There are two methods of setting up a single sign-on (SSO) authentication with almost any third party system; SSO means that no manual entry to passwords is needed if the user has first logged into a parent system from which Open eLMS is linked.
Option 1: Using a Shared Token
1) Select a secret key that you will use for encryption. e.g. '36cca1f4235fb4351f2701', this key is then entered into the cls_config.php file. Declare this in the code you will use to link to the Single Sign-on URL.
2) Write some code that recognises the active user's ID (e.g. from AD) and assign it to the variable $token
3) Create a signature for the user using the following php code (other variants are available for other languages):
$signature = hash_hmac('sha256', $token, $key);
4) access and log into the system using the following address
Option 2: Using Google’s SAML 2.0
This installation enables single-sign on using the log into Google ID - this is inherent with Google Docs, Chrome and Gmail. To get this to work on your customised site it first needs to be set up by the Company’s Google Administrator by following these steps.
1. Log in to Google Admin Console (admin.google.com)
2. Go to Apps/SAML Apps
3. Click on ‘Enable SSO for SAML Application’ (yellow sign plus in the bottom right corner - screenshot below)
4. Select ‘Setup My Own Custom App’
5. Choose the second option (see screenshot below). Download the IPD metadata file and send it as an attachment to the Open LMS team (email@example.com entitled “IPD SAML Information”). Then click ‘Next’.
6. Enter the App name (for example ‘Your Company LMS Training’). Click ‘Next’.
7. Enter the following SAML settings:
,where LMSID is the identifier of your Open LMS installation. You can get he identifier from the link you use to access the Open LMS web application. For example, if the link is https://openelms.e-learningwmb.co.uk/somecompanyname, then the identifier of your Open LMS installation (i.e. LMSID) is somecompanyname.
8. Add three mapping which let Open LMS identify your users. Add them by click on the ‘Add New Mapping’ button:
9. Enable the applications to the desired set of users (or enable it for everyone in your organization):
10. Launch the application from Google Admin or directly by going to the start url: https://openelms.e-learningwmb.co.uk/LMSID/saml/
When a user launches the application, LMS will use their email to check whether such a user is already registered with LMS. If not, a new account will be created and it will be assigned the default courses. We will also set up the default department and company id of the new trainee. If you want to assign the trainee to a particular department or company in LMS, you need map two more attributes (‘department_id’ and ‘company_id’). You can map an attribute ‘password’, which will be the new LMS password of the trainee’s account.
Important: In order to enable the application we need to setup the Entity ID and the certificate of your Google account into LMS. We can do this only if you provide the relevant IDP metadata file. You need to send it to us by email (or any other means).