Note: This documentation is for Moodle 2.7. For up-to-date documentation see OpenID Connect Authentication Plugin.

OpenID Connect Authentication Plugin

From MoodleDocs
Revision as of 05:02, 13 March 2015 by James McQuillan (talk | contribs) (Created page with "== Introduction == The OpenID Connect authentication plugin allows users to log in to Moodle using any OpenID Connection compliant identity provider. It was developer for use...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

The OpenID Connect authentication plugin allows users to log in to Moodle using any OpenID Connection compliant identity provider. It was developer for use with the Office365 set of plugins to connect to AzureAD, but can be used with any OpenID Connect provider.

Features

  • Standards-Compliant OpenID Connect Authentication
  • Supports authorization code or resource-owner credentials grants
    • Users can log in to Moodle by clicking the identity provider on the login page, or by entering their OpenID Connect credentials.
  • Customizable Icon + Identity Provider name
    • The icon and identity provider name shown on the Moodle login page can be customized. A number of prechosen icons are available, as well as the ability to upload your own.
  • Provides hooks to link OpenID Connect accounts to Moodle accounts
    • If you do not want to change your users' login method, you can still connect to an OpenID Connect provider. The plugin provides code-level hooks to link a Moodle account to an OpenID Connect account without changing the Moodle user's authentication method. This means you can obtain tokens from an OpenID Connect service in the background.
  • Optional user-self-service connection and disconnection
    • A user-facing page is available for users to switch to and from OpenID Connect authentication. Access to this page and feature is controlled by a capability so administrators can disable it.

Installation

The plugin is available from:

This plugin has no dependencies.

Setup

  1. Navigate to Site Administration > Plugins > Authentication and click Manage authentication
  2. Locate the OpenID Connect authentication plugin and click the eye icon to enable
  3. Click the Settings link for the plugin.
  4. Enter the Client ID, Client Secret, Auth Endpoint, and Token Endpoint.
    1. These are obtained from your identity provider when you register a new app. Your identity provider should provide documentation on how to do this.
    2. When registering an app with your identity provider, you will need to enter a Redirect URL. You must use the URL indicated on the plugins settings page.
  5. Click save changes.

Basic Usage

Once configured, you should see a link named "OpenID Connect" on the Moodle login page. Clicking this link will redirect the browser to the identity provider. Users will log in there, and will be redirected back to Moodle. If they have logged in to Moodle using OpenID Connect before, they will be logged in to their existing Moodle account. If they have not logged in to Moodle with OpenID Connect before, an account will be created for them. If the "Prevent account creation when authenticating" setting is enabled in Moodle, new accounts will not be created.

Retrieved from "https://docs.moodle.org/27/en/index.php?title=OpenID_Connect_Authentication_Plugin&oldid=115833"
Powered by MediaWiki