AFANDI Docs / SSO-Debugging in the Operations
← Back to overview Getting Started

SSO-Debugging in the Operations

Fehleranalyse for SAML/OAuth2 Login-Probleme with Logs and Testszenarien.

Moodle AFANDI standard Handover-ready documentation reviewed on a regular cycle

Quick overview

This page describes the working standard for SSO-Debugging in the Operations – with a focus on concrete decisions rather than general guidance.

The main focus here is which attribute verbindlich gemappt be and roles- and coursezuordnung aus the sync so that teams apply the same standard.

The standard only becomes traceable through linked evidence such as sso-mapping-documentation and through documented edge cases/exceptions.

Practical focusTopic-specificVerifiable

When this page helps

Typical situations in which this page adds value as a working document, and where another document is more appropriate.

Typical use cases

  • when for SSO-Debugging in the Operations technical standards about identity provider, mapping-regeln and roles-sync must be documented in a binding way
  • when team handovers or temporary cover the same process for which attribute verbindlich gemappt be should be able to execute safely
  • when incidents or Changes show that evidence such as sso-mapping-documentation are still missing
  • when configuration or operational deviations (e.g. attribute change sich without abgestimmten mapping-update) occur repeatedly

Less suitable when

  • when SSO-Debugging in the Operations only about a one-off individual case without need for standardization applies
  • when a detailed project ticket or a technical step-by-step guide is the better fit

Recommended process

A pragmatic sequence that works in practice, from scope to review.

  1. capture the current state and scope for SSO-Debugging in the Operations capture, including identity provider, mapping-regeln and roles-sync and critical dependencies.
  2. define the target state and standards; key decisions include which attribute verbindlich gemappt be.
  3. test changes in a controlled way (Staging, Testsystem or Checklist) and Ergebnis document.
  4. implement in production, run follow-up checks, and sso-mapping-documentation + test cases for login/logout link.
  5. Monitoring/Reviews auswerten and recurring Befunde such as „Attribute change sich without abgestimmten Mapping-Update“ in the standard einarbeiten.

Decision rules

Note: Gemeinsame documentation-Standards stehen in the guideline. This page keeps only fest, was for SSO-Debugging in the Operations functional or technisch entschieden was. Central guideline.

SSO-Debugging in the Operations is well documented, when rules, Edge cases and Evidence so clearly are, dass teams so that without additional coordination work can.

Entscheidungsrahmen

For SSO-Debugging in the Operations first define the scope clearly: Identity Provider, Mapping-rules and roles-Sync.

responsibility

decisions about which attribute verbindlich gemappt be and roles- and coursezuordnung aus the sync not implizit lassen, sondern roles and approvals explicitly benennen.

Abweichungsregeln

Allow exceptions only if they do not dilute the standard; especially relevant here are login-flows incl. logout/session.

review triggers

Verifiable is the rule only, when sso-mapping-documentation and test cases for login/logout cleanly verlinkt are.

What should be documented

Here only the spezifischen Inhalte about SSO-Debugging in the Operations maintain; general documentation rules remain in the centraln guideline. Central guideline.

The page is good when a substitute can apply or review the standard without first collecting tribal knowledge.

Kontext

terms, scope and boundaries about SSO-Debugging in the Operations specify in concrete terms, including identity provider, mapping-regeln and roles-sync.

Umsetzungsvorgaben

Den standard so record, dass which attribute verbindlich gemappt be and debug-/supportweg for login-problemen eindeutig entschieden are.

review path

Name and link evidence directly: SSO-Mapping-documentation, test cases for Login/Logout, Logs and Fehlersamples.

Offene Punkte / Exceptions

Aktive Exceptions, the latest change and the next review belong on the page—especially for topics with login-flows incl. logout/session.

Common pitfalls

This section captures real-world pitfalls from SSO-Debugging in the Operations; general guidance belongs in the central guideline. Central guideline.

  • scope driftet: Attribute change sich without abgestimmten Mapping-Update.
  • the rule is too abstract: Fallback-Login is not getestet.
  • evidence is missing: roles-Sync overwrites manuelle Zuweisungen.
  • the exception gets out of control: staging and production drift apart.
Tip: It is better to document three concrete observations from real cases than to keep a long generic list.

Moodle reference (official docs 5.1)

Kurze Verweise on the offizielle Moodle documentation for SSO-Debugging in the Operations. So remains this Page AFANDI-spezifisch and vermeidet doppelte Grundlagen.

Official references

Documentation focus

  • Debug-Checks with Logquelle, Testkonto and Zeitfenster document; no produktiven Geheimnisse speichern.
  • UI path, role and test case record explicitly (not only the desired target state).
  • Mark deviations from AFANDI standards separatelyely so that updates remain easier to review.
Note: Moodle interfaces, paths, and options can vary depending on the version, theme, and enabled plugins. Therefore always include the version, role, and test context on the page.

Review & maintenance

Check this Page gegen reale processes about SSO-Debugging in the Operations – not only gegen the Wortlaut. Entscheidend is, ob standard, Exceptions and Evidence in the Alltag contribute.

  • Stimmen Mapping-rules with the IdP-Stand match?
  • Are Debug-Checks for the Support documented?
  • Gibt it recurring Login-Fehler?
  • Stimmen Konfiguration and documentation match?

Review focus for „SSO-Debugging in the Operations“: Moodle-Operations; check especially identity provider, mapping-regeln and roles-sync.

Useful metrics

A few metrics are enough – what matters is that they trigger decisions or improvements.

For „SSO-Debugging in the Operations“ Kennzahlen directly an which attribute verbindlich gemappt be and the most frequent Praxisrisiken koppeln.

Login-Erfolgsquote

Anteil erfolgreicher SSO-Logins

Interval: monthly

Sync-Fehler

Fehlerhafte Synchronisationen je Lauf

Interval: monthly

Support-cases SSO

Anzahl SSO-bezogener Supporttickets

Interval: monthly

Next steps

Add jetzt the concrete Entscheidung about which attribute verbindlich gemappt be incl. Verantwortlichen, Datum and Verweis on sso-mapping-documentation.

On „SSO-Debugging in the Operations“ make especially clear as the next step: which identity provider, mapping-regeln and roles-sync apply in the standard case and which exceptions are time-limited.