Skip to content

[Improvement] Compability with Shibboleth authentification #2919

New issue
New issue
Open
Open
[Improvement] Compability with Shibboleth authentification#2919
@FlorentEdunao

Description

@FlorentEdunao
FlorentEdunao
opened on Nov 6, 2025

Hello,

Here is an improvement to be able to use a Shibboleth auth method combined to local_o365.

This change allows us to use auth_shibboleth for our user accounts and to synchronize data between Moodle and Teams.

Configuration (local_o365)

Image Image

Key params:

  • local_o365 | courseusersyncdirection : From Moodle to Teams
  • local_o365 | usersync -> nodelta : yes

Code improvement

protected function sync_existing_user($syncoptions, $entraiduserdata, $existinguser, $exactmatch) {
        [...]

        // --------------------------- Insert missing record for Shibboleth user ---------------------------
        if (isset($existinguser->auth) && $existinguser->auth === 'shibboleth') {
            $haslocalo365objectrecord = $DB->record_exists('local_o365_objects', [
                'type' => 'user', 'moodleid' => $existinguser->muserid,
            ]);
            if (!$haslocalo365objectrecord) {
                $this->mtrace('Create a local_o365_objects record for Shibboleth user');
                if (empty($entraiduserdata) || empty($entraiduserdata['id']) || empty($existinguser->muserid) ||
                    empty($entraiduserdata['useridentifier'])) {
                    $this->mtrace('[SKIP]: Cannot create a local_o365_objects record for Shibboleth user: missing fields');
                } else {
                    // Create a missing record.
                    $localo365objectrecord = new stdClass();
                    $localo365objectrecord->type = 'user';
                    $localo365objectrecord->subtype = '';
                    $localo365objectrecord->objectid = $entraiduserdata['id'];
                    $localo365objectrecord->moodleid = $existinguser->muserid;
                    $localo365objectrecord->o365name = $entraiduserdata['useridentifier'];
                    $localo365objectrecord->tenant = '';
                    $localo365objectrecord->metadata = null;
                    $localo365objectrecord->timecreated = time();
                    $localo365objectrecord->timemodified = $localo365objectrecord->timecreated;
                    $localo365objectrecord->id = $DB->insert_record('local_o365_objects', $localo365objectrecord);

                    // Set this field to avoid creating a duplicated record at
                    // the area where there is a: "$this->mtrace('Adding o365 object record for user"
                    $existinguser->objectid = $entraiduserdata['id'];
                }
            }
        }
        // --------------------------- Insert missing record for Shibboleth user ---------------------------

        // Assign user to app if not already assigned.
        [...]

This change ("Insert missing record for Shibboleth user") has to be inserted at this line:

o365-moodle/local/o365/classes/feature/usersync/main.php

Line 1569 in 398b3a0

We've added this change on our production platform (86033 Shibboleth users) and it's working well.

Question

However, I would like to ask if we should add new events with Shibboleth even if nodelta is enabled? There may be consequences that we haven't seen yet.

I hope I've added all necessary information.

Thank you!

Have a nice day,

Florent

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions