Project

General

Profile

Actions

Authentication

If you're looking for the authentication mechanism of Chamilo 1.9.* in general, you'll find the root of all authentication in main/inc/local.inc.php. A few special mechanisms can extend or hook the normal behaviour, though, and these can generally be found in main/auth/sso.

This article should be extended over time, and will contain all authentication methods and procedures that will help you modify it.

What happens in local.inc.php

local.inc.php is a script that tries to deal with everything related to authorizing the user to do specific things inside Chamilo.
In short, it works as follows:
  • check if you're already connected
  • check login/password
  • check course you're trying to access (if any)
  • check session you're trying to access (if any)
  • check group you're trying to access (if any)
During the login/password check sequence, the following happens:
  • check if CAS is enabled
  • if login/password were provided
    • if auth_source for this user is PLATFORM_AUTH_SOURCE or CAS_AUTH_SOURCE
      • check against database
    • else
      • if $extAuthSource (defined in main/inc/conf/configuration) is set and is an array
        • scan all the array elements and include the file defined by $extAuthSource[x]['newUser'] if it exists (and proceed with that to whatever is defined in PHP)
  • elseif (no login/pass but) sso_authentication configuration parameter was true (configure at the bottom of the "security" config tab)
    • if the sso_authentication_subclass setting was set (configure manually inside the database)
      • instanciate this class into the $osso object and proceed with methods logout(), ask_master() and check_user() methods
  • else if openid_authentication setting was true (configure in "security" config tab)
    • use main/auth/openid/login.php
  • else if KeyAuth::is_enabled() returns true
    • use the KeyAuth::login() method

CAS

...to be completed...

OpenID

...to be completed...

SSO subclass

...to be completed...

Facebook login

...to be completed...

LDAP

...to be completed...

Updated by Yannick Warnier about 4 years ago · 2 revisions