Open pugwashmsc opened 2 years ago
Could something be done in the createtoken function similar to
// Determine remote username. Use 'upn' if available (Azure-specific), or fall back to standard 'sub'.
$azureb2cusername = $idtoken->claim('emails');
if (!empty($azureb2cusername)) {
$azureb2cusername = $azureb2cusername[0];
// Or.
$azureb2cusername = reset($azureb2cusername);
}
if (empty($azureb2cusername)) {
$azureb2cusername = $idtoken->claim('upn');
}
if (empty($azureb2cusername)) {
$azureb2cusername = $idtoken->claim('sub');
}
There are a who bunch of other places (if this is a sensible idea) that will need updating just from looking around where this is happening. Possibly some upgrade script too?
A setting may be sensible so that admins can control what is being used for the username. Something else to ensure that characters in an email address can be used for usernames also. Maybe the setting will mean that an upgrade script isn't required so as users aren't forced to switch.
I am interested in seeing an addition like this for new instances rather than exisiting Moodle instances.
@pugwashmsc it appears that your Moodle allows different accounts to have the same email address. To see if this is the case, go to Site Administration / Plugins / Authentication / Manage Authentication, then see whether setting Allow accounts with same email (allowaccountssameemail
) is enabled. By default it is disabled, which means somebody made the conscience decision to enable it, so it is probably best not to change that.
To get around this issue, without changing that setting, you could remove the new duplicate user, then change the Choose an Authentication Method field of the original user to Azure AD B2C Connect. When the user logs in via B2C again, they should be logged into their original account.
Moodle 3.11
Authentication plugin auth_azureb2c
SSO has been achieved.
A user creates their Azure B2C account. Moodle is configured to use Azure B2C sign on page via auth_azureb2c.
Existing moodle user creates B2C account using same email address as stored in moodle.
User logs into moodle through Azure B2C login page and is passed through (logged in) to moodle. However, this creates a second account for the user in moodle, so they cannot access their existing courses and data.
Should the auth_azureb2c sync accounts with existing user accounts?
If not, how can this be done?