question

JeffNol-7611 avatar image
0 Votes"
JeffNol-7611 asked ·

Enterprise App oAuth2 SSO gets invalid session key

I added my Moodle instance as an Azure AD Enterprise app.
The login works well, but fails in a very specific way (which tends to be quite popular amongst users).

When people click on the login button, they get redirected to the Microsoft login page. Most of the time, through SSO, they're already logged in... so they just click on their account instead of waiting for the auto redirect to do its job. This is when everything crashes.

If people just wait it out and let the autologging work, they'll access Moodle successfully.
Here's the Login page I'm talking about:

Microsoft AzureAD Enterprise App oAuth2 SSO login page

If people click their account on the Microsoft login page, they'll get Incorrect SessKey error.

The Azure AD Enterprise App connection logs shows the following error when an error happens:

50058
The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.




azure-active-directoryazure-webapps
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered ·

Some others have mentioned a similar issue in the Moodle discussion board. You can pass a parameter that disables the auto-login, and this can fix it. Edit your oauth-issuer for Microsoft and add the following in the field "additional login parameters": "prompt=select_account" https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow



Let me know if this helps at all. Others have said that you just need to wait it out, which isn't ideal...

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This solved my issue.

I don't know why my prevous search on the same forum didn't find this thread, but thank you very much for pointing it out. I can finally activate oAuth2 on my production server !

0 Votes 0 ·