Dear Team,
I am trying to use Azure B2C AD as a identity provider for moodle.
Anybody has done anything is this regard kindly let me know the possibilities.
Thanks
Hi Selvakumar,
we are trying to do the same thing. Have you managed to configure Moodle with B2C ?
Thanks
we are trying to do the same thing. Have you managed to configure Moodle with B2C ?
Thanks
Any news comming from this?
We managed to make it work with this plugin :
But we are not in production yet. Also I'm not sure that the mobile application his working with this plugin.
Have you been able to link accounts from other IDPs like Google, Amazon to AD registered accounts?
Hi Steve and Lucas,
I have managed to create a separate plugin with the help of @Selvakumar Rathinam(He is an azure expert).
Which is now available for download, a link is as follows
I hope this post will be a help.
Cheers!
Gopal
I have managed to create a separate plugin with the help of @Selvakumar Rathinam(He is an azure expert).
Which is now available for download, a link is as follows
Azure AD B2C Connect
I hope this post will be a help.
Cheers!
Gopal
Great!! I'll run some tests on it. Also, I saw that the plugin doesn't support pt_BR, if it works as expected I'll provide a PR with a proper translation to Portuguese.
Hi, @Gopal I've tested the plugin and I'm facing the same problem as the official plugin. I've just opened an issue on GitHub
Best.
Best.
Hi @Lucas,
Thank you for testing out this plugin. I added a reply to you at git as well.
Keeping a post here as well for people who might be looking to find a solution here in the future.
The issue is not with the plugin code, it must be with the setting up of your Azure AD B2C.
I have added settings screenshot of the plugin as follows.
Thank you for testing out this plugin. I added a reply to you at git as well.
Keeping a post here as well for people who might be looking to find a solution here in the future.
The issue is not with the plugin code, it must be with the setting up of your Azure AD B2C.
I have added settings screenshot of the plugin as follows.
A real big thanks! My issue was related to the scope.
Happy to help 🙂.
Now, your issue has been resolved, can you please, put up a comment in the git and close issue's you raised there.
Thank you,
Gopal
Now, your issue has been resolved, can you please, put up a comment in the git and close issue's you raised there.
Thank you,
Gopal
Hi,
I did all required step but I have error. After I signed up or signed in using B2C plugin and back to redirect uri moodle show me error
"Error writing to database"
I during the session i have error like this
Redirect uri have correct value from admin page in moodle
moodle.PNG
@Radek Dud
if someone getting the error like
"Error writing to database" and
Debug info: Column 'token' cannot be null
UPDATE mdl_auth_azureb2c_token SET authcode = ?,token = ?,expiry = ?,refreshtoken = ?,idtoken = ? WHERE id=?
[array (
0 => '9FLvkz2H72OJrbpCsmruTIUZSoIkvbr5xCvzuZia2r4DIdAonTZiSRsc0ZY_-nCVjrrBGOT5lAw9A9N6g',
1 => NULL,
2 => 1596106259,
3 => '',
4 => '1HzIjrJKqiUo2EavCbAZ3kDi3X8vp_TVYLaz_k2YLK_3eg0ieJQO11Jh3pDCzNlZ6kdz8GEg',
5 => '1',
)]
Error code: dmlwriteexception
UPDATE mdl_auth_azureb2c_token SET authcode = ?,token = ?,expiry = ?,refreshtoken = ?,idtoken = ? WHERE id=?
[array (
0 => '9FLvkz2H72OJrbpCsmruTIUZSoIkvbr5xCvzuZia2r4DIdAonTZiSRsc0ZY_-nCVjrrBGOT5lAw9A9N6g',
1 => NULL,
2 => 1596106259,
3 => '',
4 => '1HzIjrJKqiUo2EavCbAZ3kDi3X8vp_TVYLaz_k2YLK_3eg0ieJQO11Jh3pDCzNlZ6kdz8GEg',
5 => '1',
)]
Error code: dmlwriteexception
×Stack trace:
- line 489 of /lib/dml/moodle_database.php: dml_write_exception thrown
- line 1561 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
- line 1593 of /lib/dml/mysqli_native_moodle_database.php: call to mysqli_native_moodle_database->update_record_raw()
- line 500 of /auth/azureb2c/classes/loginflow/base.php: call to mysqli_native_moodle_database->update_record()
- line 443 of /auth/azureb2c/classes/loginflow/authcode.php: call to auth_azureb2c\loginflow\base->updatetoken()
- line 282 of /auth/azureb2c/classes/loginflow/authcode.php: call to auth_azureb2c\loginflow\authcode->handlelogin()
- line 107 of /auth/azureb2c/classes/loginflow/authcode.php: call to auth_azureb2c\loginflow\authcode->handleauthresponse()
- line 105 of /auth/azureb2c/auth.php: call to auth_azureb2c\loginflow\authcode->handleredirect()
- line 29 of /auth/azureb2c/index.php: call to auth_plugin_azureb2c->handleredirect()
×Output buffer: <br /> <b>Notice</b>: Undefined index: access_token in <b>/bitnami/moodle/auth/azureb2c/classes/loginflow/base.php</b> on line <b>490</b><br />
A solution to this issue is as follows
You need to go to
Home -> Azure AD B2C | App registrations -> API permissions
On this page click "+Add a permission" and then Go to tab "APIs my organization uses" or search for you API and select it.
Then add all the 4 permissions
1. offline_access
2.read
3.user_impersonation
4.write
Then "Grant Admin Consent for your API"
Following are some of the screenshot for the help
Hi @Gopal,
We have tried your plugin and it works well, there is only one thing we would like to ask if it's possible to fix:
We are using Moodle as an extension of our app which is using B2C auth as IDP, so we log in first in our app. When we click on a moodle link for a specific course, it always asks for login even if we are already logged in from the other app (same client_id, tenant, app registration, etc.). So it behaves as a separate IDP even though it should work as a SSO.
Funny enough, it works the other way around : If I log into Moodle first, when I go to my app it will be logged in automatically.
Thanks!
Finally I have resolved my issue. In the azureB2cClient.php class, in the getauthrequestparams function,
I have changed the following :
'response_type' => 'code', --> 'response_type' => 'code id_token',
'prompt' => 'login', --> 'prompt' => 'none',
I also removed the if ($promptlogin === true) since I needed it to stay at none.
Now I am able to use B2C auth as SSO, when I click on the B2C login button in the login page, I am automatically logged in with my current session from our site.
It would be great if you could add that option in the b2c settings.
Thank you
I have changed the following :
'response_type' => 'code', --> 'response_type' => 'code id_token',
'prompt' => 'login', --> 'prompt' => 'none',
I also removed the if ($promptlogin === true) since I needed it to stay at none.
Now I am able to use B2C auth as SSO, when I click on the B2C login button in the login page, I am automatically logged in with my current session from our site.
It would be great if you could add that option in the b2c settings.
Thank you