SSO SAML2 Bridge
SAML2 SSO authentication: direct entry if the user is already authenticated in the client IdP.
General Description
SSO SAML2 Bridge allows Moodle to trust the client’s Identity Provider: if you are already logged in, you enter without friction.
Security Best Practices
-
Assertion Validation
- Verification of signature, audience, issuer, and expiration.
- Controlled clock skew and rejection of expired tokens.
-
Mapping and Provisioning
- Mapping of
NameID/attributes to Moodle user. - Controlled creation/update with domain rules.
- Mapping of
-
Governance
- SSO logs and interpretable errors for IT.
- Support for logout and session control.
Main Features
- Frictionless entry
- Compliance and security
- Less password support