Hi.
I have a problem with authenticating users in my custom authentication plugin. The plugin uses a login form on an external SSO server instead of Moodle's own form. The SSO validates the password and username and redirects back to a php file that stores GET-variables from the SSO in Moodle's $SESSION-object. The php script redirects to login/index.php. My plugin then validates the user agains a web service using the user_login function.
In order for this validation to work I had to make a loginpage_hook function in my plugin that redirects to the SSO service if Moodle had not stored data about the user login. Otherwise I would be stuck in a redirect loop. The function looks like this:
function loginpage_hook(){
global $frm;
global $SESSION;
if(!isset($SESSION->user) && !isset($SESSION->accessGranted)){
header('location: https://url_of_sso_service');
die();
}
$frm = new stdClass();
$frm->username = $SESSION->user;
$frm->password = 'unic';
}
This works fine as long as the user validates and user_login returns true. But when user_login returns false I get stuck in an infinite redirect loop between the SSO and Moodle.
What am I doing wrong? How can I instead display a nice error message telling the user why his login attempt failed?