Your Moodle version

General plugins (Local): OpenID provider

local_openid_idp
Maintained by Picture of Hubert Chathi Hubert Chathi
Enables Moodle to act as an OpenID provider
Moodle 2.0, 2.1, 2.2, 2.3, 2.4

This plugin allows users to log into OpenID-enabled websites using their Moodle account.  It supports the Simple Registration (SReg) and Attribute Exchange (AX) OpenID extensions.

Contributors

Picture of Hubert Chathi
Hubert Chathi (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Capt. Moodle
    Sat, Dec 24, 2011, 5:14 AM
    Hubert - This plugin is actually a patch and I will want to review it more carefully as we are trying to discourage plugins which require patching core code. Thanks for your patience. Peace - Anthony
  • Capt. Moodle
    Sat, Dec 24, 2011, 5:35 AM
    p.s. I also think it would be helpful if the files had licensing information to make it explicit that the code is GPL.
  • MD shot of me from his iphone4
    Tue, Feb 5, 2013, 12:01 PM
    Hi,
    this entry is currently unapproved.
    Should we keep it here as currently being worked on, delete it or consider putting it into the "Others" category if it still doesn't conform to plugin standards?

    i think : "Others" category - but we do need the GPL information.
  • Picture of Hubert Chathi
    Tue, Feb 5, 2013, 11:13 PM
    Aparup, the current version of the plugin does have GPL information, so that should be fine.
    The plugin contains two patches that are optional and not required for the plugin to work. There is also an optional installation step of copying libraries into Moodle's PEAR directory. So basically, the things that are not normal plugin things are optional. IMHO, that shouldn't disqualify it as a local plugin, but if it does, then I'm fine with moving it to the "Others" category.
  • MD shot of me from his iphone4
    Thu, Feb 7, 2013, 10:03 AM
    Hi Hubert,
    I've had a look and i do see the GPL.

    Now that i've read it i tend to agree it its fine for the 'local' category as it won't compromise any automated installation processes. i do think that the readme should mention the plugin works fine without those steps (2 - thru 4).

    The other thing is that the 'readme' is easier to read when its readme.txt smile.

    In any case, publishing this now, its been too long.
  • MD shot of me from his iphone4
    Thu, Feb 7, 2013, 10:05 AM
    Please consider adding to the 'useful links' section (bug tracker, docs)
  • Picture of David Aylmer
    Tue, Aug 20, 2013, 9:20 PM
    Worthy of note: The function getBytes in local\openid_idp\openid-php\Auth\OpenID\CryptUtil.php (JanRain) attempts to read from '/dev/urandom' for maximum entropy when generating random strings.

    Obviously '/dev/urandom' is unix specific and doesn't function on windows.

    The workaround error message provided "Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator." isn't satisfactory from a security standpoint.

    I've found two (secure) workarounds (for PHP > 5.3) when running on windows.

    Prior to the call to:
    $f = @fopen(MCRYPT_DEV_URANDOM, "r");

    1. return bin2hex(mcrypt_create_iv($num_bytes, MCRYPT_DEV_URANDOM));
    2. return openssl_random_pseudo_bytes($num_bytes);

    Hopefully this helps someone

    Cheers,

    -David
Please login to post comments