By: Christian Paddison user 03 Dec 2018 at 7:46 a.m. CST

5 Responses
Christian Paddison gravatar
After following the instructions on this page twice, it's still not getting to login page: https://gluu.org/docs/ce/integration/saas/moodle/ I also tried updating the Microsoft moodle-auth_oidc plugin to see if that would work, but same thing. When I click "Log in using your account on: Gluu OpenID Connect" on Moodle it should go to Gluu login. It goes to the Gluu server (login.heartmath.com), but it just displays a lot of JSON. (See attached images for configuration info.) ``` i.e. { "issuer": "https://login.heartmath.com", "authorization_endpoint": "https://login.heartmath.com/oxauth/restv1/authorize", "token_endpoint": "https://login.heartmath.com/oxauth/restv1/token", "userinfo_endpoint": "https://login.heartmath.com/oxauth/restv1/userinfo", "clientinfo_endpoint": "https://login.heartmath.com/oxauth/restv1/clientinfo", "check_session_iframe": "https://login.heartmath.com/oxauth/opiframe.htm", "end_session_endpoint": "https://login.heartmath.com/oxauth/restv1/end_session", "jwks_uri": "https://login.heartmath.com/oxauth/restv1/jwks", "registration_endpoint": "https://login.heartmath.com/oxauth/restv1/register", "id_generation_endpoint": "https://login.heartmath.com/oxauth/restv1/id", "introspection_endpoint": "https://login.heartmath.com/oxauth/restv1/introspection", "scopes_supported": [ "email", "clientinfo", "oxd", "profile", "mobile_phone", "phone", "address", "permission", "openid", "user_name" ], "response_types_supported": [ "id_token code", Etc... ``` https://www.dropbox.com/s/wysbr11hjzp1aa8/gluu-oidc-settings.png?dl=0 https://www.dropbox.com/s/rx8ye3pfvmv6fxr/moodle-oidc-settings.png?dl=0 https://www.dropbox.com/s/1ts5jlp91mbw9a5/moodle-plugin-enabled.png?dl=0

By Aliaksandr Samuseu staff 03 Dec 2018 at 8:39 a.m. CST

Aliaksandr Samuseu gravatar
Hi, Christian. Can't see any attachments. The JSON in your post is just the OP's metadata. Also, what software package do you use for OIDC client?

By Christian Paddison user 03 Dec 2018 at 8:43 a.m. CST

Christian Paddison gravatar
Hi Aliaksandr, Ok, try clicking on the DropBox image links now. I followed the instructions here exactly: https://gluu.org/docs/ce/integration/saas/moodle/ It says to use this OIDC client plugin for Moodle from Microsoft: git clone https://github.com/Microsoft/moodle-auth_oidc.git Thanks! i.e. [https://www.dropbox.com/s/wysbr11hjzp1aa8/gluu-oidc-settings.png?dl=0](https://www.dropbox.com/s/wysbr11hjzp1aa8/gluu-oidc-settings.png?dl=0) [https://www.dropbox.com/s/rx8ye3pfvmv6fxr/moodle-oidc-settings.png?dl=0](https://www.dropbox.com/s/rx8ye3pfvmv6fxr/moodle-oidc-settings.png?dl=0) [https://www.dropbox.com/s/1ts5jlp91mbw9a5/moodle-plugin-enabled.png?dl=0](https://www.dropbox.com/s/1ts5jlp91mbw9a5/moodle-plugin-enabled.png?dl=0)

By Michael Schwartz staff 03 Dec 2018 at 12:43 p.m. CST

Michael Schwartz gravatar
Note: Azure AD is not OpenID Connect conformant. See https://openid.net/certification/ We did test an openid connect moodle plugin. Maybe Ganesh can share what he did.

By Ganesh Dutt Sharma staff 03 Dec 2018 at 2:47 p.m. CST

Ganesh Dutt Sharma gravatar
Hi Christian, The settings all seem to be correct. The Microsoft moodle-auth_oidc had worked for us only with earlier version(Don't remember exact version) of moodle. After the upgrade it never worked and ultimately we had to try Oauth plugin. That said I mean, something in moodle/plugin had changed because of which it stopped working. I'll try once more on my VM to configure auth_oidc plugin and share the latest result.

By Ganesh Dutt Sharma staff 04 Dec 2018 at 12:44 p.m. CST

Ganesh Dutt Sharma gravatar
Hi Christian, I've installed the oidc plugin with instructions from: https://github.com/Microsoft/o365-moodle/tree/MOODLE_27_STABLE#installation On client side I've added: * Client ID * Client secret * Redirect URI: https://moodle.gluu.org/auth/oidc/ , where moodle.gluu.org is my VM's FQDN. This value was suggested inside the settings of the oidc plugin. * `Resource` inside moodle oidc settings should be empty. * `client_secret_post` is the authentication method for token endpoint. With above things in place, the oidc login works for me in my fresh installation. * `Grant types` are: authorization_code, implicit , refresh_token * `Scopes` are: openid, uma_protection, user_name and email. * `Response types` are code, token, id_token. Altough these all values for scope and response type may not be necessary. Hope that helps. --- Thanks Ganesh