Single Sign-On (SSO) to Moodle#
The following doc describes how to achieve SSO to Moodle using the Gluu Server IDP and the Moodle OpenID Connect (OIDC) plugin from Office 365.
Install OIDC in Moodle#
Clone the moodle-auth_oidc source code from its git repo:
# git clone https://github.com/Microsoft/moodle-auth_oidc.git
Let's assume that Moodle is installed at the following location:
/var/www/html/moodle.yoursite.com/public_html/.
Move the code to auth as follows:
# mv moodle-auth_oidc /var/www/html/moodle.yoursite.com/public_html/auth/oidc
Login as admin to your Moodle site and then navigate to:
Site administration > Plugins > Authentication
Follow the on-screen instructions about updating the database.
Add OIDC Client in Gluu#
In oxTrust, navigate to OpenID Connect > Clients.
Create a new client with the following specifications:
| Attribute Name | Values |
|---|---|
| Client Name | Your desired value |
| Pre-Authorization | Enabled |
| Authentication method for the Token Endpoint | client_secret_post |
| Redirect Login URIs | https://<hostname>/auth/oidc/ |
| Scopes | address, email, openid, permission, phone, profile, user_name |
| Response Types | code, token, id_token |
| Grant Types | authorization_code, implicit, refresh_token |
| Logout Session Required | True |
Configure Gluu in Moodle#
Enter the corresponding values in the Moodle OIDC form:
| OIDC Form Field Name | Values |
|---|---|
| Provider Name | Gluu OpenID Connect |
| Client ID | Enter the value from the newly created client |
| Client Secret | Enter the value from the newly created client |
| Authorization Endpoint | Enter the authorization_endpoint value, which can be found at https://<idp-hostname>/.well-known/openid-configuration |
| Token Endpoint | Enter the token_endpoint value, which can be found at https://<idp-hostname>/.well-known/openid-configuration |
| Redirect URI auth_oidc | https://<hostname>/auth/oidc/ |