Quantcast
Channel: Authentication
Viewing all 8273 articles
Browse latest View live

Moodle Mobile - Get users courses via CAS authentication

December 7, 2017, 1:02 am
$
0
0

by Christian Hansen Nørgaard.  

Hi.

I am having a hard time deciphering exactly how the courses for a user via CAS authentication is processed in the Moodle Mobile retrieved from git here: https://github.com/moodlehq/moodlemobile2

The reason I am looking through the code is to find exactly how it's able to get my token (or something else crucial to retrieving user data?). So far I've found the following when using the app:

1. Entering the site url works and I am being redirected to a CAS login page

2. When entering my credentials on the CAS login page I am redirected to Moodle as expected

3. The first page I see is a list of all my courses

So the above works like a charm but I need to know how it's able to redirect me back to Moodle and find my courses. If I try to use the API function: https://MOODLESITE/login/token.php?username=USERNAME@DOMAIN&password=PASSWORD&service=moodle_mobile_app, I am not able to get my own token. So how exactly does it use the function: core_course_get_courses, based on my CAS login?

The last thing I can see the app do is use the method of "openInApp", where it presents the CAS login in a browser. I haven't been able to catch or grab the next step where it redirects me to Moodle.

Search

Re: Problem to configure Oauth2 with Microsoft Office365

December 7, 2017, 2:32 am
$
0
0

by Helen Foster.  

Hello Andrés,

Reading Damyon's post Re: Oauth2 problems in Moodle 3.3, it seems that as well as checking your client ID and secret (as you have already done), you also need to check in the Microsoft Application console for "anything suspicious (bad redirect url, APIs not enabled etc)."

Please let us know how you get on.

Re: Problem to configure Oauth2 with Microsoft Office365

December 7, 2017, 5:50 am
$
0
0

by Andrés Segovia.  

Thanks Helen,



Previously I read the post from Daymon's, and had reviewed the Microsoft

console. I do not see anything strange. Today I just checked the procedure

again and it seems to be correct.



Activate in Moodle the debug in developer mode, and I have some additional

information:



In the error log from apache:



Default exception handler: error/Could not upgrade oauth token Debug:

\nError code: Could not upgrade oauth token\n$a contents: \n* line 567 of

/lib/oauthlib.php: moodle_exception thrown\n* line 475 of

/lib/oauthlib.php: call to oauth2_client->upgrade_token()\n* line 736 of

/lib/classes/oauth2/api.php: call to oauth2_client->is_logged_in()\n* line

137 of /admin/tool/oauth2/issuers.php: call to

core\\oauth2\\api::connect_system_account()\n, .....



And in moodle:











I honestly do not know how to continue investigating to solve the problem.

Any help is appreciated



Thank you,

Andrés



2017-12-07 8:03 GMT-03:00 Helen Foster (via Moodle.org) <noreply@moodle.org>

Re: Problem to configure Oauth2 with Microsoft Office365

December 7, 2017, 5:08 pm
$
0
0

by Damyon Wiese.  

From the debugging you posted, the most likely problem is that the system account is not connected. Go to the OAuth services screen and verify there is a tick in the system account connected column for your microsoft service. You may have to reconnect this account again after enabling a plugin that uses the service (like the Office 365 repository). 


If that's not the problem the only other related thing is that I saw one error reported which ended up being a php configuration issue limiting the valid length of a URL. oauth required very long urls for communication and e.g. the php suhosin security extension can sometimes put a restriction on it which breaks the oauth flow (https://stackoverflow.com/questions/7724270/max-size-of-url-parameters-in-get).


Re: Moodle Mobile - Get users courses via CAS authentication

December 8, 2017, 2:18 am
$
0
0

by Christian Hansen Nørgaard.  

Well I finally found my way through the code and also a way to get the token.

LDAP authentication test

December 8, 2017, 2:32 am
$
0
0

by András Égler.  

Hi,

In the near future, our company is going to launch an LDAP server, and we would like to authenticate the users in our Moodle e-learning system via LDAP. My job is to prepare our e-learning system (Moodle v3.3) to this authentication method. I've successfully enabled the LDAP auth module and I found an online demo LDAP server: https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

I tried to configure the Moodle LDAP module by using the description of forumsys (server, Bind dn, Bind pw, etc.), you can check the screenshots about the Moodle LDAP configuration.

I guess, with a correct configuration, I should be able to login e.g. the username "euler" (with password: password), but login failed (login failed with id "1").

Could you please help me about the correct settings?

Re: LDAP authentication test

December 8, 2017, 4:33 am
$
0
0

by Emma Richardson.  

Well, you don't have anything in User Attribute - you will need to add that, though I really can't see the point of this exercise...you should just wait until you have your own server online and work on that one.

LDAP is all about the connection - making it fire up on a server that is not even yours really does not tell you anything except that the plugin works.  I can tell you that the plugin works!

Tárgy: Re: LDAP authentication test

December 8, 2017, 4:43 am
$
0
0

by András Égler.  

Emma! Thank you for your answer! I only have to make an online presentation about a working connection between the Moodle and an LDAP server. I guess it is just a confirmation that Moodle can authenticate users via LDAP and my job is to demonstrate it. I believe you, but I have to make an online presentation for our principals (this is why I'm using an online demo LDAP server). Do you have any idea how to do this?

Search

Tárgy: Re: LDAP authentication test

December 8, 2017, 4:49 am
$
0
0

by András Égler.  

BTW: I've already tried to use the following user attributes without any success: uid, cn.

Tárgy: LDAP authentication test

December 8, 2017, 5:23 am
$
0
0

by András Égler.  

Problem solved smile I created a local (WAMP) copy of our Moodle system, and installed the Apache Directory Studio where I was able to create a new LDAP server with some demo data. The Moodle LDAP connection works, my test user is able to login using the un and pw set by LDAP. So I will be able to demonstrate that Moodle can authenticate users via LDAP and we dont have to switch to another LMS system smile

Re: Tárgy: LDAP authentication test

December 8, 2017, 6:36 am
$
0
0

by Emma Richardson.  

Glad you were able to figure it out - there is also LDAP enrollment which create teachers and students for courses from LDAP groups which is pretty neat.

No authentication is asking for email verificaton

December 10, 2017, 8:21 am
$
0
0

by Dnyaneshwar Somwanshi.  

i am using moodle 3.3  and set up no authentication. as per the documentation moodle should not ask for email verification. user is not able to login without emailverification even with no authentication.

my doubts are

1) is any setting to escape email verification?

2) if no then what is use of no uthentication?

any help is welcome.

thanks in advance.

Re: Custom Oauth2 Configuration

December 10, 2017, 5:23 pm
$
0
0

by Ken Task.  

Adding to this BIAF ('blog in a forum') ....

Seems the agenda and items to discuss/cuss as well as who has tested what and reporting on those test, is kinda out the window every WebEx meeting ... anyhoo ... the only way I can see anything with this CustomOauth2 setup is from the Moodle end.

One of the features that is interesting is linkedlogin:

https://docs.moodle.org/33/en/Linked_logins

I can confirm that appears to work ... only way I can confirm is to look at web server logs and DB tables.   And that's what this is about .... what's in those tables ....

select * from `mdl_auth_oauth2_linked_login

does show accounts that have been linked.

But in looking at mdl_user table for the same users, their auth has not changed ... still manual.

They do have to confirm ... apparently they have 30 minutes to do so.   Dunno how that confirmation is done ... I imagine EMail (which has been turned off on this sandbox server).  Four users so far are in that table.   One user in the table hasn't confirmed.

For that info to show up in tables, those 4 had to click the button for logging into the IDM server ... which, BTW, appears to be behind CloudFlare *and* on Amazon (guess they have big plans for it). 2 of those users show in mdl_user as oauth2 ... 2 of those users in mdl_user show manual still.

Since the mdl_user table hasn't changed and still shows auth is 'manual' ... not oauth2 ... am wondering now IF that means users could still use the 'standard' login as before ... the manual dialog boxes username/password.   Those users could login either way.

Since customoauth2 new in 3.3 and 3.4 am wondering if behavior such as described above will change one day in an update or upgrade (kinda like how Google Docs did in Repos in version 2 of Moodle). 

Now I know that's a crystal ball question ... but ....

Anyhoo ... not that the suspense will peak anyone's interest ... but I'll report back to this BIAF when/if any new discovery is made.  Just hope, for the entities sake, they haven't gone down a road with customoauth2 that one day causes major disruption.

'spirit of sharing', Ken

Need of simple (Mobile Number based) authentication

December 11, 2017, 2:59 am
$
0
0

by Dnyaneshwar Somwanshi.  

i think there is need of simple authentication. i aware that  i can choose from existing methods but still moodle  must adapt with changing situation.  with my experience about 35% students finds difficulty while signing in to moodle first time. and i think this must be resolved  because admin  is not able to confim users  so fast.  so there is no need to login your email account. 

there are two options 

1)  authentication with  truecallers api. 

2) moodle should allow login users with their mobile numbers and verify their mobile numbers with sending otp.

readers are welcome to comment and share their view

Re: No authentication is asking for email verificaton

December 11, 2017, 5:00 am
$
0
0

by Helen Foster.  

Hello,

I just tried on the Moodle sandbox demo site and found that I also needed to un-tick 'Email change confirmation' in 'Site policies' to avoid new users being asked to confirm their email address after updating their profile.

Search

Re: LDAP authentication, Server connection successful but can't login to moodle

December 11, 2017, 11:37 am
$
0
0

by Alain Jeanson.  

Hello Maddy N

I have the exact same problem.

Did you ever find a solution ?

Thanks in advance.

LDAP - Windows - No sync and no login

December 11, 2017, 12:13 pm
$
0
0

by Alain Jeanson.  

Hello,

Using:

- Windows 2008 R2, SP1

- php 7.0.21

- Moodle 3.4

The connection test runs ok.

No way to connect with AD account or sync the users.

There are no users (besides admin).

Thanks


Re: LDAP - Windows - No sync and no login

December 11, 2017, 1:18 pm
$
0
0

by Emma Richardson.  

What is the error message when you try to log in?

Re: Problem to configure Oauth2 with Microsoft Office365

December 11, 2017, 11:26 pm
$
0
0

by Rimas Kudelis.  

I had the same issue trying to integrate Office365 logins with Moodle.

I fixed this by unchecking the Authenticate token requests via HTTP headers checkbox in Edit identity issuer: Office 365 interface.

Re: Custom Oauth2 Configuration

December 12, 2017, 4:19 am
$
0
0

by Ken Task.  

Tested with Google on another server because I could access both ends. 

A user that had a manual account using email address as login can link their oauth2 credentials in the Moodle.   Must confirm via Email. 

In mdl_user table, the auth column, is *not* changed ... leaves it for manual.    And, the user can use either the normal login dialog boxes OR the Oath2 button for Google.   That's great in that the user account keeps the same ID so no work done prior to linking is lost.

However, if use is still allowed to edit profile some 'dis-connect' could be created by user.

But, kinda begs a question for customOauth2 setup ... unless there is something special that moodle acquires from the issuer server/system, why do it?   My guess is the population of other profile fields in Moodle that are not normally used would be mapped (actually have to be mapped).

But, unless something is done via webservices from the identity management server to populate the additional fields that are set to required, Moodle Admin level user is still using CSV to update those accounts and required fields.   Uhhhh ... what's the point?

Am assuming that if discovery is off or not functioning, anything new on the ident management system won't be picked up by the Moodle.

So much for automation.

Closing this blog in a forum.

'spirit of sharing', Ken


Viewing all 8273 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>