We have a setup with 3 components
A Dashboard/Portal for the user to manage things
A Moodle instance for elearning courses
A Keycloak server for SSO
When the user accesses the portal, it is redirected to Keycloak to sign in and is afterward returned to the dashboard.
From the dashboard the user can jump to moodle, and moodle check's the login state, if not logged in it asks Keycloak for the user login and uses the already logged in user.
This works fine and as expected.
But we have a problem, when a user logs out and another user logs in:
User 1 does login via Dashboard/Keycloak and the goes to Moodle, which recognizes User 1
User 1 closes the Moodle window and returns to the dashboard
In the dahboard user 1 logs out and user 2 logs in via Keycloak too
And here comes the problem:
User 2 goes from the dashboard to Moodle, here Moodle still is logged in as User 1...
If the user does a logout in Moodle itself in step 2, then in step 4 user 2 is active and everything is ok.
But how can I handle the case, when no Moodle logout has been done?
Looks like I need some way to tell keycloak to do backchannel logout's to moodle...
We use the miniOrange SSO plugin in Moodle 3.11.3+
Related
I have an app that all works fine for authentication and it uses Oauth2 (Google).
Now, I am struggling with the logout URL for this app. It works, but I am under the impression that it is possible to logout of it and remain logged into my gmail account please? Currently, ALL accounts are logged out of so the two gmail accounts need to go through login each time the app is used and log out is pressed.
I have read that this is possible but this is the URL that I am using to Log out
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://news.bbc.co.uk
I am sure it can be done because I did it in a former role but do not have the code!
The single sign on (SSO) I mean is at my login page, I do have a button login with window directory or SSO but without typing my username in the login page just a sign in button, my browser able to know my window user id and login successful with my window user id by authenticate with my company Active Directory, I find years of solutions for this but is hard to get
I am working on an app idea and I am curious if a procedure I am thinking of will work.
When a user opens my app he/ she should login with his Facebook credentials and confirms to some permissions. Then a second user should login with his/ her credentials and confirms to the same permissions.
After the two confirmations I would want to save both credentials (and access tokens?) for future use of the app. So every time the app starts, both users get verified with their Facebook accounts and the app gets activated and can be used.
If I understand the Facebook iOS API correctly, it is not possible to login two accounts at once. So how do I:
Start app
Login user 1
Save name and gender for user 1 in a dictionary (do I need to save username and password?)
Logout user 1
Login user 2
Save name and gender for user 2 in a dictionary (do I need to save username and password?)
Logout user 2
Activate app
Above procedure should run every time an app starts.
I looked at the example app with the iOS SDK (SwitchUser) but I just do not understand where the access tokens are saved and how they can be accessed/ used to accomplish above described procedure.
All the help would be appreciated! Thanks!
I have this site (ASP.NET, MVC4) which uses external logins (Facebook and Google) from the template.
Everything works ok, but I'd like to add an option to logout the user automatically after let's say a day or so if the user chooses to, because right now, as long as the user is logged into google or Facebook, the user is automatically logged in, which is good, but I'd like to give the option to logout automatically, or to "Forget" the user.
Thank you in advance.
Im using django-allauth for facebook connect (with js_sdk). It works fine for a user. Now consider the following scenario:
1. User A is logged in through Fb
2. User B logs user A out of Fb on the machine and logs himself in.
3. User B then tries to login with fb on my website (user A didnt log out)
This either gives a fb dialog error that "user A has logged out" or it takes me to /accounts/facebook/login/token (in case of existing user) and /accounts/social/connections saying that "you can log in through any of the third party accounts -> User A or User B (in case of a new user)
How do I deal with this scenario, I want that user B should seamlessly log in through fb (even if user A didn't log out).
Up to 0.11.1 accounts were implicitly connected when you logged in using a social account while a user was already logged in. Therefore, your scenario could not be handled properly. In current master this has been addressed -- the resulting default flows now match your expectations.