Maybe some of you have faced a similar issue.. I am trying to automate Moodle deployment (including O365 SSO). I use auth_oidc plug downloaded from here https://moodle.org/plugins/auth_oidc . I registered an app in Azure: got client id and secret, and now I want to "add" these values to my moodle server. I know I can easily achieve by manually going to plugin settings in my Moodle site but I want to automate it and pass these values directly to a function which, from my understanding is located here /moodlesite.com/auth/oidc/settings.php (correct me if I am wrong). So any ideas how to achieve it??
If you look in settings.php there are 2 settings:
$settings->add(new admin_setting_configtext('auth_oidc/clientid', $configkey, $configdesc, '', PARAM_TEXT));
$settings->add(new admin_setting_configtext('auth_oidc/clientsecret', $configkey, $configdesc, '', PARAM_TEXT));
Those settings are saved in a table called mdl_config_plugins
So after installation you should be able to update them via SQL
UPDATE mdl_config_plugins
SET value = 'xxx'
WHERE plugin = 'auth_oidc'
AND name = 'clientid';
UPDATE mdl_config_plugins
SET value = 'xxx'
WHERE plugin = 'auth_oidc'
AND name = 'clientsecret';
Related
I'm currently troubleshooting a login issue for a deployed Moodle. Login page uses an alternate page which I have managed to identify. The alternate page considers everything except successful login as invalid or expired login or password.
Since some correct login and password are also getting the same issue.I am trying to restore the Moodle instance to use its default login page but did not find any $CFG->alternateloginurl configuration set in moodle.php. Kindly please provide any pointers you can think of on where to look next to restore the login page.
PS: I've also searched within the active theme, and there has not been any code changes. Uses a variant of Moove
Thank you
Rest assured that its a common issue
https://docs.moodle.org/401/en/Managing_authentication#Alternate_login_URL
There is an entry in the database
SELECT *
FROM mdl_config
WHERE name = 'alternateloginurl'
Note the value, just in case, then blank it out
UPDATE mdl_config
SET value = ''
WHERE name = 'alternateloginurl'
Then purge the cache to update Moodle
php admin/cli/purge_caches.php
When you do manage to log in, check which other authentication methods are active via
Site administration > Plugins > Authentication > Manage authentication
https://docs.moodle.org/401/en/Managing_authentication
The default methods are manual and email self registration
Although self registration is disabled by default in the settings on the same page (registerauth)
We are trying to get this working in JBoss EAP 6.2 but for the moment we haven't been able to find the reason why it is failing.
In our application, super users are able to decide which role they want to use after login in the application. So first the user will have a role and then we want to change it. For this we are doing the following:
Subject sub = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
for (Principal p : sub.getPrincipals()) {
if ("Roles".equals(p.getName())) {
SimpleGroup group = (SimpleGroup) p;
group.removeMember(new SimplePrincipal(CONSTANT_SUPER_USER));
group.addMember(new SimplePrincipal(authorizationRole));
}
}
This is actually changing the role in the Subject. But afterwards when the authorization is being checked we get the following in the server's log:
[org.apache.catalina.authenticator] (http-/0.0.0.0:8080-11) We have cached auth type LOGIN for principal GenericPrincipal[userName(superuser,)]
As you can see, it is still getting the old value after modifying it.
We are using our own class extending SimplePrincipal. Checking the content of Faces.getRequest() we have seen that the request contains an userPrincipal of type JBossGenericPrincipal and inside it, it contains our extended SimplePrincipal. Checking both of them we have seen that:
JBossGenericPrincipal.roles contains superuser
JBossGenericPrincipal.subject.principals contains the modified SimpleGroup with the new authorization role
Just for your information, we had this working on Wildfly first and it worked perfectly, but we had to change to JBoss and found that this wasn't working properly. So we think it has to be something related to this specific JBoss version.
Has someone faced this problem? Any idea why this might be failing? I guess we need to put the correct role in JBossGenericPrincipal.roles somehow, but... how?
Any help is appreciated. Thanks!
Seems Red Hat doesn't recommend changing the roles after the authentication has been done. So the only solution was to logout and re-login the user with the new role.
I am creating a startup hook script for liferay to add and preconfigure Roles for Liferay 6.2 behind the scenes.
Specifically I am looking to add the type of permissions that can be accessed through Control Panel > Roles > Actions> Define Permissions.
Currently I am able to add Liferay Roles, but have so far been unsuccessful in finding the correct way to add custom permissions to the Roles programmatically. I see there was a way to do this in prior Liferay versions, but do not see it here.
https://www.liferay.com/community/forums/-/message_boards/message/2965424
https://www.liferay.com/web/guest/community/forums/-/message_boards/message/124558
So far I have investigated RolePermissionUtil, RoleLocalServiceUtil, among other available services.
Let me know if this is available through the service to be added to a startup hook or if this can only be done in the UI.
It appears that the API has changed since these posts.
Thank you in advance for your help
Figured it out using ResourcePermissionLocalServiceUtil.setResourcePermissions and RoleLocalServiceUtil.
Eg.
RoleLocalServiceUtil.fetchRole(CompanyThreadLocal.getCompanyId(), "Role Name");
ResourcePermissionLocalServiceUtil.setResourcePermissions(CompanyThreadLocal.getCompanyId(), Role.class.getName(), ResourceConstants.SCOPE_GROUP_TEMPLATE, String.valueOf(role.getRoleId()), role.getRoleId(), new String[] {ActionKeys.VIEW, ActionKeys.UPDATE, ActionKeys.DELETE});
I used CompanyThreadLocal to obtain the Company Id because I am using this in a hook not a portlet, where typically it would be accessed through the theme display. Here I am just adding access to Roles, but other class namespaces could be added. (eg. "com.liferay.portlet.dynamicdatalists.model.DDLRecordSet")
For a particular project, I am trying to configure mantis to send an email to all Supervisors (65) whenever a new bug is submitted.
To do this I have added an entry to the Configuration Report page as so:
Username: All Users
Project Name: Test New
Type: Complex
Value:
array ('new' => array('threshold_min' => '65', 'threshold_max' => '65'))
When I add that it re-formats it like so:
array (
'new' => 'array(\'threshold_min => \'65',
'threshold_max' => '65\')',
)
and doesn't send the emails to the project supervisors.
Can someone assist me please? Very new to configuring Mantis!
I discovered that I also had to make the Supervisor enabled for 'E-mail on Change of Handler' (I also had to do this for Manager level to receive emails when assigned.
Its now working :)
Login as administrator in mantis.
Click on Manage Configuration.
Click on Email Notification.
You will get a table which tells when mail should be triggered at various instance of time, select appropriate options.
Click here to view the documentation of mantis administrative guide
Attached picture is the snapshot for your assistance...
Below is just for your mantis functionality enhancement...
You can also give CHAT option for different levels of users by including
$g_main_menu_custom_options = array (
array( "Chat", REPORTER, 'chat_page.php' )
);
in your config_inc.php.
I've merged phpchat application with mantis.
You can configure to send emails to a particluar user role as "Manager". Then assign all those 65 people this role in the project.
All these people will get mails.
Let me know if this helps.
There is currently a known limitation in the manage config page, which does not properly handle entry of complex types properly.
I actually started working on a fix for this a while ago based on the initial submission from the issue's reporter, but got sidetracked and never got around to finalizing it. You can find the work in progress on my github branch.
Until then, I'm afraid that your only option would be to enter the required setup directly in config_inc.php.
Working from the Bugzilla API, I've written a quick Perl script to clone a Bugzilla Product (recreating all the Components under their new Product). The Bugzilla Perl API is quite easy to use from the command line. I could have just worked on the database directly, but I wanted a longer-term solution. Another option was the webservice, but I thought I'd try using the API directly this time.
The one problem I'm running into is authenticating as my Bz admin user so I can create the new components. Looking at Bugzilla's Bugzilla.pm file, I see that they just run login() from a Bugzilla::Auth object. I'm not sure how to get the username and password in there. I suppose I could just add the script to the Bugzilla admin interface...
Can any of you point me in the right direction?
Oh, I'm being rather ignorant today, I focused on "web services" and didn't understand what you really wanted.
If you're just using the API to communicate with the database (as opposed to manipulating the database directly), do you really need to authenticate as any user at all?
In the 3.2 source tree, look at merge-users.pl for instance, which uses Bugzilla::User objects. Couldn't you do the same with Bugzilla::Component?
You should also look at sanitycheck.pl, which uses Bugzilla->set_user.
There's been some significant upgrades in the web services capabilities since 3.2, can you upgrade?
In 3.6 at least, check out contrib/bz_webservice_demo.pl for how to use the User.login method.
http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html
The following code snippet might enter the question.
Here we check also that the user has the correct "editcomponents" credential.
my $user = new Bugzilla::User({ name => $login })
|| ThrowUserError('invalid_username', { name => $login });
# Authenticate using this user account.
Bugzilla->set_user($user);
$user->in_group('editcomponents')
|| ThrowUserError("auth_failure", {group => "editcomponents",
action => "add",
object => "products"});