Office 365 intégration Admin consent does not work properly

Office 365 intégration Admin consent does not work properly

by Christian Poirier -
Number of replies: 8

Hi,

When I click on the link https://myserver.mydomain.ca/local/o365/acp.php?mode=adminconsent



Moodle redirect to https://login.microsoftonline.com/{tenanid}/oauth2/v2.0/authorize?response_type=code&client_id={clientId}&scope=openid%20profile%20email&nonce=N5faeba45595a5&response_mode=form_post&resource=https%3A%2F%2Fgraph.microsoft.com&state=A1apl5Gwi1xHu5p&redirect_uri=https%3A%2F%2Fm2-test.teluq.ca%2Fauth%2Foidc%2F&prompt=admin_consent

I have the following error even if I am the Global administrator of my Azure portal.

AADSTS901002: The 'resource' request parameter is not supported.



Does any one knows what should I do to resolve it?

Thanks

Average of ratings: -
In reply to Christian Poirier

Re: Office 365 intégration Admin consent does not work properly

by Javier Abdel Paco -
I have a similar problem at the time of integrating Moodle with Office 365 (azure), I find the solution I will publish. Regards.

Microsoft
Log in
Sorry, we're having trouble logging in.

AADSTS901002: The 'resource' request parameter is not supported.

Request Id: 473b08f0-6f78-42d0-8820-cc640e0d1100
Correlation Id: 003d5262-8431-433f-a5e0-b35a87acd2bb
Timestamp: 2021-01-29T21:18:39Z
Message: AADSTS901002: The 'resource' request parameter is not supported.
Average of ratings: -
In reply to Javier Abdel Paco

Re: Office 365 intégration Admin consent does not work properly

by Brian Merritt -
Picture of Particularly helpful Moodlers
Hi, did you solve the problem?
Average of ratings: -
In reply to Brian Merritt

Re: Office 365 intégration Admin consent does not work properly

by Brian Merritt -
Picture of Particularly helpful Moodlers
If anyone else gets here, we did the powershell script but didn't set up a dedicated Moodle to O365 user in Active Directory. Once we did that, the resource request parameter error was fixed. Now working to get the username to not be email but rather existing username so duplicate accounts are created.
Average of ratings: -
In reply to Brian Merritt

Re: Office 365 intégration Admin consent does not work properly

by Leonardo Pignato -

Hi Brian

I would like to know specific details how you fixed the error. Did you create a moodle user in AD? where did you set it up later?

thanks in advanced.

Regards. Leonardo

Average of ratings: -
In reply to Leonardo Pignato

Re: Office 365 intégration Admin consent does not work properly

by Brian Merritt -
Picture of Particularly helpful Moodlers
Hi Leonardo

We haven't implemented in live, as we are in exam season, but it works fine on the user acceptance test system. I know we upgraded to the latest software plugins and setup active directory with pretty much the standard options. I will check with the IT developer and see if he did anything else.
Average of ratings: -
In reply to Brian Merritt

Re: Office 365 intégration Admin consent does not work properly

by Brian Merritt -
Picture of Particularly helpful Moodlers
Answer from developer IT

"The username is mapped automatically from the UPN in AzureAD to the username in Moodle. The username is the full 'email like' username, so for us we have had to update our usernames to include the @rvc.ac.uk suffix. There is a setting on the sync 'Match Azure usernames to moodle emails instead of moodle usernames during the sync' which could work for some setups.

The ID number (and other user attribute fields) are configured in the Open ID Authentication plugin settings. I have set ours to be the Object ID in Azure AD, this is the unique user id guid of the user. On this screen you just get to select the mapping from the Moodle field to the Azure AD profile data - there is no option to translate/manipulate the fields when mapping."
Average of ratings: -
In reply to Brian Merritt

Re: Office 365 intégration Admin consent does not work properly

by Brian Merritt -
Picture of Particularly helpful Moodlers
Just had a look on the UAT server and indeed developers have moved usernames to email addresses but via match setting in the sync. That way we syncronise the user and update username to email address without adding users or changing enrolments or permissions. I now need to ensure the analytics system is ready to change usernames to emails too once this goes live :D
Average of ratings: -
In reply to Brian Merritt

Re: Office 365 intégration Admin consent does not work properly

by Leonardo Pignato -

Brian,
Thank you very much for your reply.Specially for all the details about impplementation. Analzing the information you gave me and other forums I could solve the problem.
Unbelevable, the problem I had (AADSTS901002)was generated for the version 2.0 of Authorization Endpoint and Token Endpoint. After doing a lot of test I changed for version 1.0 and all the issues were solved.
Once again, thank you very much for helping me.
Regards. Leonardo

Average of ratings: -