SSO for Teams App #1550
Comments
|
Hi @Zhuich , What's the Moodle version you are and what's the version of the plugins auth_oidc and local_o365 you are using? Regards |
nenorojas
added
the
Status - need more info
|
Hi @nenorojas! |
|
Hi @Zhuich , Have you created the application on Azure using the PowerShell script? If yes, please double check if you have performed the extra manual steps needed on the application listed here: https://docs.moodle.org/310/en/Office365#3.8.0.4_and_3.9.1_release
And after it's done, please download a new manifest file and update your custom app on the Teams admin page: https://admin.teams.microsoft.com > Teams apps > Manage apps.
We are releasing a new version of plugins for Moodle 3.9 and first version for 3.10, if you would like to upgrade your plugins as well to latest version, that should contain other bug fixes. Regards |
|
@nenorojas I had reported similar problem months ago and had since keeping the suite of plugin uptodate. I am seeing new report of the issue and frankly none of the fixes mentioned in different threads work. The Team-Moodle integration worked beautifully on version 3.8.0.4 but right after that the Login to Microsoft 365 failed. Anyway, we are now on local 365 version 3.9.3 on Moodle version 3.9+. The latest troubleshoot points me to an uncaught error as followed. I managed to capture this on Chrome's Dev tool. Behavior of Login to Microsoft 365 on desktop Team app or on browser is similar. I just can't capture any error mesage on the desktop app. We are on Azure.teams_tab_configuration.php:95 Uncaught ReferenceError: config is not defined |
|
Clarification: We are on Microsoft Office 365. The Moodle server is on premise. |
|
I reported this on #1466 . |
|
Hi @klovsb, I have made pull requests for 3.9 and 3.10 to fix the exact issue that you mentioned in your note #1550 (comment), in which it reports "config is not defined". This will be included in the upcoming release, but feel free to apply the code change manually to see if it works. My feeling is the issue is somewhere else, e.g. Azure app configuration, permissions etc. In normal use cases, SSO should work silently, without requiring users to click on the manual login buttons. But if the button was shown and clicked, I confirm the last release (3.9.3 and 3.10.0) was missing a config variable, and the pull request should fix it. Please give it a try (or wait until the release) and let us know. Regards, |
|
@weilai-irl I have already tried that. No effect. I also noticed a warning about CSP blocking https://teams.microsoft.com/_ . Directive base-uri. Source location: 0-angular-jquery.min-eee9041.js:1. I added it to our IIS Custom HTTP Respond (without the trailing /_). Reset IIS and tried again. I then get error refused to set the document's base URI to 'https://teams.microsoft.com/#/sc********' because it violates the following Content Security Policy directive: "base-uri *.protection.outlook.com". Then another error POST https://teams.microsoft.com/api/me/amer/beta/users/fetchFederated 403. |
|
It is still not working. All these errors are in the browser console. Nothing moves on the login page. We always have the manual login button though. I didn't turn that off so that I can use the admin account. The manual login button would always let me in either with OIDC or manual login but it won't let me finish adding a course tab. Would the older version 3.8.0.3 still work if I roll back on a Moodle 3.9.*? That would be my last resort. Johnny |
|
What login flow are you using in the auth_oidc settings on the Moodle site? We noticed recently that "Resource Owner Password Credentials Grant" doesn't work with Teams SSO. Regards, |
|
@weilai-irl We have been using the recommended Authorization Code Flow since 3.8.0.3. |
|
Team-Moodle has worked beautifully on 3.8.0.3 and before. I am not sure starting from which one, 3.8.0.4 or 3.8.0.5, that it stopped working. To troubleshoot Azure tenant setting I need to get the Office 365 supervisor to do it so I like to make sure I have truly exhausted the Moodle application and server site troubleshooting before I make another request. |
|
As explained on the wiki page, there was a major upgrade of the Teams SSO feature from 3.8.0.3 to 3.8.0.4. The updated version was implemented in line with the latest guidelines from Microsoft on how to authenticate apps in Teams. It was aimed at improving the user experience, obviously, rather than breaking it. It's in our plan to improve the documentation particularly about the Teams SSO, and maybe introduce a FAQ section or separate FAQ page on the wiki. Clearly many factors on either Microsoft 365 or Moodle side can affect the normal operation of Teams SSO. With that in mind, if you email me (in my profile) your contact details, I can look at setting up a quick call with you after the March release to see if I can spot the cause of the issue, with a view to gather common issues to be included in the documentation. Regards, |
|
I had our Office365 supervisor updated the app with the steps listed above. It still does not work. I am attaching the browser console error log here. All domain names and ID are masked for privacy. I have tried adding base-uri directives in CSP but was refused due to a violation. 0-angular-jquery.min-eee9041.js:1 Refused to set the document's base URI to 'https://teams.microsoft.com/_#/school/conversations/General?threadId=1*****************************@thread.skype&ctx=channel' because it violates the following Content Security Policy directive: "base-uri .protection.outlook.com". |
weilai-irl
added
Triaging status - triaged
|
Please check out the latest release of the local_o365 plugin which contains major improvements of Moodle and Teams integration, and confirm if the issues are fixed. The issue will be kept open for one month from today, and will be closed if most issues are confirmed resolved. Regards, |
weilai-irl
added
Issue type - bug
weilai-irl
removed
the
Status - need more info
|
Issue closed one month after release. |
I have moodle with O365 integration. I add into Teams app personal tab, which linked to my moodle. It's work perfect with password auth, but, when i click on Open ID Connect auth - i see black screen in Teams tab. Please, help me!
The text was updated successfully, but these errors were encountered: