I am attempting to configure the GoogleDocs certificate and am hitting some difficulites. After going through the register web site process I cannot for the life of me figure out how to get Google to stop warning that Moodle has not been configured to send requests securely. I know that I need to generate an X.509 certificate on my Moodle server and upload this to Google, however where on Moodle do I need to place the corresponding key/certificate???
In Moodle 1.9, there was an upload field for getting the certificate into Moodle. In Moodle 2, you need to open the RSA key and the certificate in a text editor, and paste the contents in the fields provided in the Google authentication plugin.
Sorry I mistyped my message above, I want to configure the GoogleDocs REPOSITORY, and have things working, but I really don't want Google warning it is not configured securely. Reading online it appears I need to generate a PEM cert on the Moodle server and upload it to Google. I do NOT want my Moodle to authenticate via Google, we use LDAP for authentication on our Moodle, I just want to have my users access their GoogleDocs via a file respository. I just have no idea how to get this key/cert I generate into Moodle. Or is it simply the web cert I'm using on he web server I'm hosting my Moodle on?
UPDATE: I was able to get rid of the warning about it not being secure via editting lib/googleapi.php and changing secure=0 to secure=1. However this breaks the authentication to the service altogether. Now when I attempt to access my GoogleDocs the authentication screen comes up without error (and without the warning message), however I get the following warning:
error/could not upgrade google authtoken to session token
In debug mode I see the following:
line 134 of /lib/googleapi.php: moodle_exception thrown
line 170 of /lib/googleapi.php: call to google_authsub_request->get_session_token()
line 40 of /repository/googledocs/lib.php: call to google_authsub->__construct()
line 56 of /repository/repository_callback.php: call to repository_googledocs->__construct()
In order for us to use this repo will need to not have this security warning, we don't want our users getting used to simply ignoring and clicking through any security messages.
Would you mind posting a screenshot of the security warning? I have two production sites that use the repository, and I have never uploaded a certificate for it to work. I have not seen any security warning. We also use the Google Apps integration on one of the sites. That does require a certificate. My sites are running 2.1.5+. Maybe there is something different in 2.2.
I am seeing the same warning from Google - image attached. I'm running Moodle 2.2.2+ (Build: 20120323).
My users do see a "Grant permission" page, but I do not think the sucrity bit displays. Perhaps this is because we have the Google Apps integration running.
We see nearly the same message as the screenshot above, except that we did register our site with Google, so our warning only includes a bit about the site is registered but not configured securely. In order for this to be a viable feature for our users, we'd need to find a way to have Google not display that warning. From what I can find online this would require having Moodle use secure tokens, but from what I can see Moodle does not support this in their use of the AuthSub utility.