We want E-Mail confirmation in Keycloak, but not in moodle.
When we login to moodle with a verified Keycloak Account, we have to confirm the E-Mail a second time. We need to disable E-Mail confirmation in moodle only.
We want E-Mail confirmation in Keycloak, but not in moodle.
When we login to moodle with a verified Keycloak Account, we have to confirm the E-Mail a second time. We need to disable E-Mail confirmation in moodle only.
I am trying to Sync my Office 365 users from Azure AD into Moodle, but unfortunately my scheduled task never runs. Nor do I have the "Run Now" option.
Am I missing something ?
Have you enabled it? In the scheduled task settings?
Good morning all,
I would like to have a more experienced opinion on what I'm about to build as architecture and maybe get some tips if this architecture is suitable or not or there are better ways.
Idea: the need is to have 2 installations, 1 moodle classic with his own theme and 1 based on iomad to manage multi-tenancy specific needs and a SSO, all running on the same server due the fact is a startup and I do not expect very critical high volume of traffic and also contain the initial costs of the project.
Well the first question is quite automatic, based on your experience is this a suitable option that can work properly? Based again on your experience what kind of hidden threat I could encounter?
I'm basically a .NET developer so my experience with Moodle is usally limited to single stand alone classic installations.
Kind regards
Chris
Hi Lorin,
can you share your solution?
Thanks
Dear community,
we are testing OpenID connect and o365-authentication with Azure in our Moodle 3.5.7+ and we have some questions about Azure sync issues:
Cron-Job: Sync User with Azure AD
According to the official Moodle and Microsoft-instructions the cron job will synchronise 1000 accounts per job. In our installation it seems to be that there are only 100 accounts synchronised per cron job. Does anyone also have this issue? How can I increase to 1000 accounts per sync?
(workaround: we increase the cron job interval to serveral times per hour)
User Field Mapping: custom fields
in the plugin settings we only can choose a few AD Fields (Given Name, Surname, Email, City, Country, Department, Language, ...).
Is there any possibility to add more fields, eg. Description or custom fields?
Synchronisation settings between MS Teams and Moodle
A moodle admin can change the sync settings (local_o365: createteams). We changed it to "customize groups", so we can decide which courses will also get a Microsoft Team. Most of our courses will be created automatically via Webservice from our student management system, so we can also integrate the creation of a Microsoft Team in this system. Is there any possibilty how we can change the customize group-settings of each course also via webservice? I didn't find any function ...
thanks, best regards
Anton
Hi all,
I am stuck with an issue of the password reset link not working.
When it is clicked using either the username or email it appears tosend the email but when i check it doesnt arrive. I have had students contacting me and its a small pain having to do it.
Would anybody have any help with this problem. Would it be a setting or a possibe area im missing.
Thank you for any help
Paul
Hi!
I'm wondering when oauth2 synchronize data. For instance, we are using saml plugin for years and it works ok. We are mapping external data to our Moodle system. I can choose field that I would like to map from external ldap and the time for synchronizing data (on every login). But in oauth2 service there are no such option. I can't synchronize data for users except on first login, after that data are not synchronized. Is there possibility to say to oauth2 to synchronize data each time is user logedin?
Thank you.
Ivica
Hi.
This is really excatly what I need to do, too.
Did you find the solution?
Regards
Thanks
Hi there!
I have a Magento shopping cart and after purchase a product send to moodle but I need to land logged in and also with the producto the customer just bought
If Magento is not compatible it is wordPres? Is it InfusionSoft directly?
Helo Miguel,
Please let me know how did yous fix this.
Thank You.
I use Moodle with very young learners who don't have emails.
I add them manually by uploading users.
Is there a way to get rid of any learner email requirement (except mine )
Thanks
I'm trying to use Moodle's core OAuth implentation to integrate with Cognito.
(Moodle 3.8)
The issue I'm running into exactly matches this (closed) thread from a couple of years ago:
https://moodle.org/mod/forum/discuss.php?d=370241
I've traced the issue to:
moodle/lib/oauthlib.php::515
'state' => $this->returnurl->out_as_local_url(false),
Email address is required. But ... you can 'fake it'.
Let's say your moodle's FQDN is mygreatmoodle.somenet.net
All young students email addresses would be 'fake' ... username@mygreatmoodle.somenet.net
Your moodle isn't a mail server and as long as you don't setup email accounts for students, any email sent to 'anyuser'@mygreatmoodle.somenet.net doesn't leave the server.
Moodle only checks that the format of an email address is valid .. meaning as long as there are no spaces, some text (no special characters) before the '@' and what appears to be a top level domain ... somenet.net ... then it's a good address for account creation by CSV or manually.
Used to set up moodles for K12 schools .. so I know above worked back then (many years ago now) and should work today.
'SoS', Ken
Hi everyone, I was using a custom made sso auth plugin. Everything worked fine, but suddenly the system started to logout * SOME * users in an unrelated period.
My problem is manifested by the fact that for a certain number of users the system logouts the user with the message
"Your session has timed out. Please log in again.". I can't recreate the error locally, and which happened due to a login of about 15-20 users at the same time.
I tried to resolve the problem by commenting the line "\ core \ session \ manager :: kill_all_sessions ();" everywhere except when the user was suspended, but
that didn't help.
Has anyone had similar problems?
The code is at the link below:
repo
Hi folks from lock down in Australia. Long time lurker, first time poster.
Context: Ubuntu18.04 PHP 7.2 with all necessary mods accessible Moodle 3.8 which returns system environments and processes all working optimally.
LDAP connection between this and Windows AD tested and performing - existing users password changes on AD reflect on Moodle login. Have written another php routine to determine successful ldap_connect(), all fine - Ldap_bind () no problems.
Problem:
Just recently, and of course at the most inconvenient time due to remote learning, we are having new users in our AD not being able to access moodle through ldap. Simply the accounts are not being created in Moodle DB.
BTW This has worked flawlessly for 5 years.
I originally thought it was me integrating Office 365 using that wonderful block so students could have a SSO sort of experience between Office365 and Moodle and have Moodle in their teams app. All worked great with Azure AD and did NOT use oidc connect authentication, students chose to connect their accounts if they wished. Sounded great and worked on this for a couple days - beautiful, kids loved it.
Then the new users all of a sudden could not log in - coincidence?
Yes!
I have completely uninstalled Office365 integration and OIDC authentication plugins but the same problem is in the logs:
User login failed | Login failed for user 'testmood0001'. User is not authorised (error ID '5'). |
I have gone through all the mapping on Moodle LDAP plugin settings: sAMAccountName etc, context all works as passwords update on AD work for ldap authenticated users. I thought that the mail mapping has changed in our AD on Azure/Office365 integration on the Windows side so I have changed that mapping context to userPrincipalName as the email is now null in our Office365/Azure integration. Ready to go...
Nup, didn't work same log errors.
New Users on Windows AD exactly mapped as existing users, same Attributes, same ou same dc but will not be authorised. Spent three days now having to create manual accounts for these new AD users as they need to be online and working while trying to debug.
AlsoRun CLI..
/usr/bin/php moodle/admin/cli/cron.php
and get failExecute scheduled task: LDAP users sync job (auth_ldap\task\sync_task)
... started 14:30:47. Current memory use 15.2MB.
Connecting to LDAP server...
Default exception handler: Coding error detected, it must be fixed by a programmer: A lock was created but not released at:
[dirroot]/lib/cronlib.php on line 99
etc etc. you know the drill the task as failed. Nothing has changed in any environment. so now I am stumped.
Any help with this mysterious error id 5 "the account is not available" (only reference I can find is in git repositories) and why would be so wonderful.
I thank you in anticipation.
Malcolm Beasley
Currently using Moodle 3.5 version with Shibboleth authentication, which has suddenly stopped working with the following when we try to login:
Our administrator has sent the follow when logging is set to debug:
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.CheckMandatoryIssuer' on INBOUND message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultToStorage:68] - Profile Action WriteProfileInterceptorResultToStorage: No results available from interceptor context, nothing to store
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65] - Profile Action SelectProfileInterceptorFlow: Moving completed flow intercept/security-policy/saml2-sso to completed set, selecting next one
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80] - Profile Action SelectProfileInterceptorFlow: No flows available to choose from
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:375] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type
{urn:oasis:names:tc:SAML:2.0:metadata}
AssertionConsumerService for outbound message
2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:516] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-16 16:59:59,177 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'https://engage.elearning.sruc.ac.uk': EndpointCriterion [type=
{urn:oasis:names:tc:SAML:2.0:metadata}
AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=https://engage.elearning.sruc.ac.uk/Shibboleth.sso/SAML2/POST, trusted=false]
2020-04-16 16:59:59,177 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: EndpointResolutionFailed