im working to setup SSO from WordPress(Site A) to Chamilo 1.9.6( Site B).
I already did the script which try to log me to chamilo after succesful login to WP.
Script code: based on chamilo documentation (chamilo got own SSO module)
function log_me_to_chamilo($username,$password)
{
$chamilo_server_url = 'http://example.com/elearning/platform/';
$auth_server_url = 'http://example.com/elearning/';
$password = md5($password);
$sso = array(
'username' => $username,
'secret' => $password,
'master_domain' => $chamilo_server_url,
'master_auth_uri' => $auth_server_url,
'lifetime' => time() + 3600,
);
$cookie = base64_encode(serialize($sso));
$params = 'sso_referer='. urlencode($auth_server_url) .'&sso_cookie='. urlencode($cookie);
$final_url = $chamilo_server_url .'?'. $params;
header('Location: '.$final_url);
exit;
}
This works fine but after all im redirected to chamilo LMS platform (Site B) and i want to do it in background. So basiclly i want something like this.
User log in to Site A -> WordPress
If all login data are ok we log in to WordPress.
After wordpress logs user i want to log in chamilo Site B in background – we stay in Site A. But when user enter site B -(for example link in site A) – he will be loged in.
I was trying to use curl with cookies but this is something new for me and only working example is also redirecting me to Site B.
If anyone can point me in a right direction how to login user in site b in background. Should i do it with curl or something else maybe ajax ?
The Chamilo SSO mechanism is not really prepared for “background login” (let’s call it that way).
If you want the browser of your user to get the session cookie from Chamilo and keep it, you have to make it load the Chamilo site, somehow.
What you could do, then, is have your WordPress plugin open a new one-pixel popup Window or iframe that will load Chamilo and login.
For example, you could define an (invisible/very small) iframe on the page where the user gets after he logs into your WordPress site, and have that iframe load the Chamilo site and connect. As the iframe loads the Chamilo site, it saves the cookie data into your browser and your browser is ready to go to Chamilo at any point before the session expires.
If your function above would return the $final_url instead of doing a redirection, you could use it as
<iframe src="'.log_me_to_chamilo('sam','max').'"></iframe>
(include all kinds of templating and stuff specific to WordPress before that)
This is not tested, but the logic seems OK to me.
If you get that to work and it’s free software, don’t hesitate to report at info ~at~ chamilo ~dot~ org so we can include that in our list of connectors. I know several people have queried about a WordPress Single Sign On plugin, and we don’t have any WordPress guy in the team, so we’d really appreciate it.
i have an extra question to that. Sorry ywarnier that i didnt reply but i abondoned the project in 2013. I came back now to this with new 1.10 version of chamilo which looks amazing. I did the sso login becouse chamilo and wordpress was encrypting the password with a same way (md5) so i was simply sendinding md5 with sso_secret – and i was matching md5 from wordpress with md5 from chamilo. But in v1.10 we got salt and i have to idea how to pass md5 password to chamilo and verify that.