Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55331

Put in place a proper OIDC Implementation

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Development in progress
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 3.3, 3.4.3, 3.5, 3.6
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • Pull Master Branch:
      MDL-55331-oauth2-oidc
    • Testing Instructions:
      Hide

      Install the dependencies from Composer
      1. Make sure to have composer installed.
      2. Go to the moodle/auth/oauth2 directory.
      3. Open terminal for the directory.
      4. Run install command from the composer :
      $php composer.phar install

      Moodle Setup for OIDC
      1. Go to "Site administration".
      2. Select Server -> OAuth 2 Services.
      3. Set a new OIDC Service, ex. "Create a new Google service" oder "new custom service".
      4. Complete the setting for the OIDC service, Client ID service, depends on the OIDC provider.
      5. Finish the setting.
      6. Try to login with the new created OIDC service.
      7. The rest of the process will be automatically executed.
      8. The patch code will prove the incoming package from OIDC Service and verify the signature of the incoming ID Token.
      9. If the validation process failed an error would be returned.

      Show
      Install the dependencies from Composer 1. Make sure to have composer installed. 2. Go to the moodle/auth/oauth2 directory. 3. Open terminal for the directory. 4. Run install command from the composer : $php composer.phar install Moodle Setup for OIDC 1. Go to "Site administration". 2. Select Server -> OAuth 2 Services. 3. Set a new OIDC Service, ex. "Create a new Google service" oder "new custom service". 4. Complete the setting for the OIDC service, Client ID service, depends on the OIDC provider. 5. Finish the setting. 6. Try to login with the new created OIDC service. 7. The rest of the process will be automatically executed. 8. The patch code will prove the incoming package from OIDC Service and verify the signature of the incoming ID Token. 9. If the validation process failed an error would be returned.

      Description

      See https://moodle.org/plugins/auth_oidc for the plugin which is being widely used.

      Please review it for any major issues (especially security issues) and let's aim to get this integrated in core for 3.2.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              phish108 Christian Glahn
              Reporter:
              dougiamas Martin Dougiamas
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              13 Vote for this issue
              Watchers:
              18 Start watching this issue

                Dates

                Created:
                Updated: