Christian
93bad6fbc6
|
2 years ago | |
|---|---|---|
| .. | ||
| lang | 3 years ago | |
| layout | 2 years ago | |
| src | 3 years ago | |
| view | 2 years ago | |
| CHANGELOG.md | 4 years ago | |
| README.md | 4 years ago | |
| index.php | ||
| install.php | ||
| login.php | 3 years ago | |
| plugin.php | ||
README.md
The Azure Active Directory Plugin
This plugin allows users to authenticate (with OAuth2) through Microsoft's Azure Active Directory. This will modify the login form to either substitute the default login form or add another option to connect through Azure. An option allows you to automatically provision/create users in Chamilo from their account on Azure if they don't exist in Chamilo yet.
This plugin adds two extra fields for users:
organisationemail, the email registered in Azure Active Directory for each user (under Email in the Contact info section).azure_id, to save the internal ID for each user in Azure (which is also the prefix before the @ sign in the User Principal Name).
Prerequisites
This plugin will not work if you do not use HTTPS. Make sure your portal is in HTTPS before you configure this plugin.
To configure Azure Active Directory
- Create and configure an application in your Azure panel (Azure Active Directory -> Applications registration -> New registration))
- In the Authentication section, set an Reply URL with
https://{CHAMILO_URL}/plugin/azure_active_directory/src/callback.php. - In the Front-channel logout URL, use
https://{CHAMILO_URL}/index.php?logout=logout - In Certificates & secrets, create a secret string (or application password). Keep the Value field at hand. If you don't copy it somewhere at this point, it will later be hidden, so take a copy, seriously!
- Make sure you actually have users
To configure this plugin
- Enable: You can enable the plugin once everything is configured correctly. Disabling it will return to the normal Chamilo login procedure.
- Application ID: Enter the Application (client) ID assigned to your app when you created it in your Azure Active Directory interface, under App registrations.
- Application secret: Enter the client secret value created in Certificate & secrets above.
- Block name: (Optional) The name to show above the login button.
- Force logout button: (Optional) Add a button to force logout from Azure.
- Management login: (Optional) Disable the chamilo login and enable an alternative login page for users.
You will need copy the/plugin/azure_active_directory/layout/login_form.tplfile to/main/template/overrides/layout/directory. - Name for the management login: A name for the manager login. By default, it is set to "Management Login".
- Automated provisioning: Enable if you want users to be created automatically in Chamilo (as students) when they don't exist yet.
- Assign a region in which the login option will appear. Preferably
login_bottom.
Enable through the normal login form
You can configure the external login procedure to work with the classic Chamilo form login.
To do it, make sure users have azure in their auth_source field, then add this line in configuration.php file
$extAuthSource["azure"]["login"] = $_configuration['root_sys']."main/auth/external_login/login.azure.php";
Dependencies
This plugin uses the
thenetworg/oauth2-azurepackage.