Hi Team,

I have a Moodle 5.0 instance with MFA enabled and locally created logins. I have added an OAuth2 instance with Microsoft Entra ID (Azure AD), which works great. It authenticates and then goes to the User Profile screen (as there are some other mandatory fields they need to complete).

However, a redirect exception error appears once they complete the fields and click Update Profile.

 
The URL it is trying to redirect to is 
https://<<domain>>/admin/tool/policy/view.php?versionid=2&returnurl=https%3A%2F%2F<<domain>>%2Fadmin%2Ftool%2Fpolicy%2Findex.php

As the logon session also appears to be active, the user cannot escape from this point. Even editing the URL and returning to the root URL, it tries to redirect to the above link and errors with the message "Unsupported redirect detected, script execution terminated".

Another user reported the same redirection issue with the MFA plugin for version 4.5.2 here:[ https://moodle.org/mod/forum/discuss.php?d=466885|https://moodle.org/mod/forum/discuss.php?d=466885]

Disabling MFA seems to be the only workaround, which is not feasible.

Appreciate the investigation and fix at your earliest.

Cheers,
Ray.