Closed trueeh closed 9 months ago
NinaHerrmann
commented
9 months ago Please try to formulate your issues more meaningfully in the future (Reproduction Steps, Setup Information, Severity of the problem, etc.). As you might have realized your opencast page requires being logged in. For the background task, the plugin does not pass login parameters. Therefore, I will label this as a feature and help wanted.
justusdieckmann
commented
9 months ago Hey,
as far as we know, everywhere mod_opencast is used, the /static/-Opencast folder requires no seperate authentification. In your case, it seems that opencast requires a seperate authetification, so the request that should fetch the video gets redirected to the login page instead. Of course, it being a background request, there is no way for the user to enter any login data, so the request fails.
Solutions I can think of would be:
I'm not sure if I understood the intent of you creating this issue correctly, did this help? I don't think there is a great way for the plugin to circumvent that issue. Even if the user would login in opencast before loading the moodle page, the phase-out of third party cookies means there would be a need for additional changes both on opencasts and this plugins side for it to do something in most browsers.
trueeh
commented
9 months ago Hey, our Moodle and Opencast are protected by CAS and use SSO, and older mod_opencast versions worked. Unfortunately I do not know which one.
Our Opencast configuration for static is:
and URL signing is disabled. When I try to access a static resource and I am not logged in in CAS, I get an error 403. Is it a problem with the plugin or a configuration issue with CAS enabled in Opencast?
trueeh
commented
9 months ago It is not depending on CAS, it is the config of the static files servlet with authorization check turned on by default:
etc/org.opencastproject.fsresources.StaticResourceServlet.cfg
# Shall the static file server check authorization? # You might want to disable this if you use other means of checking authentication like authentication tokens. # Default: true # authentication.required = true
When I turned this to false it is working again. But I want to have protection for static files. I think the plugin should work with default settings in Opencast ...
mtneug
commented
9 months ago Hi @trueeh. Disabled static security is sadly the requirement for some external Opencast integrations like Moodle, ILIAS or Tobira. The Opencast documentation only mentions ILIAS, but it's the same for Moodle. Currently, there is a discussion about properly securing static resources in a way that external systems can integrate more easily. For now, you would have to disable static file authorization. Note that the Moodle plugin should work with URL signing.
We use CAS SSO for moodle/opencast authentication, but when the media file is to be opened in mod_opencast, it is redirected to CAS and fails:
302 GET https://oc-presenter......./static/mh_default_org/engage-player/....../..........mp4 Blocked GET https://........../login?service=https://oc-presenter...../j_spring_cas_security_check;jsessionid=............
with js console message:
HTTP-Content-Type "text/html" wird nicht unterstützt. Laden der Medienressource https://........../static/mh_default_org/engage-player/................/................mp4 fehlgeschlagen.