Moodle for mobile

Is this a native app for Android?

 
You either love it or you hate it
Is this a native app for Android?
Particularly helpful Moodlers

I assume it is, but cannot test this

We use OpenID Connect as an auth method, so when we open the app and enter the site URL, it connects and then forwards to 

https://login.microsoftonline.com/common/oauth2/authorize

We can then login using our office 365 credentials, but after it then forwards us to our redirect URI: https://ourmoodle.ac.uk/auth/oidc/ which logs us in to our moodle website, and in effect misses the app all together.

Anyone know, what we can do so the app will work?

Cheers



 
Average of ratings: -
You either love it or you hate it
Re: Is this a native app for Android?
Particularly helpful Moodlers

Another thing is we have

"It seems that the HTTPS certificate is self-signed or not trusted. The mobile app will only work with trusted sites."

on the mobile settings page, when we know this is not true and our cert passes all checks


Cheers

 
Average of ratings: -
Picture of Ken Task
Re: Is this a native app for Android?
Particularly helpful Moodlers

https://docs.moodle.org/35/en/Moodle_app_FAQ#I_can.27t_get_the_app_to_work._What_can_I_do.3F

SSL Checkers ... look for protocols.
Sites should not allow nor use SSL vr1 nor vr2, or vr3 now ... but TLS 1.2 ... not 1.0.   TLS 1.3 is soon to be 'blessed'.
There is also the issue of ciphers.

'spirit of sharing', Ken



 
Average of ratings: -
You either love it or you hate it
Re: Is this a native app for Android?
Particularly helpful Moodlers

Thanks Ken

I have had a look at this and is related to the SSL message but I am not sure that it is related to the app forwarding to office 365 SSO and then not forwarding back using OpenID Connect?

Should we be using OpenID Connect? or should it be OAuth 2?

And in the docs

"Custom auth plugins may be failing in the last step,not redirecting back to local/mobile, this will happen only if the plugin does not support correctly the $SESSION->wantsurl."


Cheers



 
Average of ratings: -
You either love it or you hate it
Re: Is this a native app for Android?
Particularly helpful Moodlers

TLS 1.3No
TLS 1.2Yes
TLS 1.1Yes
TLS 1.0Yes
SSL 3No
SSL 2

 
Average of ratings: -
Picture of Ken Task
Re: Is this a native app for Android?
Particularly helpful Moodlers

There should be an ssl.conf somewhere ... it's commented ... might want to read study.   Had similar issue when hosting on a server using a global certificate as opposed to a certificate gnerated for the specific host.

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

# Disabled weak RSA ciphers
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!RSA:!aNULL:!MD5:!DSS
SSLHonorCipherOrder On

sslabs now does check of both IPv6 and IPv4 - on a server that gets an A+
and configured by someone who works at a cyber defense company.

First section has, at the bottom, 'Trusted' status and then list

Protocols
TLS 1.3     No
TLS 1.2     Yes
TLS 1.1     No
TLS 1.0     No
SSL 3     No
SSL 2     No
For TLS 1.3 tests, we only support RFC 8446.

There is also a section on simulated handshakes ... Android is included.

'spirit of sharing', Ken

 
Average of ratings: -