This project is not covered by Drupal’s security advisory policy.

Original D5 description from original authors:

How this module works

Drupal module that sets a shared cookie, and maintains a database that moodle can read.
Uses moodle lazy account creation.


Here is one way to get single-signon between Drupal and Moodle. It uses OpenID, with Drupal as the OpenId provider/server and Moodle as the relying-party/client.

To make it work, you'll need at a minimum:

1. Install Drupal's openid_provider module and patch it with the recent critical patches posted by me and Darren Ferguson. The current release of the openid_provider module is "broken" with respect to correctly implementing the OpenId protocol such that clients other than Drupal itself can work with it.

2. Install the Moodle OpenId authentication module, which comes with both plain vanilla OpenId and an OpenId SSO option. Using the SSO option, properly configured to specify your Drupal site as the server will allow single signon to happen.

3. You'll need to make one small change to the Moodle OpenId module to work around a shortcoming in the Drupal openid_provider module that does not allow it to handle compatibility requests correctly. This simple change forces Moodle to always use the OpenId v2 protocol. Since Drupal supports v2, having a compatibility mode with v1 is unneeded here. The change is:

In file auth/openid_sso/auth.php around line 217, change this:
$endpoint->type_uris = array(Auth_OpenID_OPENID1_NS);
to this:
$endpoint->type_uris = array(Auth_OpenID_TYPE_2_0);

Alternative 2

Another way to get single-signon between Drupal and Moodle is described at the following 2 links:

Project Information