Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-55331

Put in place a proper OIDC Implementation

    XMLWordPrintable

Details

    • Task
    • Status: Development in progress
    • Critical
    • Resolution: Unresolved
    • 3.3, 3.4.3, 3.5, 3.6
    • None
    • Authentication
    • MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • MDL-55331-oauth2-oidc
    • Hide

      Install the dependencies from Composer
      1. Make sure to have composer installed.
      2. Go to the moodle/auth/oauth2 directory.
      3. Open terminal for the directory.
      4. Run install command from the composer :
      $php composer.phar install

      Moodle Setup for OIDC
      1. Go to "Site administration".
      2. Select Server -> OAuth 2 Services.
      3. Set a new OIDC Service, ex. "Create a new Google service" oder "new custom service".
      4. Complete the setting for the OIDC service, Client ID service, depends on the OIDC provider.
      5. Finish the setting.
      6. Try to login with the new created OIDC service.
      7. The rest of the process will be automatically executed.
      8. The patch code will prove the incoming package from OIDC Service and verify the signature of the incoming ID Token.
      9. If the validation process failed an error would be returned.

      Show
      Install the dependencies from Composer 1. Make sure to have composer installed. 2. Go to the moodle/auth/oauth2 directory. 3. Open terminal for the directory. 4. Run install command from the composer : $php composer.phar install Moodle Setup for OIDC 1. Go to "Site administration". 2. Select Server -> OAuth 2 Services. 3. Set a new OIDC Service, ex. "Create a new Google service" oder "new custom service". 4. Complete the setting for the OIDC service, Client ID service, depends on the OIDC provider. 5. Finish the setting. 6. Try to login with the new created OIDC service. 7. The rest of the process will be automatically executed. 8. The patch code will prove the incoming package from OIDC Service and verify the signature of the incoming ID Token. 9. If the validation process failed an error would be returned.

    Description

      See https://moodle.org/plugins/auth_oidc for the plugin which is being widely used.

      Please review it for any major issues (especially security issues) and let's aim to get this integrated in core for 3.2.

      Attachments

        Issue Links

          Activity

            People

              phish108 Christian Glahn
              dougiamas Martin Dougiamas
              David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              13 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated: