External Authentication configuration

Authentication methods

Chamilo 2 supports a number of authentication methods, which have to be defined (given the high security requirements of this feature) inside the config/authentication.yaml file. This file can be updated in more recent versions of Chamilo through the template authentication.dist.yaml.

The authentication.yaml file uses the YAML syntax and parameters specific to each authentication method, so it might be a little tricky to configure. This page intends to reduce this difficulty by explaining all settings.

Each entry within the authentication block corresponds to an access URL (for example, default) and contains the enabled authentication methods, along with their requred parameters.

🧾 General structure

parameters:
  authentication:
    <access_url_id>:
      <auth_method>:
        <provider_name>:
          <config_key>: <value>
          <config_key>: <value>

<access_url_id>: Access URL ID (e.g., default, 2, 3).
<auth_method>: Authentication method type (currently only oauth2).
<provider_name>: Name of the specific provider (generic, facebook, keycloak, azure).
<config_key> and <value>: Provider-specific configuration keys and values.

🛡️ Available authentication methods

🔗 oauth2.generic

Generic OAuth2 authentication compatible with any provider that implements the OAuth2 protocol (e.g., Google, GitLab).

Note: This is the equivalent of the OAuth2 plugin configuration from Chamilo v1.11.*.

Key	Type	Description
`enabled`	boolean	Enables or disables this method
`title`	string	Display name for this method
`client_id`	string	OAuth2 client ID
`client_secret`	string	OAuth2 client secret
`provider_options.urlAuthorize`	string	The OAuth2 server URL to request authorization
`provider_options.urlAccessToken`	string	The OAuth2 server URL to request an access token
`provider_options.urlResourceOwnerDetails`	string	The OAuth2 server URL returning the identified user information as a JSON array
`provider_options.responseResourceOwnerId`	string	The array key to the user's OAuth2 identifier value. Default value: `sub`
`allow_create_new_users`	boolean	Automatically creates new users if not found.
`allow_update_user_info`	boolean	Updates user information from the provider.
`resource_owner_username_field`	string / null	Key from the provider's user data to set the username
`resource_owner_firstname_field`	string / null	Key from the provider's user data to set the first name
`resource_owner_lastname_field`	string / null	Key from the provider's user data to set the last name
`resource_owner_email_field`	string / null	Key from the provider's user data to set the e-mail
`resource_owner_status_field`	string / null	The value for this key should be one of these integers: `1` (course manager / teacher), `3` (session administrator), `4` (DRH), `5` (student), `6` (anonymous)
`resource_owner_teacher_status_field`	string / null	If this value matches the value obtained from the `resource_owner_status_field` key, the user will have the role of Course Manager / Teacher
`resource_owner_sessadmin_status_field`	string / null	If this value matches the value obtained from the Response Resource Owner status key, the user will have the role of Session Administrator
`resource_owner_hr_status_field`	string / null	If this value matches the value obtained from the Response Resource Owner status key, the user will have the role of HRM
`resource_owner_student_status_field`	string / null	If this value matches the value obtained from the Response Resource Owner status key, the user will have the role of Student
`resource_owner_anon_status_field`	string / null	If this value matches the value obtained from the Response Resource Owner status key, the user will have the role of Anonymous
`resource_owner_urls_field`	string / null	The fetched values should be found in table access_url columns id or url. Example: `data.0.domaines..url`. `` will be replaced by `0`, then `1`, then `2` and so on while it matches. There can be more than one `*` in this key expression. It means the URLs would be found at $jsonArray["data"]["domaines"][0]["url"] $jsonArray["data"]["domaines"][1]["url"] $jsonArray["data"]["domaines"][2]["url"]

facebook

            facebook:
                enabled: false
                title: 'Facebook'
                client_id: ''
                client_secret: ''
                #graph_api_version: 'v20.0'

keycloak

            keycloak:
                enabled: false
                title: 'Keycloak'
                client_id: ''
                client_secret: ''
                auth_server_url: ''
                realm: ''
                #version: ''

azure

            azure:
                enabled: false
                title: 'Azure'
                client_id: ''
                client_secret: ''

Chamilo LMS

Home
- Tools and sessions
- Quiz: Importing
  - IMS/QTI
Releases
Community support strategy
- Estrategia de soporte comunitario
Translation management
How to report issues
- Comment rapporter une erreur
- Cómo reportar errores
Development
Integration
- Chamilo APIs
  - Rest WebServices
  - GraphQL API / API v3

External Authentication configuration

Authentication methods

🧾 General structure

🛡️ Available authentication methods

🔗 oauth2.generic

facebook

keycloak

azure

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally