joaop221
commented
1 year ago @weilai-irl is this feature viable?
I'd like to know if there is any process or implementation to make it possible.
Closed joaop221 closed 8 months ago
joaop221
commented
1 year ago @weilai-irl is this feature viable?
I'd like to know if there is any process or implementation to make it possible.
yabbondanza
commented
1 year ago It would be really great if we have a feature like this.
gabiaabreu
commented
1 year ago That would be a nice and useful feature to get implemented. Any updates on this?
frankgalindo
commented
1 year ago Up!
I would appreciate this feature!
weilai-irl
commented
1 year ago Hi @joaop221
Sorry for not getting back to you sooner.
Yes, I think this feature is viable. I'll review your implementation and aim to include it in the next release.
Regards, Lai
joaop221
commented
1 year ago Thank you @weilai-irl for the response.
I'm available for any help needed.
joaop221
commented
11 months ago Hi @weilai-irl,
During tests and reviews of this implementation, I've found some problems with client objects (local_o365) that interact with authentication methods (auth_oidc) when Certificate authentication method is used. Follow the list:
Warning: reading undefined stdClass::clientsecretThis happens because of static method that does not verify authentication method and create an object using client secret. See below:
Proposed solution: https://github.com/microsoft/o365-moodle/pull/2379/commits/be96d22a332e0218472f05cb1082ac418e892101
weilai-irl
commented
10 months ago Hi @joaop221,
I have reviewed your PRs and they look very good to me. They work as expected on certificates configured in file names, and for those encrypted using passphrase.
I made some small changes and created separate branches and PRs in order to comply with our release process. The changes I made are:
I'll include this item in the pre-release test in our process, so that they can be included in the next release.
FYI, support for Moodle 4.0 version of the plugin has been dropped, so this feature will not be supported in 4.0 version.
Thank you again for your contribution. I'll review other issue mentions in your latest comment separately.
Regards, Lai
weilai-irl
commented
8 months ago Hi all,
This feature has been included in the release today for:
@joaop221 Thank you again for your contribution.
Regards, Lai
Greetings,
With actual config of Idp auth requires that user inputs raw certificate contents (including private key). Moodle grants security of this approach, but some organizations require that some of such contents are placed at key vault solution or file path (inclusive key vault can do this). Searching the contributions available here, I've found this implementation #2235 and the discussion about overcomplication that this implementation implies.
So I've been thinking about the possibility of specifying a default location of certificates inside IdP and authentication feature, giving admin option to describe both filenames (public and private key) that will be placed at this "default location". Of course, cert passphrase will be appreciated.
If these ideas are viable for this project, I'm at your disposal. (Some of the work is already done - PR will come soon).