Skip to content

implement ForceAuthn properties #903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: MOODLE_405_STABLE
Choose a base branch
from
Open

implement ForceAuthn properties #903

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6805d10
implement ForceAuthn properties
szvarhegyi Jun 11, 2025
f774f7c
implement logout method based on settings
szvarhegyi Jun 12, 2025
8f51cd3
fix logout
szvarhegyi Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion classes/auth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -646,7 +646,11 @@ public function saml_login() {
$params['ErrorURL'] = (new moodle_url('/login/index.php', ['saml' => 0]))->out(false);
}
$params['AllowCreate'] = $this->config->allowcreate == 1;

$forceauthn = get_config('auth_saml2', 'forceauthn');
if($forceauthn && $forceauthn == '1') {
$params['ForceAuthn'] = true;
}

$auth = new \SimpleSAML\Auth\Simple($this->spname);
// Redirect to IdP login page for authentication.
$auth->requireAuth($params);
Expand Down
2 changes: 2 additions & 0 deletions lang/en/auth_saml2.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@
$string['authncontext_help'] = 'Allows augmentation of assertions. Leave blank unless required';
$string['autocreate'] = 'Auto create users';
$string['autocreate_help'] = 'Allow creation of Moodle users on demand';
$string['forceauthn'] = 'ForceAuthn';
$string['forceauthn_help'] = 'Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP.';
$string['autologin'] = 'Auto-login';
$string['autologin_help'] = 'On pages that allow guest access without login, automatically log users into Moodle with a real user account if they are logged in to the IdP (using passive authentication).';
$string['autologinbycookie'] = 'Check when the specified cookie exists or changes';
Expand Down
3 changes: 1 addition & 2 deletions logout.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,4 @@
// probably only used when configuring or testing but nice to have.

$auth = new SimpleSAML\Auth\Simple($saml2auth->spname);
$auth->logout('/');

$auth->logout('/');
9 changes: 9 additions & 0 deletions settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,15 @@
''
));

//ForceAuthn properties
$forceauthn = new admin_setting_configselect(
'auth_saml2/forceauthn',
get_string('forceauthn', 'auth_saml2'),
get_string('forceauthn_help', 'auth_saml2'),
0, $yesno);
$forceauthn->set_updatedcallback('auth_saml2_update_forceauthn');
$settings->add($forceauthn);

// Auto login.
$autologinoptions = [
saml2_settings::OPTION_AUTO_LOGIN_NO => get_string('no'),
Expand Down