Quantcast
Channel: Authentication
Viewing all 8271 articles
Browse latest View live

Re: Ri: Re: Ri: Re: keycloak as ldap for Moodle

$
0
0
by Philipp Markiewka.  

We want E-Mail confirmation in Keycloak, but not in moodle.

When we login to moodle with a verified Keycloak Account, we have to confirm the E-Mail a second time. We need to disable E-Mail confirmation in moodle only.

E-Mail confirmation


Run Now

$
0
0
by Colin Tennyson.  

I am trying to Sync my Office 365 users from Azure AD into Moodle, but unfortunately my scheduled task never runs. Nor do I have the "Run Now" option.

Am I missing something ?

Re: Run Now

$
0
0
by Emma Richardson.  

Have you enabled it?  In the scheduled task settings?

Re: Run Now

$
0
0
by Colin Tennyson.  

Hi Emma,

Here is what I see, I don't have too many options here.

When I click on settings, the "disable" option is not checked, so I assume its enabled.

Maybe - I am not fully gasping the concept of this plugin, what I would like to be able to do is import the 2000 students accounts that exist in my Azure AD and enroll them to courses in Moodle. I have tested students logging into Moodle, which does work for SSO but obviously they cannot see any courses because they are not enrolled.  Should'nt I be able to add the students through the sync process and when they login for the first time they can see their courses. Maybe my thought process is backwards of how this plug-in should work ?

Colin

Re: Could not upgrade oauth token in custom oAuth2 config

$
0
0
by Samir Srivastava.  

I am having the same problem and I am also new to the moodle. Have you find the solution if yes kindly help me I am running my site on windows 2012 with IIS 8.5 and PHP 7.2.29 with Mariadb.

Two Moodle and CAS on same server

$
0
0
by Christian Cuzzoni.  

Good morning all, 

I would like to have a more experienced opinion on what I'm about to build as architecture and maybe get some tips if this architecture is suitable or not or there are better ways. 

Idea: the need is to have 2 installations, 1 moodle classic with his own theme and 1 based on iomad to manage multi-tenancy specific needs and a SSO, all running on the same server due the fact is a startup and I do not expect very critical high volume of traffic and also contain the initial costs of the project. 

Diagram

Well the first question is quite automatic, based on your experience is this a suitable option that can work properly? Based again on your experience what kind of hidden threat I could encounter? 

I'm basically a .NET developer so my experience with Moodle is usally limited to single stand alone classic installations. 

Kind regards

Chris

Re: Getting a login token

$
0
0
by Sérgio Gaia.  

Hi Lorin,

can you share your solution?
Thanks


Moodle and OpenID connect: Azure sync issues

$
0
0
by Anton Tremetzberger.  

Dear community,
we are testing OpenID connect and o365-authentication with Azure in our Moodle 3.5.7+ and we have some questions about Azure sync issues:

Cron-Job: Sync User with Azure AD
According to the official Moodle and Microsoft-instructions the cron job will synchronise 1000 accounts per job. In our installation it seems to be that there are only 100 accounts synchronised per cron job. Does anyone also have this issue? How can I increase to 1000 accounts per sync?
(workaround: we increase the cron job interval to serveral times per hour)

User Field Mapping: custom fields
in the plugin settings we only can choose a few AD Fields (Given Name, Surname, Email, City, Country, Department, Language, ...).
Is there any possibility to add more fields, eg. Description or custom fields?

Synchronisation settings between MS Teams and Moodle
A moodle admin can change the sync settings (local_o365: createteams). We changed it to "customize groups", so we can decide which courses will also get a Microsoft Team. Most of our courses will be created automatically via Webservice from our student management system, so we can also integrate the creation of a Microsoft Team in this system. Is there any possibilty how we can change the customize group-settings of each course also via webservice? I didn't find any function ...

thanks, best regards

Anton


Password reset problem

$
0
0
by Paul Brothers.  

Hi all, 

I am stuck with an issue of the password reset link not working. 

When it is clicked using either the username or email it appears tosend the email but when i check it doesnt arrive. I have had students contacting me and its a small pain having to do it. 

Would anybody have any help with this problem. Would it be a setting or a possibe area im missing. 

Thank you for any help 

Paul

oauth2 synchronization

$
0
0
by Ivica Matotek.  

Hi!

I'm wondering when oauth2 synchronize data. For instance, we are using saml plugin for years and it works ok. We are mapping external data to our Moodle system. I can choose field that I would like to map from external ldap and the time for synchronizing data (on every login). But in oauth2 service there are no such option. I can't synchronize data for users except on first login, after that data are not synchronized. Is there possibility to say to oauth2 to synchronize data each time is user logedin?

Thank you.

Ivica

Ynt: Verification of user at Random Intervals

$
0
0
by Fatih Simsek.  

Hi.

This is really excatly what I need to do, too.

Did you find the solution?

Regards

Thanks

is Magento compatible with Moodle? Is WordPress ?

$
0
0
by Gerardo Flores.  

Hi there!


I have a Magento shopping cart and after purchase a product send to moodle but I need to land logged in and also with the producto the customer just bought

If Magento is not compatible it is wordPres? Is it InfusionSoft directly?


Re: "The system account was not connected for offline access" Facebook

$
0
0
by Shivashankar Kesha.  

Helo Miguel,

Please let me know how did yous fix this.

Thank You.

I use Moodle with very young learners who don't have emails.

$
0
0
by Ahmad Amer.  

I use Moodle with very young learners who don't have emails.


I add them manually by uploading users.


Is there a way to get rid of any learner email requirement (except mine )


Thanks

OAuth Invalid Session Key - State encoding issue

$
0
0
by Brian walker.  

I'm trying to use Moodle's core OAuth implentation to integrate with Cognito. 
(Moodle 3.8)

The issue I'm running into exactly matches this (closed) thread from a couple of years ago: 
https://moodle.org/mod/forum/discuss.php?d=370241

I've traced the issue to:
moodle/lib/oauthlib.php::515
'state' => $this->returnurl->out_as_local_url(false),

if I set the argument value of out_as_local_url (escaped) to TRUE it works.

Basically, the core logic expects sesskey to be a query-parameter of the state request parameter, but because the argument is improperly escaped, sesskey is a param of the request.

Currently, the only alternative I can find, that doesn't involve hacking core, is creating a new oauth auth-plugin to change one line in login.php to correctly encode the state request parameter.

I would welcome an alternative.

Thanks.



Re: I use Moodle with very young learners who don't have emails.

$
0
0
by Ken Task.  

Email address is required.   But ... you can 'fake it'.

Let's say your moodle's FQDN is mygreatmoodle.somenet.net

All young students email addresses would be 'fake' ... username@mygreatmoodle.somenet.net

Your moodle isn't a mail server and as long as you don't setup email accounts for students, any email sent to 'anyuser'@mygreatmoodle.somenet.net doesn't leave the server.

Moodle only checks that the format of an email address is valid .. meaning as long as there are no spaces, some text (no special characters) before the '@' and what appears to be a top level domain ... somenet.net ... then it's a good address for account creation by CSV or manually.

Used to set up moodles for K12 schools .. so I know above worked back then (many years ago now) and should work today. smile

'SoS', Ken


Re: 3.8.2 upgrade forcing OAuth2 account linking

SSO auth problem

$
0
0
by Domagoj Žugec.  

Hi everyone, I was using a custom made sso auth plugin. Everything worked fine, but suddenly the system started to logout * SOME * users in an unrelated period.

My problem is manifested by the fact that for a certain number of users the system logouts the user with the message 
"Your session has timed out. Please log in again.". I can't recreate the error locally, and which happened due to a login of about 15-20 users at the same time.

I tried to resolve the problem by commenting the line "\ core \ session \ manager :: kill_all_sessions ();" everywhere except when the user was suspended, but
that didn't help. Has anyone had similar problems? The code is at the link below: repo

User not available on this site LDAP Moodle 3.8 Error ID 5???

$
0
0
by Malcolm Beasley.  

Hi folks from lock down in Australia. Long time lurker, first time poster.

ContextUbuntu18.04 PHP 7.2 with all necessary mods accessible Moodle 3.8 which returns system environments and processes all working optimally.

LDAP connection between this and Windows AD tested and performing - existing users password changes on AD reflect on Moodle login. Have written another php routine to determine successful ldap_connect(), all fine - Ldap_bind () no problems.

Problem:

Just recently, and of course at the most inconvenient time due to remote learning, we are having new users in our AD not being able to access moodle through ldap. Simply the accounts are not being created in Moodle DB. 

BTW This has worked flawlessly for 5 years.

I originally thought it was me integrating Office 365 using that wonderful block so students could have a SSO sort of experience between Office365 and Moodle and have Moodle in their teams app. All worked great with Azure AD and did NOT use oidc connect authentication, students chose to connect their accounts if they wished. Sounded great and worked on this for a couple days - beautiful, kids loved it.

Then the new users all of a sudden could not log in - coincidence? 

Yes! 

I have completely uninstalled Office365 integration and OIDC authentication plugins but the same problem is in the logs: 

User login failedLogin failed for user 'testmood0001'. User is not authorised (error ID '5').
So Office integration was not the culprit, OIDC uninstalled so not it - only authentication plugins enabled are manual and ldap the latter having 2600 + enabled and successful logins.

I have gone through all the mapping on Moodle LDAP plugin settings: sAMAccountName etc, context all works as passwords update on AD work for ldap authenticated users. I thought that the mail mapping has changed in our AD on Azure/Office365 integration on the Windows side so I have changed that mapping context to userPrincipalName as the email is now null in our Office365/Azure integration. Ready to go... 

Nup, didn't work same log errors. 

New Users on Windows AD exactly mapped as existing users, same Attributes, same ou same dc but will not be authorised. Spent three days now having to create manual accounts for these new AD users as they need to be online and working while trying to debug.

AlsoRun CLI.. 

/usr/bin/php moodle/admin/cli/cron.php

and get fail 

Execute scheduled task: LDAP users sync job (auth_ldap\task\sync_task)

... started 14:30:47. Current memory use 15.2MB.

Connecting to LDAP server...

Default exception handler: Coding error detected, it must be fixed by a programmer: A lock was created but not released at:

[dirroot]/lib/cronlib.php on line 99

etc etc. you know the drill the task as failed. Nothing has changed in any environment. so now I am stumped.

Any help with this mysterious error id 5 "the account is not available" (only reference I can find is in git repositories) and why would be so wonderful.

I thank you in anticipation.

Malcolm Beasley

Shibboleth Suddenly Stops Working

$
0
0
by Ali Hastie.  

Currently using Moodle 3.5 version with Shibboleth authentication, which has suddenly stopped working with the following when we try to login:

Web Login Service - Unable to Respond

The login service was unable to identify a compatible way to respond to the requested application. This is generally to due to a misconfiguration on the part of the application and should be reported to the application's support team or owner.

Our administrator has sent the follow when logging is set to debug:

  

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.CheckMandatoryIssuer' on INBOUND message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultToStorage:68] - Profile Action WriteProfileInterceptorResultToStorage: No results available from interceptor context, nothing to store 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65] - Profile Action SelectProfileInterceptorFlow: Moving completed flow intercept/security-policy/saml2-sso to completed set, selecting next one 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80] - Profile Action SelectProfileInterceptorFlow: No flows available to choose from 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:375] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type 

{urn:oasis:names:tc:SAML:2.0:metadata

AssertionConsumerService for outbound message 

2020-04-16 16:59:59,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:516] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest 

2020-04-16 16:59:59,177 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'https://engage.elearning.sruc.ac.uk': EndpointCriterion [type=

{urn:oasis:names:tc:SAML:2.0:metadata} 

AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=https://engage.elearning.sruc.ac.uk/Shibboleth.sso/SAML2/POST, trusted=false] 

2020-04-16 16:59:59,177 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: EndpointResolutionFailed 



Viewing all 8271 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>