准备工作:
l Build up Panopto website
l add moodle provider instance in panopto website (the instance will provide moodle provider name and generate a provider key)
l install Panopto block to moodle, and use above generated key
1. when select “moodle login” type in Panopto website login page, it will redirect to Panopto block url (<moodle site>/ blocks/panopto/SSO.php) with following params
*action (empty value)
* serverName (its value is panopto system domain name)
* expiration
* callbackURL (its value is panopto login page url with “ReturnUrl ” param)
* authCode (its value is generated by panopto system)
该参数的值是将 [servername]+ [expiration]+”|”+[providerkey] 组成的 string
$str= "serverName=".$server_name."&expiration=".$expiration. "|".$providerkey
然后进行 sha 加密
$authCode=sha1($str)
2. if user hasn’t login moodle, can’t access url <moodle site>/ blocks/panopto/SSO.php, it will save “<moodle site>/ blocks/panopto/SSO.php” to session “wantsurl ”, and redirect to moodle login page
3. when user login moodle successfully, moodle will redirect to session “wantsurl ” URL, that is panopto block sso.php
4. sso.php 会先根据参数 serverName and expiration 以及 panopto block 设置的 provider key 来检验参数 authCode 的值。如果检验为真,那么则 redirect to “callbackURL” 参数值所指的 Panopto system login URL with following following params
* serverName (value comes from request param “serverName”)
* externalUserKey (value is “moodle provider name”+”/”+”moodle username”)
* expiration (value comes from request param “expiration”)
* authCode 该值是将
"serverName=".$server_name."&externalUserKey =".$userkey."&expiration=".$expiration. "|".$providerkey
字串(比步骤 1 要加密的 string 多了一个 param “externalUserKey” )进行 sha 加密后的 string
5. Panopto system login page 就会根据参数进行下列处理
1. 根据参数 ”expiration” 来查看 login 过程是否太久
2. 根据参数 serverName, exteranlUserKey and expiration 以及生成的 moodle provider key 来检验参数 authCode 的值
3. 如果检验为真,则表示 moodle 那边 login 成功,把该 user info 写入 panopto system 的 session or cookie for SSO.