-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict authorization based on attribute #8
Comments
Hi @mackensen, we haven't tried restricting Moodle authorization based on attributes in the CAS response. As described in our wiki, we do return attributes that other applications use for authorization controls, but in Moodle we would just let everyone in and provision enrollments via the WSPP web service module. I'd imagine that the Moodle authentication flow has a point at which one could plug in and make enrollment/authorization checks, but I haven't looked. Cheers, Adam |
Hi, I guess this isn't active anymore, however a restriction can be achieved by allowing access to courses based cohorts. Plugins like Auto-cohort can assign cohords based on profile fields, which should be compatible with auth_casattras. This would work better if auth_casattras had support for writing CAS response fields into custom profile fields instead of abusing Moodles profile fields which might be user visible. Another attempt would be to include cohort enrolment into the functionality of auth_casattras. That would allow to switch between only adding cohords or also removing them if the field changes. When courses are based on cohorts removing a user from the cohort means to permanently delete all their uploads, test results and progress. This won't be desired especially if you are trying to switch the authentication method. I tried the implementation myself and it should be easy by using the functions |
@mackensen, @adamfranco I am sorry to ask again but I would like to know your thoughts about my last comment or who is the maintainer of this project? |
We're migrating from Shibboleth to CAS and thinking of using this module. One capability which we would need is the ability to restrict authorization based on attribute; probably based on eduPersonEntitlement. We're happy to develop this ourselves and contribute it back, but we aren't sure if the code should live in the auth module or somewhere else. Have you solved this problem at Middlebury?
The text was updated successfully, but these errors were encountered: