[MDL-76391] OAuth2: Role Mapping from IdP to Moodle - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 4.0.5
Fix Version/s: None
Component/s: Authentication, Roles / Access
Labels:
None

Affected Branches:
MOODLE_400_STABLE
Epic Link:
OAuth2 review and improve
Pull from Repository:
https://github.com/j-hellenberg/moodle
Pull Master Branch:
MDL-76391-oauth2-role-mapping
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...j-hellenberg:moodle:MDL-76391-oauth2-role-mapping

Description

Hello everyone,

in our organization, we try to manage the permissions of the users in all our services using a central identity provider (Keycloak).

Therefore, we would like to be able to control the system roles of our moodle users by assigning (and unassigning) matching roles in our Keycloak (i.e., perform role mapping from Keycloak to Moodle). However, to the best of our knowledge, this is currently not possible with the OAuth2 core authentication plugin (if I missed something, please provide me with a pointer).

Consequently, we created a small patch to the plugin providing the mentioned functionality. We'd like to ask whether you would be interested in adopting this patch.

(For reference: Our patch can be found here. It is currently untested, but we would be happy to work with you to bring it to a suitable state if that is desired.)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jan-Eric Hellenberg

Participants:: Alex, Jan-Eric Hellenberg

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 4 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Nov/22 8:50 PM

Updated:: 14/Jun/23 10:10 AM