We have been using the Moodle to Google Apps SSO auth plugin using SAML for several years. Today users got a security warning that the certificate wasn't trusted. We re-generated certificates because the old one was actually out of date and had the wrong server name (even though it had worked with that certificate for at least 6 months). However, now the security error says that we are using a self-signed certificate and so it isn't trusted. Google's instructions say to generate your own keys using openssl and don't mention using another certificate authority. Anyone else using this plugin still?
Hi Colin,
Check the Google admin panel SSO settings to see if the login address was changed.
My school district has been using GSaml since 1.9. We are now using it with 2.6. It is working for us, but yesterday a setting had been changed on the Google end that caused it to break for a few hours. We do not use https on our webserver. Somehow, the SSO login address on the Google side was changed from http to https. After that, users were getting an SSL connection error.
It took a few hours to figure out what had happened. After reverting the address back to http, the SSO functioned as expected. The weird thing is there is no record of the SSO address getting switched in the first place. I checked the admin logs in Google and can see where I reverted the address, but the switch to https is nowhere to be found.
Please post back if this is what happened to you. I have a ticket out with their tech support. It would be helpful if I can show that it happened to more than just my district.
Thanks a bunch. That is exactly what happened to us. It really messed up a day of classes and had me trying a bunch of things. I didn't think to check a change in a text field which I had entered years before! I am concerned that the change will occur again and we will need to have a signed certificate.
My ticket with Google support is #05274379 if you want to reference that in your discussions with them.
My ticket with Google support is #05274379 if you want to reference that in your discussions with them.
Thank you for posting your ticket number. Ours is #05273174. After we referenced your ticket, we received a reply from Google support saying they were going to force the change to https for SSO. They have told us we have until next week to do so. It is something we planned to do next summer anyway, but this really puts us under the gun.
Thanks for following up. I haven't heard back from them yet. Well hopefully they will change their documentation because as far as I can see there is not way to use https with a self signed certificate without the browser throwing a warning. I am fine switching to SSL for sign in (again not happy about the time frame), but I hope there is a way to establish trust between Moodle and Google with a self signed certificate.