Added OIDC draft

2025-05-18 10:40:33 +02:00 · 2025-05-16 09:58:28 +02:00 · 2025-05-16 09:58:28 +02:00 · 52ba4dc3a1
commit 52ba4dc3a1
parent 98346c5988
6 changed files with 42 additions and 4 deletions
--- a/roles/docker-moodle/meta/schema.yml
+++ b/roles/docker-moodle/meta/schema.yml
@ -3,7 +3,6 @@ credentials:
    description: "Password for the Moodle database user"
    algorithm: "bcrypt"
    validation: "^\\$2[aby]\\$.{56}$"
-
  user_password:
    description: "Initial password for the Moodle admin user"
    algorithm: "sha256"
--- a/roles/docker-moodle/tasks/main.yml
+++ b/roles/docker-moodle/tasks/main.yml
@ -12,3 +12,7 @@

 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml
+
+- name: "Configure OIDC login for Moodle if enabled"
+  include_tasks: oidc.yml
+  when: applications | is_feature_enabled('oidc',application)
--- a/roles/docker-moodle/tasks/oidc.yml
+++ b/roles/docker-moodle/tasks/oidc.yml
@ -0,0 +1,33 @@
+---
+- name: "Ensure OIDC plugin is installed inside container"
+  command: >
+    docker exec {{ container_name }} bash -c '
+    set -e;
+    cd /bitnami/moodle;
+    if [ ! -d "auth/oidc" ]; then
+      git clone https://github.com/microsoft/moodle-auth_oidc.git auth/oidc;
+    fi'
+
+- name: "Upgrade Moodle to apply OIDC plugin"
+  command: "docker exec {{ container_name }} php admin/cli/upgrade.php --non-interactive"
+
+- name: "Set Moodle OIDC configuration via CLI"
+  loop:
+    - { name: "issuerurl", value: "{{ oidc.client.issuer_url }}" }
+    - { name: "clientid", value: "{{ oidc.client.id }}" }
+    - { name: "clientsecret", value: "{{ oidc.client.secret }}" }
+    - { name: "authmethod", value: "oidc" }
+    - { name: "loginflow", value: "authorization_code" }
+    - { name: "idpname", value: "Keycloak" }
+    - { name: "scopes", value: "openid profile email" }
+    - { name: "authenticationendpoint", value: "{{ oidc.client.authorize_url }}" }
+    - { name: "tokenendpoint", value: "{{ oidc.client.token_url }}" }
+    - { name: "userinfoendpoint", value: "{{ oidc.client.user_info_url }}" }
+  loop_control:
+    label: "{{ item.name }}"
+  command: >
+    docker exec {{ container_name }} php admin/cli/cfg.php --component=auth_oidc
+    --name={{ item.name }} --set="{{ item.value }}"
+
+- name: "Enable OIDC login"
+  command: "docker exec {{ container_name }} php admin/cli/cfg.php --name=auth --set=oidc"
--- a/roles/docker-moodle/templates/docker-compose.yml.j2
+++ b/roles/docker-moodle/templates/docker-compose.yml.j2
@ -2,7 +2,7 @@ services:

 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  moodle:
-    container_name: moodle
+    container_name: {{ container_name }}
    image: docker.io/bitnami/moodle:{{applications.moodle.version}}
    ports:
      - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@ -9,6 +9,7 @@ features:
  css:                false
  portfolio_iframe:   false
  central_database:   true
+  oidc:               false
 csp:
  flags:
    script-src:
--- a/roles/docker-moodle/vars/main.yml
+++ b/roles/docker-moodle/vars/main.yml
@ -1,3 +1,4 @@
 ---
-application_id:     "moodle"
-database_type:      "mariadb"
+application_id: "moodle"
+database_type:  "mariadb"
+container_name: "{{ application_id }}"