auto-login feature #2156
Comments
weilai-irl
added
Issue type - enhancement request
|
Hi @aspark21, Thank you for reporting this. I'll discuss the feasibility of this work with my team and get back to you soon. Regards, |
|
Hi @aspark21, I think I may need some clarification on the feature required, and if I understand it correctly, the auth_oidc plugin can already do it. The main configuration relevant is Force redirect in auth_oidc (auth_oidc | forceredirect). If enabled, users trying to access the login page will skip the login index page and redirect to the OpenID Connect page. So if there is only one active user login in the browser session, the browser will try to login as this user. There is another remotely relevant setting Force users to log in in Administration => Security => Site security settings (forcelogin). If enabled, users will be required to login to see anything on the site. Effectively this will trigger a redirect to the login page. So if I understand your requirement correctly, using the combination of the two settings (or even the first one alone) should achieve what you want. Obviously, if there are multiple active user login in the browser session, or if the login attempt using the active user failed (e.g. because the user is from a different tenant), users will still see the login page. This would be the expected results. Please review the answer and let us know if this isn't what's required. Regards, |
|
Hi Lai, That's why I mentioned "It importantly does not redirect all users all the time, just the ones that are logged in which could make them be logged in to Moodle completely transparently." Our site allows Moodle Guest Login and also has manual accounts for testing purposes so redirecting everyone to AAD authentication is not an option and forcing users to login isn't either. Thanks |
|
Hi @aspark21 This is indeed related to the latest PR #2562, #2563 and #2564. We eventually found a way to implement this, using A new setting is to be added to the auth_oidc plugin configuration. See the provisional description of the setting for details. 
Regards, |
|
Hi @aspark21 This feature has been included in release 4.1.7, 4.2.6 and 4.3.4 on 2nd of July 2024. Please check out the latest version of the plugins to test and use this feature. Regards, |
This was one of the really nice features we saw with going down the auth_saml2 route but have now committed to using auth_oidc. It would detect if the user was logged in with the IDP and if so then would redirect them & log them in without any interaction required
(catalyst/moodle-auth_saml2#426)
It importantly does not redirect all users all the time, just the ones that are logged in which could make them be logged in to Moodle completely transparently.
We would be willing to support the implementation of this feature in whichever way (our devs, funding, etc).
The text was updated successfully, but these errors were encountered: