Single Sign On

Hi,

We have a client asking for an LMS (learning management system) to provide online courses. We are building their main site using Concrete and they are looking into different LMS options. They would like to incorporate Single Sign On so a user can sign into the Concrete site and then seamlessly jump out to the LMS without signing in again. Does anyone have any suggestions on the the best approach for this or any suggestions for good LMS systems that would would work well with Concrete authentication? I’ve seen 3rd parties like Okta mentioned.

I’ve integrated Concrete CMS with some functions of SCORM Cloud (SCORM Cloud: Test, Play and Distribute eLearning). It has a sensible REST API and a PHP API client (GitHub - RusticiSoftware/scormcloud-api-v2-client-php: Swagger Generated PHP Client for SCORM Cloud API v2).

Rustici Software is a leader in LMS and LMS standards, so I suggest giving them a good look.

Thanks for the links. I’ll check them out. Lots of reading to do and so much information out there. This looks like a good starting point.

I’ve been in the learning space for about 20 years. Rustici is great if you wanted to bring LMS elements into your system instead of them buying an LMs and you wanted to LMS capabilities in your site.

From your post it sounds like the my just want a way for a user to not have to log into both systems. Essentially if you can support saml2 sso you are set. The ones you mentioned are a commercialized version of this same thing. Most any LMS will enable to them be integrated with your system - typically with your system being the delivery of login (though I’m sure many support both ways).

Thanks for the reply. You’re right, we are primarily looking for a way for a user to just have a single login to both systems. The client may well want more once this project gets going. For now it seems we need to focus mostly on SAML2 SSO. I looked at Okta and it seems expensive for what we need so ideally we would create our own on Concrete. I couldn’t find any info in The ConcreteCMS docs or forums on how to set up SAML SSO for authentication. Is this something you have done in the past?

Hi a company I work with in the learning space has for the their LCMS. I’ve not personally set up SAML for any system. I know when they originally set up this they used another service “ping.one” to do the heavy lifting, but then later when they had much more dev time they built a self contained SAML integration. It seems that OKTA has bought up a lot of the smaller vendors in this space and and price has gone up too. Sorry I couldn’t be of more help, but you are on the right track.

@Blueprint I would recommend picking your SSO service first and then seeing if they have OAuth as an option before committing to SAML - An OAuth auth type is much easier to add than a SAML one.

I work at an academic institution, and we recently switched from LDAP (we were using the ec_LDAP plugin, found here: https://marketplace.concretecms.com/marketplace/addons/exchangecore-ldap-authentication) to Shibboleth (via MS Azure). Because of this, I was forced to write my own Shibboleth authenticator, as I didn’t see any on the market.

If you go with this type of solution, I can publish my Shib package for you. Right now it has a few too many hard coded variables in it (things like cookie settings and return paths) but a day or so of work could spruce it up enough for public consumption. Let me know if interested.

1 Like

We’ve used the LDAP plugin on a site before as well. For now the client is exploring options for their LMS. If we do have to go down the route of developing our own authenticator we may be interested in your Shib package. I’ll let you know.

Did anything come of this? We have a client that is expressing a need for a Microsoft based SSO connector.

Hey 76West, sorry for the delay in reply.

We’re still using the custom code I talked about above. Note that the code is dependent on a specific mod_shib configuration (so you’ll have to set up mod_shib on your server), plus there’s some Apache-side configuration also required to make it work right.

If you’re still interested in the code given the above, let me know and I’ll clean it up tomorrow (hopefully it won’t take too long, I haven’t looked at it in awhile) and send it to you to look at.