain end users log out from Google Apps.

• http://[MOODLE_URL]/login/logout.php

• Change Password URL: This is the URL Google will redirect to when your domain end users try to change their passwords within Google Apps.

• http://[MOODLE_URL]/login/change_password.php

• 

• Click on Save Changes

• Application will ask you to agree the new SSO settings. Click on the button.

Moodle 2.x process:

• Download Moodle GSAML module

• Unzip and place each folder on your Moodle root folder.

• /auth/gsaml > MOODLE_ROOT/auth/

• /auth/gauth > MOODLE_ROOT/auth/

• /blocks/gdata > MOODLE_ROOT/blocks/

• /blocks/gaccess > MOODLE_ROOT/blocks/

• /blocks/gmail > MOODLE_ROOT/blocks/

• /grade/export/fusion > MOODLE_ROOT/grade/export/

• /repository/googledrive > MOODLE_ROOT/repository/

• Login as admin user on Moodle Control Panel.

• The new modules will be displayed. Click on “Upgrade Moodle Database Now”

• Many configuration options will be displayed, at this time we only fill the GSAML

• Open rsaprivkey.pem on a Text editor and copy.

• Paste the content on the first Text field ( Note that the SAML service supports RSA signed keys only ).

• Open rsacert.pem on a Text editor and copy.

• Paste the content on the second Text field. (X.509 formatted certificate with an embedded public key. Note that this is the same file you will upload to Google.)

• Fill the domain name and it will look like this.

• 

• Save changes.

• Go to Administration > Site administration > Advanced features > Plugins > Authentication > Manage authentication

• Enable  and click on settings on he Google SAML Authentication option

• Verify that the information filled on Google Control Panel is the same that the URL’s provided ath the bottom of the page.

• Create a similar user than Google Apps (it must exist in both sides, and it is not necessary to use the same password, the tool only matchs the username )

• 

• Test the account on http://mail.google.com/a/[YOUR_DOMAIN]/  (i.e. https://mail.google.com/a/desatecno.com ) it will redirect to your moodle installation ( if you are already logged in please logoff ) .

• You will be logged (this will login to moodle site just the first time)

• If it is your first time go to http://mail.google.com/a/[YOUR_DOMAIN]/  again and your user will be logged in.

Demo:

• Go to https://mail.google.com/a/desatecno.com

• You will be redirected to Moodle and login with the following user:

user: test01

password: Desatecno1_

• Now you will be logged to test01@desatecno.com e-mail.

References:

• https://support.google.com/a/answer/60224?hl=en

• https://developers.google.com/google-apps/help/articles/sso-keygen

• http://docs.moodle.org/22/en/Google_Apps_Integration

• http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=tree;f=auth/gsaml;h=0a9db87b55ea9e15ad6a259106380d27a82b5969;hb=04be5951241d7e5e8006a8718dfcd562e8aabaf1

• https://code.google.com/p/moodle-google/

• https://moodle.org/mod/forum/discuss.php?d=117354