Moodle integration for Single Sign On authentication

Date: 5/5/2016 Version: 1.0.2 Tags: system integrator documentation


KeyShield SSO plugin for Moodle is provided as „included“ add-on to Moodle server. There is no license fee for this module. KeyShield server must be fully licensed. Academic license is available upon request, please contact your partner or TDP directly.


Moodle version 2 or higher and KeyShield server 4.0 or higher. Integration module needs modules „curl“ and „json“ within „php“ at the Moodle server. KeyShield integration module adds a new seamless authentication method without entering user name and password. User identity is provided by the KeyShield server based on user’s IP address. There must be a LDAP authentication method installed as well. Both Moodle LDAP and KeyShield has to work against same LDAP directory. Otherwise automatic user account creation will not work.


Integration module has to be installed by extracting archive in the root directory of Moodle system installation
  1. Copy the into the root directory of Moodle system installation (usually /srv/www/htdocs).
  2. Extract the archive by following command: unzip
  3. Authenticate to the Moodle system with Administrator rights, or refresh the Home page if you are authenticated as Administrator already. Once you enter the Home page, new installation package is detected and standard plug-in installation dialog is displayed
  4. Click on the Upgrade Moodle database now button.
  5. Installation is done by now, continue to configuration.


conf-01.pngKeyShield module configuration is available under section Settings → Plugins → Authentication → Manage authentication (see picture on the right). KeyShield module has to be enabled by clicking an „eye“ icon at the KeyShield line. Please note – here you can anytime disable/enable SSO functionality just by clicking the mentioned eye icon (see picture below). Now open the Settings link at KeyShield line. This will take you to the configuration page of KeyShield integration module. conf-02.png

KeyShield module parameters

KeyShield Server URL – full server URL must be specified, e.g. KeyShield SSO API key – Required only if it’s configured on your KeyShield SSO server, e.g. qlftFCuFLQbQjLoF1gHIdiWBYwc4EGAx Username attribute – (optional) Specify the LDAP attribute used as a username. If it’s not specified, the attribute configured on your KeyShield SSO server is used (check “Optional API attributes” allowed on corresponding authentication connector on KeyShield SSO server). e.g. uid Once the configuration is saved with valid KeyShield server URL, SSO authentication will be active. Just access the login page of the Moodle systém. If the SSO is active and your device is known fro the KeyShield server (the KeyShield icon must be green), no authentication dialog is displayed and you get seamlessly in.