Closed Rossco88 closed 3 years ago
MustafaOzman
commented
5 years ago 
Facing same issue as i followed all instruction in Microsoft Teams Documentation but nothing appear.
https://education.microsoft.com/courses-and-resources/resources/microsoft-teams-moodle
Cron job for creating group is not successful
Please, advice if there is anything missing
Moodle released : 3.7.1+
local_0365 version: 2019052001
auth_oidc: 2019052001
!
image
Rossco88
commented
5 years ago I did some further testing on this with a different moodle site.
MustafaOzman, can you confirm if your moodle site is open to the internet?
The site I am currently having difficulty this issue with is only available from our on-premise network.
A new moodle site I created did not have this issue but is open to the internet so I am thinking it because teams can't pull a site list from moodle
MustafaOzman
commented
5 years ago I did some further testing on this with a different moodle site.
MustafaOzman, can you confirm if your moodle site is open to the internet?
The site I am currently having difficulty this issue with is only available from our on-premise network.
A new moodle site I created did not have this issue but is open to the internet so I am thinking it because teams can't pull a site list from moodle
Microsoft Teams app is showing blank but when i open Teams in browser , it list the courses for me. Any idea why?
Another issue, the group in Teams is created as other type instead of class type as i need assignment and notebook to be exit in the group in Teams. How the group can be created as class in Teams when schedule task run to create group from Moodle?
ghost
commented
5 years ago I have the same problem, Moodle app in Microsoft Teams is blank, it doesn't show any course and there is no error text. In the browser it shows a sad face with the message "...my_moodle_url... refused to connect".
Has somebody faced and solved this problem already?
I don't know if it's related, but when I login to moodle using OpenID Microsoft credentials, it ends up in the user profile. There's another issue for this here, in github.
Thank you, Antonio.
MustafaOzman
commented
5 years ago @anzaro You can open Teams using browser to overcome this issue until we find the root cause of the app issue and solve it
Rossco88
commented
5 years ago @jamesmcq any update on this? I am still getting this error in the app and also getting the connection refused in the browser. Can you point us in the direction of some logs to see why this being refused on the moodle side? Thanks
Rossco88
commented
5 years ago In the moodle site that isn't working we see the following in our access logs for moodle
But then nothing after this. In a fresh moodle environment we see the following logs (this is when it works)
"GET /local/o365/teams_tab_configuration.php HTTP/1.1" 200 2299 "https://teams.microsoft.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /local/o365/sso_end.php HTTP/1.1" 200 526 "https://url.domain/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /auth/oidc/index.php HTTP/1.1" 303 800 "https://url.domain/local/o365/teams_tab_configuration.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"POST /auth/oidc/ HTTP/1.1" 303 516 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /local/o365/teams_tab_configuration.php?bypassauth=1&sesskey=W56C57ui HTTP/1.1" 200 2733 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /auth/oidc/index.php HTTP/1.1" 303 516 "https://url.domain/local/o365/teams_tab_configuration.php?bypassauth=1&sesskey=F9ZAJT6X9Z" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /local/o365/teams_tab_configuration.php?bypassauth=1&sesskey=9qEp3780hQ HTTP/1.1" 200 2698 "https://url.domain/local/o365/teams_tab_configuration.php?bypassauth=1&sesskey=F9ZAJT6X9Z" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /local/o365/teams_tab.php?id=2 HTTP/1.1" 303 1069 "https://teams.microsoft.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"GET /course/view.php?id=2 HTTP/1.1" 200 20860 "https://teams.microsoft.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
"POST /lib/ajax/service.php?sesskey=9q34630hQ&info=core_fetch_notifications HTTP/1.1" 200 38 "https://url.domain/course/view.php?id=2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
Rossco88
commented
5 years ago @jamesmcq Is there a limit to the number of units/courses that can be displayed in the iframe? I can see in developer tools that it is actually pulling a list of all our units from moodle. There is around 4500 units currently
Should the plugin only display the course you are trying to load from the team or all courses?
Ablomarcovjk
commented
4 years ago @jamesmcq & @Rossco88 : Any updates on this issue? We are having the same one over here. We want Moodle tab to show in teams but when uploading the custom app it doesn't show anything but moodle.url refused to connect error.
Any updates on this would be amazing.
kristian-94
commented
4 years ago We solved this in our environment with a simple server level config change. There is an nginx config setting that adds a header that allows/prevents your site being embedded in an iframe. On this page, we were getting a lot of errors in the console to do with iframes and the browser refusing to embed.
By changing the ECS variable allow_iframe=true and rolling out a new task def with this, the nginx config in our containers updated and we no longer had this issue.
The specific change in nginx was to remove the header: add_header X-Frame-Options SAMEORIGIN;
Hopefully this helps someone else.
jamesmcq
commented
4 years ago @weilai-irl Thoughts on this one?
weilai-irl
commented
4 years ago @Rossco88, @Ablomarcovjk, @anzaro, @MustafaOzman,
Teams integration in Moodle would require Moodle pages to be allowed to be embedded into frames on pages in other domains to work, technically this would be what happens when you try to open a Moodle tab in teams, either in app or in browser. This would be the primary reason for "refused connection" errors.
In Moodle, there is a setting to control this. It's in "Site administration" -> "Security" -> "HTTP Security" -> "Allow frame embedding (allowframembedding)", and the default value is No. This needs to be changed to Yes. Besides this, as @kristian-94 pointed out, there could be server settings blocking this as well, so it would be best to test this by creating a simple iframe with "src" to be any page of your Moodle site and host it on localhost or a server in a different domain, and confirm the embedded Moodle page can be accessed.
Could you verify this please.
weilai-irl
commented
4 years ago @MustafaOzman,
To answer questions in your notes:
Just to note that the logic about teams creation has changed slightly since version 2019052003. The new logic says, if at least one teacher with OIDC authentication method exists in the course when setting up group sync with Teams feature, Moodle will try to create a Team directly (i.e. not creating group first then creating a team from group), and the Team created would be using education template, thus it will be a class Team.
weilai-irl
commented
4 years ago Hi everyone,
In our recent investigations, we found another case where Moodle tab or configuration pages fails to display content. This happens when trying to login users using SSO, and if the action of logging in the user to Office365 would result in a prompt such as the reminder to setup multi-factor authentication, like the screenshot attached, then the error would happen because the page containing the prompt, which normally would have a URL such as https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=xxx, doesn't permit framing due to its "X-Frame-Options" attribute set to "DENY". As you see, this page is managed by Microsoft therefore changing Moodle server or application settings would have no impact on it. I can't think of an easy workaround to this.
Note this doesn't affect users who have multi-fact authentication set up - in that case, the original logging to teams.microsoft.com would have authenticated the user, and when Moodle tries to SSO, no more prompt window is to be shown, so user would see Moodle pages in tabs correctly. The only case we saw this error so far is the one in the screenshot.
cend77
commented
4 years ago I have the same problem, I downloaded manifest file and uploaded it to tenant's Teams store and when I add the Moodle tab to a team a blank page apperars. I deleted the app from the store and remade it and nothing changes. Please advice me what do I need to make or change? Thanks
nenorojas
commented
4 years ago Hi @cend77 ,
Can you please confirm that you completed the multi-factor authentication for the user as @weilai-irl mentioned and if it worked for you?
If doesn't work, the next step is to check server configuration as mentioned before:
We solved this in our environment with a simple server level config change. There is an nginx config setting that adds a header that allows/prevents your site being embedded in an iframe. On this page, we were getting a lot of errors in the console to do with iframes and the browser refusing to embed. By changing the ECS variable allow_iframe=true and rolling out a new task def with this, the nginx config in our containers updated and we no longer had this issue. The specific change in nginx was to remove the header:
add_header X-Frame-Options SAMEORIGIN;Hopefully this helps someone else.
With both items checked, this issue should be sorted.
Regards
vilyams
commented
3 years ago In our case, the moodle tab is showing 'You dont have any course to add' message briefly and then shows the Login options 'Login to Office 365' button and the 'Login Manually" button.
weilai-irl
commented
3 years ago Hi @vilyams,
From your description, it looks like SSO between teams and Moodle isn't working. The reason for this can vary. At the most basic level, could you confirm if the user in question can use the their Office 365 account to login to Moodle please (in a separate browser, outside of Teams).
Regards, Lai
bradnielsen2981
commented
3 years ago So, in my case, I get the error where by I can see the list of courses and then it quickly flashes to the Login with Office 365 and Login Manually.
I followed the code and for some reason in sso_login.php LINE 40. If I set $loginsuccess = true, it works. Is there any reason why the authentication code below it would return false?
$loginsuccess = true;
if ($authoidctoken = $DB->get_record('auth_oidc_token', ['oidcusername' => $payload->upn])) { if ($user = core_user::get_user($authoidctoken->userid)) { $_POST['code'] = $authoidctoken->authcode; $user = authenticate_user_login($user->username, $user->password, true); if ($user) { complete_user_login($user); $loginsuccess = true; } } }
vilyams
commented
3 years ago Hi @vilyams,
From your description, it looks like SSO between teams and Moodle isn't working. The reason for this can vary. At the most basic level, could you confirm if the user in question can use the their Office 365 account to login to Moodle please (in a separate browser, outside of Teams).
Regards, Lai
Hi Lai,
Yes the user is able to login to Moodle using office 365 account.
klovsb
commented
3 years ago Similar to our case https://github.com/microsoft/o365-moodle/issues/1466
dariozueger
commented
3 years ago We also have the problem, that the user just sees a signin screen, if he wants to add the Moodle App in Teams. We adjusted all the new permissions in Azure AD. The users are abel to login to Moodle using the Office 365 account.
alusignan
commented
3 years ago I am experiencing the same issue as described in #1486
Did you solve this by any chance ?
Thank you !
vilyams
commented
3 years ago Yes we resolved it.
I think the maint issue was that we had to install the Teams Theme for Moodle as a plugin. Without this, it doesn't work. After we installed this plugin, we redid all the steps and it worked.
Regards, William
On Wed, 24 Feb 2021 at 22:52, Alexandre Lusignan @.***> wrote:
I am experiencing the same issue as described in #1486 https://github.com/microsoft/o365-moodle/issues/1486
Did you solve this by any chance ?
Thank you !
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/o365-moodle/issues/1138#issuecomment-785130036, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHWS6DPJKQUF6TIC54YZX63TAUHB7ANCNFSM4INN7RKA .
klovsb
commented
3 years ago Hi everyone,
In our recent investigations, we found another case where Moodle tab or configuration pages fails to display content. This happens when trying to login users using SSO, and if the action of logging in the user to Office365 would result in a prompt such as the reminder to setup multi-factor authentication, like the screenshot attached, then the error would happen because the page containing the prompt, which normally would have a URL such as https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=xxx, doesn't permit framing due to its "X-Frame-Options" attribute set to "DENY". As you see, this page is managed by Microsoft therefore changing Moodle server or application settings would have no impact on it. I can't think of an easy workaround to this.
Note this doesn't affect users who have multi-fact authentication set up - in that case, the original logging to teams.microsoft.com would have authenticated the user, and when Moodle tries to SSO, no more prompt window is to be shown, so user would see Moodle pages in tabs correctly. The only case we saw this error so far is the one in the screenshot.
dariozueger
commented
3 years ago @klovsb Do you also think, that an ADFS infrastructure could lead to the same error as described with the reminder to setup MFA?
klovsb
commented
3 years ago @klovsb Do you also think, that an ADFS infrastructure could lead to the same error as described with the reminder to setup MFA?
@dariozueger I wish I know. I am no expert in ADFS architecture or O365 administration. In our case, the Moodle apps added to individual Team classroom before the plugin's upgrade (from 3.8.0.3) continue to work, so apparently the existing ADFS infrastructure is not breaking Moodle-Team SSO with the existing Moodle app.
klovsb
commented
3 years ago Yes we resolved it. I think the maint issue was that we had to install the Teams Theme for Moodle as a plugin. Without this, it doesn't work. After we installed this plugin, we redid all the steps and it worked. Regards, William @vilyams What is your Moodle, PHP and server environment? Johnny
weilai-irl
commented
3 years ago Hi all,
The local_o365 releases for Moodle 3.9 and 3.10 that contain improvements in Moodle and Teams integration have finally arrived. The new version should fix most issues in the integration, if not all. The release notes for Moodle 3.9 and Moodle 3.10 are linked.
Please upgrade your plugin local_o365 (and auth_oidc which it depends on) to the latest version and try it out. Please report back any remaining issues found in this issue. The issue will be kept open for one month from today, and will be closed if most issues are confirmed resolved.
Regards, Lai
lalitm14
commented
2 years ago Hi Folks,
any definitive solution to this issue?
weilai-irl
commented
2 years ago Hi @lalitm14,
This is a fairly old issue, lasted for nearly 2 years and closed almost 1 year ago. There were a few issues being mentioned in this one, all of which were fixed at the time of issue closure.
If you have any particular question about the integration, please create a new issue and describe your situation - your environment, Moodle and plugin versions, and what's not working. We will then be able to help you.
Regards, Lai
We seem to be having an issue with the moodle app for teams.
We completed all the steps in the plugin (except the bot steps as we are sorting billing our a test azure tenant), downloaded the manifest file and uploaded to teams.
When trying to add the app to a team site, we originally got the all ok but no tab appeared. See below image where you can see moodle has been added but there is no tab.
If we try to add the app again we are prompted with a blank screen as below
The only step we haven't done at this stage is enable OIDC for the users we have manually matched via CSV as our moodle site doesn't support dual auth with OIDC and SAML currently.
Thanks