From 869d3c5c5a07ac1e3451628465998bab6338e423 Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <1697880+AngelFQC@users.noreply.github.com>
Date: Wed, 26 Feb 2025 12:27:50 -0500
Subject: [PATCH] Auth: Extend the user.auth_source field #6046

---
 public/main/admin/course_import.php           |  4 +-
 public/main/admin/ldap_synchro.php            |  4 +-
 public/main/admin/user_add.php                | 21 +++-
 public/main/admin/user_edit.php               | 36 +++++--
 public/main/admin/user_export.php             | 17 +++-
 public/main/admin/user_import.php             |  7 +-
 public/main/admin/user_update_import.php      |  9 +-
 public/main/auth/inscription.php              |  3 +-
 public/main/auth/lostPassword.php             |  5 +-
 public/main/auth/profile.php                  |  5 +-
 public/main/cron/import_csv.php               | 11 ++-
 public/main/inc/lib/api.lib.php               | 10 +-
 public/main/inc/lib/login.lib.php             | 96 +++++++++---------
 public/main/inc/lib/myspace.lib.php           |  3 +-
 public/main/inc/lib/online.inc.php            | 13 ++-
 public/main/inc/lib/usermanager.lib.php       | 67 +++++++------
 public/main/inc/lib/webservices/Rest.php      | 12 ++-
 .../inc/lib/zombie/zombie_manager.class.php   | 21 ++--
 .../inc/lib/zombie/zombie_report.class.php    |  4 +-
 public/main/install/install.lib.php           |  7 +-
 public/main/my_space/user_edit.php            |  5 +-
 public/main/session/session_import.php        |  5 +-
 public/main/user/user_export.php              | 25 ++++-
 .../azure_active_directory/src/callback.php   |  2 +-
 .../index.php                                 |  5 +-
 .../plugin/lti_provider/src/LtiProvider.php   |  2 +-
 .../src/Loader/UsersLoader.php                |  2 +-
 .../DataFixtures/AccessUserFixtures.php       |  9 +-
 .../OAuth2ProviderFactoryDecorator.php        |  8 +-
 src/CoreBundle/Entity/User.php                | 97 ++++++++++++++++++-
 src/CoreBundle/Entity/UserAuthSource.php      | 77 +++++++++++++++
 .../AnonymousUserSubscriber.php               |  7 +-
 .../Schema/V200/Version20250221113400.php     | 46 +++++++++
 .../Repository/UserAuthSourceRepository.php   | 22 +++++
 .../OAuth2/GenericAuthenticator.php           |  3 +-
 .../AuthenticationConfigHelper.php            | 39 ++++++--
 tests/datafiller/fill_many_users.php          |  2 +-
 tests/datafiller/fill_users.php               |  2 +-
 38 files changed, 531 insertions(+), 182 deletions(-)
 create mode 100644 src/CoreBundle/Entity/UserAuthSource.php
 create mode 100644 src/CoreBundle/Migrations/Schema/V200/Version20250221113400.php
 create mode 100644 src/CoreBundle/Repository/UserAuthSourceRepository.php

diff --git a/public/main/admin/course_import.php b/public/main/admin/course_import.php
index bb00f572d5c..9ec28218d8b 100644
--- a/public/main/admin/course_import.php
+++ b/public/main/admin/course_import.php
@@ -7,6 +7,8 @@
  * Copyright (c) 2005 Bart Mollet <bart.mollet@hogent.be>.
  */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+
 /**
  * Validates imported data.
  *
@@ -167,7 +169,7 @@ function parse_csv_courses_data($file)
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script();
 
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));
diff --git a/public/main/admin/ldap_synchro.php b/public/main/admin/ldap_synchro.php
index 34ec98897f8..72f7e149c0f 100644
--- a/public/main/admin/ldap_synchro.php
+++ b/public/main/admin/ldap_synchro.php
@@ -95,7 +95,7 @@
 					$password = $val[0];
 					// Pour faciliter la gestion on ajoute le code "etape-annee"
 					$official_code = $etape."-".$annee;
-					$auth_source = "ldap";
+					$auth_source = ["ldap"];
 					// Pas de date d'expiration d'etudiant (a recuperer par rapport au shadow expire LDAP)
 					$expiration_date = '';
 					$active = 1;
@@ -126,7 +126,7 @@
                             $lastname,
                             $username,
                             null,
-                            null,
+                            [],
                             $email,
                             $status,
                             $official_code,
diff --git a/public/main/admin/user_add.php b/public/main/admin/user_add.php
index 3a48c1fa68d..9aed0cb9d7f 100644
--- a/public/main/admin/user_add.php
+++ b/public/main/admin/user_add.php
@@ -2,8 +2,12 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
 
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
@@ -15,6 +19,12 @@
 api_protect_admin_script(true);
 api_protect_limit_for_session_admin();
 
+/** @var AuthenticationConfigHelper $authenticationConfigHelper */
+$authenticationConfigHelper = Container::$container->get(AuthenticationConfigHelper::class);
+
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 $is_platform_admin = api_is_platform_admin() ? 1 : 0;
 
 $message = null;
@@ -175,23 +185,24 @@ function updateStatus(){
 
 // Password
 $group = [];
+$extAuthSource = $authenticationConfigHelper->getAuthSourceAuthentications($accessUrl);
 $auth_sources = 0; //make available wider as we need it in case of form reset (see below)
 $nb_ext_auth_source_added = 0;
-if (isset($extAuthSource) && count($extAuthSource) > 0) {
+if (count($extAuthSource) > 0) {
     $auth_sources = [];
-    foreach ($extAuthSource as $key => $info) {
+    foreach ($extAuthSource as $key) {
         // @todo : make uniform external authentification configuration (ex : cas and external_login ldap)
         // Special case for CAS. CAS is activated from Chamilo > Administration > Configuration > CAS
         // extAuthSource always on for CAS even if not activated
         // same action for file user_edit.php
-        if ((CAS_AUTH_SOURCE == $key && 'true' === api_get_setting('cas_activate')) || (CAS_AUTH_SOURCE != $key)) {
+        if ((UserAuthSource::CAS == $key && 'true' === api_get_setting('cas_activate')) || (UserAuthSource::CAS != $key)) {
             $auth_sources[$key] = $key;
             $nb_ext_auth_source_added++;
         }
     }
     if ($nb_ext_auth_source_added > 0) {
         $group[] = $form->createElement('radio', 'password_auto', null, get_lang('External authentification').' ', 2);
-        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources);
+        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources, ['multiple' => 'multiple']);
         $group[] = $form->createElement('static', '', '', '<br />');
     }
 }
@@ -366,7 +377,7 @@ function updateStatus(){
             $auth_source = $user['password']['auth_source'];
             $password = 'PLACEHOLDER';
         } else {
-            $auth_source = PLATFORM_AUTH_SOURCE;
+            $auth_source = [UserAuthSource::PLATFORM];
             $password = '1' === $user['password']['password_auto'] ? api_generate_password() : $user['password']['password'];
         }
 
diff --git a/public/main/admin/user_edit.php b/public/main/admin/user_edit.php
index 720b4a741ab..c3168a8a107 100644
--- a/public/main/admin/user_edit.php
+++ b/public/main/admin/user_edit.php
@@ -2,8 +2,12 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
 use ChamiloSession as Session;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
 
@@ -21,6 +25,12 @@
 $userObj = api_get_user_entity($user_id);
 $illustrationRepo = Container::getIllustrationRepository();
 
+/** @var AuthenticationConfigHelper $authenticationConfigHelper */
+$authenticationConfigHelper = Container::$container->get(AuthenticationConfigHelper::class);
+
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 $htmlHeadXtra[] = '
 <script>
 var is_platform_id = "'.$is_platform_admin.'";
@@ -192,24 +202,28 @@ function confirmation(name) {
     $form->addRule('username', get_lang('This login is already in use'), 'username_available', $user_data['username']);
 }
 
-if (isset($extAuthSource) && !empty($extAuthSource) && count($extAuthSource) > 0) {
-    $form->addLabel(
-        get_lang('External authentification'),
-        $userInfo['auth_source']
-    );
+$extAuthSource = $authenticationConfigHelper->getAuthSourceAuthentications($accessUrl);
+
+if (!empty($extAuthSource) && count($extAuthSource) > 0) {
+    foreach ($userInfo['auth_sources'] as $userAuthSource) {
+        $form->addLabel(
+            get_lang('External authentification'),
+            $userAuthSource
+        );
+    }
 }
 
 // Password
 $form->addElement('radio', 'reset_password', get_lang('Password'), get_lang('Don\'t reset password'), 0);
 $nb_ext_auth_source_added = 0;
-if (isset($extAuthSource) && !empty($extAuthSource) && count($extAuthSource) > 0) {
+if (!empty($extAuthSource) && count($extAuthSource) > 0) {
     $auth_sources = [];
-    foreach ($extAuthSource as $key => $info) {
+    foreach ($extAuthSource as $key) {
         // @todo : make uniform external authentication configuration (ex : cas and external_login ldap)
         // Special case for CAS. CAS is activated from Chamilo > Administration > Configuration > CAS
         // extAuthSource always on for CAS even if not activated
         // same action for file user_add.php
-        if ((CAS_AUTH_SOURCE == $key && 'true' === api_get_setting('cas_activate')) || (CAS_AUTH_SOURCE != $key)) {
+        if ((UserAuthSource::CAS == $key && 'true' === api_get_setting('cas_activate')) || (UserAuthSource::CAS != $key)) {
             $auth_sources[$key] = $key;
             $nb_ext_auth_source_added++;
         }
@@ -217,8 +231,8 @@ function confirmation(name) {
     if ($nb_ext_auth_source_added > 0) {
         // @todo check the radio button for external authentification and select the external authentication in the menu
         $group[] = $form->createElement('radio', 'reset_password', null, get_lang('External authentification').' ', 3);
-        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources);
-        $group[] = $form->createElement('static', '', '', '<br />');
+        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources, ['multiple' => 'multiple']);
+        $group[] = $form->createElement('static', '', '', '<br />', []);
         $form->addGroup($group, 'password', null, null, false);
     }
 }
@@ -380,6 +394,8 @@ function confirmation(name) {
 
 // Set default values
 $user_data['reset_password'] = 0;
+$user_data['auth_source'] = $userInfo['auth_sources'];
+
 if (!$hideFields) {
     $expiration_date = $user_data['expiration_date'];
     if (empty($expiration_date)) {
diff --git a/public/main/admin/user_export.php b/public/main/admin/user_export.php
index e06d3ad98ac..fc45975094c 100644
--- a/public/main/admin/user_export.php
+++ b/public/main/admin/user_export.php
@@ -2,6 +2,10 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
+use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+
 $cidReset = true;
 
 require_once __DIR__.'/../inc/global.inc.php';
@@ -18,6 +22,9 @@
 $tool_name = get_lang('Export users list');
 $interbreadcrumb[] = ["url" => 'index.php', "name" => get_lang('Administration')];
 
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 set_time_limit(0);
 $coursesSessions = [];
 $coursesSessions[''] = '--';
@@ -87,12 +94,8 @@
 
     $sql = "SELECT
                 u.id 	AS UserId,
-                u.lastname 	AS LastName,
-                u.firstname 	AS FirstName,
                 u.email 		AS Email,
-                u.username	AS UserName,
                 ".(('none' != api_get_configuration_value('password_encryption')) ? " " : "u.password AS Password, ")."
-                u.auth_source	AS AuthSource,
                 u.status		AS Status,
                 u.official_code	AS OfficialCode,
                 u.phone		AS Phone,
@@ -171,6 +174,12 @@
 
     $res = Database::query($sql);
     while ($user = Database::fetch_assoc($res)) {
+        $userEntity = api_get_user_entity($user['UserId']);
+        $user['LastName'] = $userEntity->getLastname();
+        $user['FirstName'] = $userEntity->getFirstname();
+        $user['UserName'] = $userEntity->getUsername();
+        $user['AuthSource'] = implode(', ', $userEntity->getAuthSourcesAuthentications($accessUrl));
+
         $student_data = UserManager:: get_extra_user_data(
             $user['UserId'],
             true,
diff --git a/public/main/admin/user_import.php b/public/main/admin/user_import.php
index 86a55a0f01d..1b2f5f57c23 100644
--- a/public/main/admin/user_import.php
+++ b/public/main/admin/user_import.php
@@ -3,6 +3,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\ExtraFieldOptions;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use ChamiloSession as Session;
 
 /**
@@ -163,7 +164,7 @@ function complete_missing_data($user)
     }
     // 4. Set authsource if not allready set.
     if (empty($user['AuthSource'])) {
-        $user['AuthSource'] = PLATFORM_AUTH_SOURCE;
+        $user['AuthSource'] = UserAuthSource::PLATFORM;
     }
 
     if (empty($user['ExpiryDate'])) {
@@ -233,7 +234,7 @@ function save_data($users, $sendMail = false)
                 $user['language'],
                 $user['PhoneNumber'],
                 '',
-                $user['AuthSource'],
+                [$user['AuthSource']],
                 $user['ExpiryDate'],
                 1,
                 0,
@@ -494,7 +495,7 @@ function processUsers(&$users, $sendMail)
 }
 
 $this_section = SECTION_PLATFORM_ADMIN;
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));
 }
diff --git a/public/main/admin/user_update_import.php b/public/main/admin/user_update_import.php
index 094a6f41ec3..616c38a1356 100644
--- a/public/main/admin/user_update_import.php
+++ b/public/main/admin/user_update_import.php
@@ -6,6 +6,7 @@
  * This tool allows platform admins to add users by uploading a CSV or XML file.
  */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Symfony\Component\DomCrawler\Crawler;
 
 $cidReset = true;
@@ -112,7 +113,7 @@ function updateUsers(
             $userName = isset($user['NewUserName']) ? $user['NewUserName'] : $userInfo['username'];
             $changePassMethod = 0;
             $password = null;
-            $authSource = $userInfo['auth_source'];
+            $authSource = $userInfo['auth_sources'];
 
             if ($resetPassword) {
                 $changePassMethod = 1;
@@ -122,8 +123,8 @@ function updateUsers(
                     $password = $user['Password'];
                 }
 
-                if (isset($user['AuthSource']) && $user['AuthSource'] != $authSource) {
-                    $authSource = $user['AuthSource'];
+                if (isset($user['AuthSource']) && !in_array($user['AuthSource'], $authSource)) {
+                    $authSource = [$user['AuthSource']];
                     $changePassMethod = 3;
                 }
             }
@@ -267,7 +268,7 @@ function parse_xml_data($file)
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true, null);
 
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));
 }
diff --git a/public/main/auth/inscription.php b/public/main/auth/inscription.php
index 97fff339a11..d5dc2b1425f 100644
--- a/public/main/auth/inscription.php
+++ b/public/main/auth/inscription.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\ServiceHelper\ContainerHelper;
 use ChamiloSession as Session;
@@ -928,7 +929,7 @@
             $values['language'],
             $phone,
             null,
-            PLATFORM_AUTH_SOURCE,
+            [UserAuthSource::PLATFORM],
             null,
             1,
             0,
diff --git a/public/main/auth/lostPassword.php b/public/main/auth/lostPassword.php
index 4dffd401c77..0da62fd954c 100644
--- a/public/main/auth/lostPassword.php
+++ b/public/main/auth/lostPassword.php
@@ -14,6 +14,9 @@
  *
  * @todo refactor, move relevant functions to code libraries
  */
+
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+
 require_once __DIR__.'/../inc/global.inc.php';
 
 // Custom pages
@@ -118,7 +121,7 @@
         exit;
     }
 
-    if ('extldap' === $user['auth_source']) {
+    if (in_array(UserAuthSource::CAS, $user['auth_sources'])) {
         Display::addFlash(
             Display::return_message(get_lang('Could not reset password, contact your helpdesk.'), 'info', false)
         );
diff --git a/public/main/auth/profile.php b/public/main/auth/profile.php
index f7966a1a80e..c2aa2c7ec81 100644
--- a/public/main/auth/profile.php
+++ b/public/main/auth/profile.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use ChamiloSession as Session;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
 use Chamilo\CoreBundle\Component\Utils\ToolIcon;
@@ -299,7 +300,7 @@ function show_image(image,width,height) {
 }
 
 //    PASSWORD, if auth_source is platform
-if (PLATFORM_AUTH_SOURCE == $user_data['auth_source'] &&
+if (in_array(UserAuthSource::PLATFORM, $user_data['auth_sources']) &&
     in_array('password', $profileList)
 ) {
     $form->addElement('password', 'password0', [get_lang('Pass'), get_lang('Enter2passToChange')], ['size' => 40]);
@@ -402,7 +403,7 @@ function show_image(image,width,height) {
     }
 
     $allow_users_to_change_email_with_no_password = true;
-    if (isset($user_data['auth_source']) && PLATFORM_AUTH_SOURCE == $user_data['auth_source'] &&
+    if (isset($user_data['auth_sources']) && in_array(UserAuthSource::PLATFORM, $user_data['auth_sources']) &&
         'false' === api_get_setting('allow_users_to_change_email_with_no_password')
     ) {
         $allow_users_to_change_email_with_no_password = false;
diff --git a/public/main/cron/import_csv.php b/public/main/cron/import_csv.php
index 24d662570a8..c047b789fe5 100644
--- a/public/main/cron/import_csv.php
+++ b/public/main/cron/import_csv.php
@@ -1,6 +1,7 @@
 <?php
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CourseBundle\Entity\CCalendarEvent;
 use Chamilo\CourseBundle\Entity\CItemProperty;
 use Chamilo\PluginBundle\Entity\StudentFollowUp\CarePost;
@@ -557,7 +558,7 @@ private function cleanUserRow($row)
         $row['email'] = $row['Email'];
         $row['username'] = $row['UserName'];
         $row['password'] = $row['Password'];
-        $row['auth_source'] = isset($row['AuthSource']) ? $row['AuthSource'] : PLATFORM_AUTH_SOURCE;
+        $row['auth_source'] = $row['AuthSource'] ?? UserAuthSource::PLATFORM;
         $row['official_code'] = $row['OfficialCode'];
         $row['phone'] = isset($row['PhoneNumber']) ? $row['PhoneNumber'] : '';
 
@@ -678,7 +679,7 @@ private function importTeachers($file, $moveFile = true)
                         $language, //$row['language'],
                         $row['phone'],
                         null, //$row['picture'], //picture
-                        $row['auth_source'], // ?
+                        [$row['auth_source']], // ?
                         $expirationDateOnCreation, //'0000-00-00 00:00:00', //$row['expiration_date'], //$expiration_date = '0000-00-00 00:00:00',
                         1, //active
                         0,
@@ -721,7 +722,7 @@ private function importTeachers($file, $moveFile = true)
                         $row['lastname'], // <<-- changed
                         $userInfo['username'],
                         null, //$password = null,
-                        $row['auth_source'],
+                        [$row['auth_source']],
                         $userInfo['email'],
                         COURSEMANAGER,
                         $userInfo['official_code'],
@@ -880,7 +881,7 @@ private function importStudents($file, $moveFile = true)
                         $language, //$row['language'],
                         $row['phone'],
                         null, //$row['picture'], //picture
-                        $row['auth_source'], // ?
+                        [$row['auth_source']], // ?
                         $expirationDateOnCreate,
                         1, //active
                         0,
@@ -983,7 +984,7 @@ private function importStudents($file, $moveFile = true)
                         $row['lastname'], // <<-- changed
                         $row['username'], // <<-- changed
                         $password, //$password = null,
-                        $row['auth_source'],
+                        [$row['auth_source']],
                         $email,
                         STUDENT,
                         $userInfo['official_code'],
diff --git a/public/main/inc/lib/api.lib.php b/public/main/inc/lib/api.lib.php
index 46bdee504e8..55a581fb470 100644
--- a/public/main/inc/lib/api.lib.php
+++ b/public/main/inc/lib/api.lib.php
@@ -179,11 +179,6 @@
 define('SECTION_INCLUDE', 'include');
 define('SECTION_CUSTOMPAGE', 'custompage');
 
-// CONSTANT name for local authentication source
-define('PLATFORM_AUTH_SOURCE', 'platform');
-define('CAS_AUTH_SOURCE', 'cas');
-define('LDAP_AUTH_SOURCE', 'extldap');
-
 // event logs types
 define('LOG_COURSE_DELETE', 'course_deleted');
 define('LOG_COURSE_CREATE', 'course_created');
@@ -1315,7 +1310,7 @@ function _api_format_user($user, $add_password = false, $loadAvatars = true)
         'official_code',
         'status',
         'active',
-        'auth_source',
+        'auth_sources',
         'username',
         'theme',
         'language',
@@ -1524,6 +1519,7 @@ function api_get_user_info(
     $result = Database::query($sql);
     if (Database::num_rows($result) > 0) {
         $result_array = Database::fetch_array($result);
+        $result_array['auth_sources'] = api_get_user_entity($result_array['id'])->getAuthSourcesAuthentications();
         $result_array['user_is_online_in_chat'] = 0;
         if ($checkIfUserOnline) {
             $use_status_in_platform = user_is_online($user_id);
@@ -1647,7 +1643,7 @@ function api_get_user_info_from_entity(
     $result['address'] = $user->getAddress();
     $result['official_code'] = $user->getOfficialCode();
     $result['active'] = $user->isActive();
-    $result['auth_source'] = $user->getAuthSource();
+    $result['auth_sources'] = $user->getAuthSourcesAuthentications();
     $result['language'] = $user->getLocale();
     $result['creator_id'] = $user->getCreatorId();
     $result['created_at'] = $user->getCreatedAt()->format('Y-m-d H:i:s');
diff --git a/public/main/inc/lib/login.lib.php b/public/main/inc/lib/login.lib.php
index 3e8a417a6dd..33fe24f164e 100644
--- a/public/main/inc/lib/login.lib.php
+++ b/public/main/inc/lib/login.lib.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use ChamiloSession as Session;
 
 /**
@@ -252,25 +253,20 @@ public static function get_secret_word($add)
      */
     public static function reset_password($secret, $id, $by_username = false)
     {
-        $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
-        $id = intval($id);
-        $sql = "SELECT
-                    id AS uid,
-                    lastname AS lastName,
-                    firstname AS firstName,
-                    username AS loginName,
-                    password,
-                    email,
-                    auth_source
-                FROM ".$tbl_user."
-                WHERE id = $id";
-        $result = Database::query($sql);
-        $num_rows = Database::num_rows($result);
-
-        if ($result && $num_rows > 0) {
-            $user = Database::fetch_array($result);
-
-            if ('extldap' == $user['auth_source']) {
+        $userEntity = api_get_user_entity((int) $id);
+
+        if ($userEntity) {
+            $user = [
+                'uid' => $userEntity->getId(),
+                'lastName' => $userEntity->getLastname(),
+                'firstName' => $userEntity->getFirstname(),
+                'loginName' => $userEntity->getUsername(),
+                'password' => $userEntity->getPassword(),
+                'email' => $userEntity->getEmail(),
+                'auth_sources' => $userEntity->getAuthSourcesAuthentications(),
+            ];
+
+            if ($userEntity->hasAuthSourceByAuthentication(UserAuthSource::CAS)) {
                 return get_lang('Could not reset password');
             }
         } else {
@@ -281,7 +277,7 @@ public static function reset_password($secret, $id, $by_username = false)
             // OK, secret word is good. Now change password and mail it.
             $user['password'] = api_generate_password();
 
-            UserManager::updatePassword($id, $user['password']);
+            UserManager::updatePassword($userEntity->getId(), $user['password']);
 
             return self::send_password_to_user($user, $by_username);
         } else {
@@ -329,20 +325,21 @@ public static function init_user($user_id, $reset)
                     // Extracting the user data
 
                     $uData = Database::fetch_array($result);
-
-                    $_user['firstName'] = $uData['firstname'];
-                    $_user['lastName'] = $uData['lastname'];
-                    $_user['mail'] = $uData['email'];
-                    $_user['official_code'] = $uData['official_code'];
-                    $_user['picture_uri'] = $uData['picture_uri'];
-                    $_user['user_id'] = $uData['user_id'];
-                    $_user['language'] = $uData['language'];
-                    $_user['auth_source'] = $uData['auth_source'];
-                    $_user['theme'] = $uData['theme'];
-                    $_user['status'] = $uData['status'];
+                    $userEntity = api_get_user_entity($uData['id']);
+
+                    $_user['firstName'] = $userEntity->getFirstname();
+                    $_user['lastName'] = $userEntity->getLastname();
+                    $_user['mail'] = $userEntity->getEmail();
+                    $_user['official_code'] = $userEntity->getOfficialCode();
+                    $_user['picture_uri'] = $userEntity->getPictureUri();
+                    $_user['user_id'] = $userEntity->getId();
+                    $_user['language'] = $userEntity->getLocale();
+                    $_user['auth_sources'] = $userEntity->getAuthSourcesAuthentications();
+                    $_user['theme'] = $userEntity->getTheme();
+                    $_user['status'] = $userEntity->getStatus();
 
                     $is_platformAdmin = (bool) (!is_null($uData['is_admin']));
-                    $is_allowedCreateCourse = (bool) ((1 == $uData['status']) or (api_get_setting('drhCourseManagerRights') and 4 == $uData['status']));
+                    $is_allowedCreateCourse = (bool) ((1 == $userEntity->getStatus()) or (api_get_setting('drhCourseManagerRights') and 4 == $userEntity->getStatus()));
                     ConditionalLogin::check_conditions($uData);
 
                     Session::write('_user', $_user);
@@ -391,25 +388,28 @@ public static function get_user_accounts_by_username($username)
         }
 
         $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
-        $query = "SELECT
-                    id AS uid,
-		            lastname AS lastName,
-		            firstname AS firstName,
-		            username AS loginName,
-		            password,
-		            email,
-                    status AS status,
-                    official_code,
-                    phone,
-                    picture_uri,
-                    creator_id,
-                    auth_source
-				 FROM $tbl_user
-				 WHERE ( $condition AND active = 1) ";
+
+        $query = "SELECT id AS uid FROM $tbl_user WHERE ( $condition AND active = 1) ";
         $result = Database::query($query);
         $num_rows = Database::num_rows($result);
         if ($result && $num_rows > 0) {
-            return Database::fetch_assoc($result);
+            $userInfo = Database::fetch_assoc($result);
+            $user = api_get_user_entity($userInfo['id']);
+
+            return [
+                'id' => $user->getId(),
+                'lastname' => $user->getLastname(),
+                'firstname' => $user->getFirstname(),
+                'username' => $user->getUsername(),
+                'password' => $user->getPassword(),
+                'email' => $user->getEmail(),
+                'status' => $user->getStatus(),
+                'official_code' => $user->getOfficialCode(),
+                'phone' => $user->getPhone(),
+                'picture_uri' => $user->getPictureUri(),
+                'creator_id' => $user->getCreator()?->getId(),
+                'auth_sources' => $user->getAuthSourcesAuthentications(),
+            ];
         }
 
         return false;
diff --git a/public/main/inc/lib/myspace.lib.php b/public/main/inc/lib/myspace.lib.php
index fc9e388d994..819b634258f 100644
--- a/public/main/inc/lib/myspace.lib.php
+++ b/public/main/inc/lib/myspace.lib.php
@@ -2933,8 +2933,7 @@ public static function save_data($users, $course_list, $id_session)
                     $user['Password'],
                     $user['OfficialCode'],
                     api_get_setting('PlatformLanguage'),
-                    $user['PhoneNumber'],
-                    ''
+                    $user['PhoneNumber']
                 );
                 $user['added_at_platform'] = 1;
             } else {
diff --git a/public/main/inc/lib/online.inc.php b/public/main/inc/lib/online.inc.php
index b5bbc6f99db..efec2f05eba 100644
--- a/public/main/inc/lib/online.inc.php
+++ b/public/main/inc/lib/online.inc.php
@@ -1,6 +1,7 @@
 <?php
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Entity\UserRelUser;
 use ChamiloSession as Session;
 
@@ -177,12 +178,14 @@ function online_logout($user_id = null, $logout_redirect = false)
     // (using *authent_name*_logout as the function name) and the following code
     // will find and execute it
     $uinfo = api_get_user_info($user_id);
-    if ((PLATFORM_AUTH_SOURCE != $uinfo['auth_source']) && is_array($extAuthSource)) {
-        if (is_array($extAuthSource[$uinfo['auth_source']])) {
-            $subarray = $extAuthSource[$uinfo['auth_source']];
+    if (!in_array(UserAuthSource::PLATFORM, $uinfo['auth_sources']) && is_array($extAuthSource)) {
+        $firstAuthSource = $uinfo['auth_sources'][0];
+
+        if (is_array($extAuthSource[$firstAuthSource])) {
+            $subarray = $extAuthSource[$firstAuthSource];
             if (!empty($subarray['logout']) && file_exists($subarray['logout'])) {
                 require_once $subarray['logout'];
-                $logout_function = $uinfo['auth_source'].'_logout';
+                $logout_function = $firstAuthSource.'_logout';
                 if (function_exists($logout_function)) {
                     $logout_function($uinfo);
                 }
@@ -209,7 +212,7 @@ function online_logout($user_id = null, $logout_redirect = false)
     Session::destroy();
 
     $pluginKeycloak = 'true' === api_get_plugin_setting('keycloak', 'tool_enable');
-    if ($pluginKeycloak && 'keycloak' === $uinfo['auth_source']) {
+    if ($pluginKeycloak && in_array('keycloak', $uinfo['auth_sources'])) {
         $pluginUrl = api_get_path(WEB_PLUGIN_PATH).'keycloak/start.php?slo';
         header('Location: '.$pluginUrl);
         exit;
diff --git a/public/main/inc/lib/usermanager.lib.php b/public/main/inc/lib/usermanager.lib.php
index 47cef26d649..f387a97075b 100644
--- a/public/main/inc/lib/usermanager.lib.php
+++ b/public/main/inc/lib/usermanager.lib.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Component\Utils\NameConvention;
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\ExtraField as EntityExtraField;
 use Chamilo\CoreBundle\Entity\ExtraFieldSavedSearch;
 use Chamilo\CoreBundle\Entity\Session as SessionEntity;
@@ -9,10 +10,12 @@
 use Chamilo\CoreBundle\Entity\SkillRelUser;
 use Chamilo\CoreBundle\Entity\SkillRelUserComment;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Entity\UserRelUser;
 use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\Repository\GroupRepository;
 use Chamilo\CoreBundle\Repository\Node\UserRepository;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use ChamiloSession as Session;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 use Chamilo\CoreBundle\Entity\ExtraFieldValues as EntityExtraFieldValues;
@@ -83,9 +86,6 @@ public static function updatePassword($userId, $password)
     /**
      * Creates a new user for the platform.
      *
-     * @author Hugues Peeters <peeters@ipm.ucl.ac.be>,
-     * @author Roan Embrechts <roan_embrechts@yahoo.com>
-     *
      * @param string        $firstName
      * @param string        $lastName
      * @param int           $status                  (1 for course tutor, 5 for student, 6 for anonymous)
@@ -96,8 +96,8 @@ public static function updatePassword($userId, $password)
      * @param string        $language                User language    (optional)
      * @param string        $phone                   Phone number    (optional)
      * @param string        $pictureUri             Picture URI        (optional)
-     * @param string        $authSource              Authentication source (defaults to 'platform', dependind on constant)
-     * @param string        $expirationDate          Account expiration date (optional, defaults to null)
+     * @param string        $authSources              Authentication source (defaults to 'platform', dependind on constant)
+     * @param string $expirationDate          Account expiration date (optional, defaults to null)
      * @param int           $active                  Whether the account is enabled or disabled by default
      * @param int           $hrDeptId              The department of HR in which the user is registered (defaults to 0)
      * @param array         $extra                   Extra fields (labels must be prefixed by "extra_")
@@ -116,6 +116,9 @@ public static function updatePassword($userId, $password)
      * If it exists, the current user id is the creator id. If a problem arises,
      * @assert ('Sam','Gamegie',5,'sam@example.com','jo','jo') > 1
      * @assert ('Pippin','Took',null,null,'jo','jo') === false
+     *@author Hugues Peeters <peeters@ipm.ucl.ac.be>,
+     * @author Roan Embrechts <roan_embrechts@yahoo.com>
+     *
      */
     public static function create_user(
         $firstName,
@@ -128,7 +131,7 @@ public static function create_user(
         $language = '',
         $phone = '',
         $pictureUri = '',
-        $authSource = null,
+        ?array $authSources = [],
         $expirationDate = null,
         $active = 1,
         $hrDeptId = 0,
@@ -143,7 +146,7 @@ public static function create_user(
         $emailTemplate = [],
         $redirectToURLAfterLogin = ''
     ) {
-        $authSource = !empty($authSource) ? $authSource : PLATFORM_AUTH_SOURCE;
+        $authSources = !empty($authSources) ? $authSources : [UserAuthSource::PLATFORM];
         $creatorId = empty($creatorId) ? api_get_user_id() : $creatorId;
 
         if (0 === $creatorId) {
@@ -166,22 +169,12 @@ public static function create_user(
             return false;
         }
 
-        global $_configuration;
         $original_password = $password;
 
-        $access_url_id = 1;
-        if (api_get_multiple_access_url()) {
-            $access_url_id = api_get_current_access_url_id();
-        } else {
-            // In some cases, the first access_url ID might be different from 1
-            // for example when using a DB cluster or hacking the DB manually.
-            // In this case, we want the first row, not necessarily "1".
-            $accessUrlRepository = Container::getAccessUrlRepository();
-            $accessUrl = $accessUrlRepository->getFirstId();
-            if (!empty($accessUrl[0]) && !empty($accessUrl[0][1])) {
-                $access_url_id = $accessUrl[0][1];
-            }
-        }
+        /** @var AccessUrlHelper $accessUrlHelper */
+        $accessUrlHelper = Container::$container->get(AccessUrlHelper::class);
+        $accessUrl = $accessUrlHelper->getCurrent();
+        $access_url_id = $accessUrl->getId();
 
         $hostingLimitUsers = get_hosting_limit($access_url_id, 'hosting_limit_users');
 
@@ -220,7 +213,7 @@ public static function create_user(
         }
 
         if (empty($password)) {
-            if (PLATFORM_AUTH_SOURCE === $authSource) {
+            if (in_array(UserAuthSource::PLATFORM, $authSources)) {
                 Display::addFlash(
                     Display::return_message(
                         get_lang('Required field').': '.get_lang(
@@ -236,7 +229,7 @@ public static function create_user(
             // We use the authSource as password.
             // The real validation will be by processed by the auth
             // source not Chamilo
-            $password = $authSource;
+            $password = $authSources;
         }
 
         // Checking the user language
@@ -275,7 +268,6 @@ public static function create_user(
             ->setEmail($email)
             ->setOfficialCode($officialCode)
             ->setCreatorId($creatorId)
-            ->setAuthSource($authSource)
             ->setPhone($phone)
             ->setAddress($address)
             ->setLocale($language)
@@ -284,6 +276,10 @@ public static function create_user(
             ->setTimezone(api_get_timezone())
         ;
 
+        foreach ($authSources as $authSource) {
+            $user->addAuthSourceByAuthentication($authSource, $accessUrl);
+        }
+
         if (null !== $expirationDate) {
             $user->setExpirationDate($expirationDate);
         }
@@ -805,7 +801,7 @@ public static function activate_users($ids = [])
      * @param string $lastname        The user's lastname
      * @param string $username        The user's username (login)
      * @param string $password        The user's password
-     * @param string $auth_source     The authentication source (default: "platform")
+     * @param string $auth_sources     The authentication source (default: "platform")
      * @param string $email           The user's e-mail address
      * @param int    $status          The user's status
      * @param string $official_code   The user's official code (usually just an internal institutional code)
@@ -832,7 +828,7 @@ public static function update_user(
         $lastname,
         $username,
         $password,
-        $auth_source,
+        array $auth_sources,
         $email,
         $status,
         $official_code,
@@ -865,18 +861,17 @@ public static function update_user(
             return false;
         }
 
+        /** @var AccessUrl $accessUrl */
+        $accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
         if (0 == $reset_password) {
             $password = null;
-            $auth_source = $user->getAuthSource();
+            $auth_sources = $user->getAuthSourcesAuthentications($accessUrl);
         } elseif (1 == $reset_password) {
             $original_password = $password = api_generate_password();
-            $auth_source = PLATFORM_AUTH_SOURCE;
+            $auth_sources = [UserAuthSource::PLATFORM];
         } elseif (2 == $reset_password) {
-            $password = $password;
-            $auth_source = PLATFORM_AUTH_SOURCE;
-        } elseif (3 == $reset_password) {
-            $password = $password;
-            $auth_source = $auth_source;
+            $auth_sources = [UserAuthSource::PLATFORM];
         }
 
         // Checking the user language
@@ -917,7 +912,6 @@ public static function update_user(
             ->setFirstname($firstname)
             ->setUsername($username)
             ->setStatus($status)
-            ->setAuthSource($auth_source)
             ->setLocale($language)
             ->setEmail($email)
             ->setOfficialCode($official_code)
@@ -926,8 +920,13 @@ public static function update_user(
             ->setExpirationDate($expiration_date)
             ->setActive($active)
             ->setHrDeptId((int) $hr_dept_id)
+            ->removeAuthSources()
         ;
 
+        foreach ($auth_sources as $authSource) {
+            $user->addAuthSourceByAuthentication($authSource, $accessUrl);
+        }
+
         if (!is_null($password)) {
             $user->setPlainPassword($password);
         }
diff --git a/public/main/inc/lib/webservices/Rest.php b/public/main/inc/lib/webservices/Rest.php
index bc9bc13a903..3b7fdd38515 100644
--- a/public/main/inc/lib/webservices/Rest.php
+++ b/public/main/inc/lib/webservices/Rest.php
@@ -2,12 +2,15 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\Course;
 use Chamilo\CoreBundle\Entity\ExtraFieldValues;
 use Chamilo\CoreBundle\Entity\Message;
 use Chamilo\CoreBundle\Entity\Session;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use Chamilo\CourseBundle\Entity\CLpCategory;
 use Chamilo\CourseBundle\Entity\CNotebook;
 use Chamilo\CourseBundle\Repository\CNotebookRepository;
@@ -1289,7 +1292,7 @@ public function addUser($userParam)
         $language = '';
         $phone = '';
         $picture_uri = '';
-        $auth_source = $userParam['auth_source'] ?? PLATFORM_AUTH_SOURCE;
+        $auth_source = $userParam['auth_source'] ?? UserAuthSource::PLATFORM;
         $expiration_date = '';
         $active = 1;
         $hr_dept_id = 0;
@@ -1329,7 +1332,7 @@ public function addUser($userParam)
             $language,
             $phone,
             $picture_uri,
-            $auth_source,
+            [$auth_source],
             $expiration_date,
             $active,
             $hr_dept_id
@@ -1787,6 +1790,9 @@ public function getSessionFromExtraField($fieldName, $fieldValue)
      */
     public function updateUserFromUserName($parameters)
     {
+        /** @var AccessUrl $accessUrl */
+        $accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
         // find user
         $userId = null;
         if (!is_array($parameters) || empty($parameters)) {
@@ -1840,7 +1846,7 @@ public function updateUserFromUserName($parameters)
                     $user->setProfileCompleted($value);
                     break;
                 case 'auth_source':
-                    $user->setAuthSource($value);
+                    $user->addAuthSourceByAuthentication($value, $accessUrl);
                     break;
                 case 'status':
                     $user->setStatus($value);
diff --git a/public/main/inc/lib/zombie/zombie_manager.class.php b/public/main/inc/lib/zombie/zombie_manager.class.php
index 8604938de6c..3e856c7a2fb 100644
--- a/public/main/inc/lib/zombie/zombie_manager.class.php
+++ b/public/main/inc/lib/zombie/zombie_manager.class.php
@@ -1,6 +1,9 @@
 <?php
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+
 /**
  * ZombieQuery.
  *
@@ -26,7 +29,7 @@ public static function last_year()
      * @param int|string $ceiling     last login date
      * @param bool       $active_only if true returns only active users. Otherwise returns all users.
      *
-     * @return ResultSet
+     * @return array
      */
     public static function listZombies(
         $ceiling,
@@ -41,7 +44,7 @@ public static function listZombies(
             $column = 'firstname';
         }
 
-        $validColumns = ['id', 'official_code', 'firstname', 'lastname', 'username', 'auth_source', 'email', 'status', 'created_at', 'active', 'login_date'];
+        $validColumns = ['id', 'official_code', 'firstname', 'lastname', 'username', 'email', 'status', 'created_at', 'active', 'login_date'];
         if (!in_array($column, $validColumns)) {
             $column = 'firstname';
         }
@@ -51,22 +54,25 @@ public static function listZombies(
         $user_table = Database::get_main_table(TABLE_MAIN_USER);
         $login_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
 
+        /** @var AccessUrlHelper $accessUrlHelper */
+        $accessUrlHelper = Container::$container->get(AccessUrlHelper::class);
+        $accessUrl = $accessUrlHelper->getCurrent();
+
         $sql = 'SELECT
                     user.id,
                     user.official_code,
                     user.firstname,
                     user.lastname,
                     user.username,
-                    user.auth_source,
                     user.email,
                     user.status,
                     user.created_at,
                     user.active,
                     access.login_date';
 
-        if (api_is_multiple_url_enabled()) {
+        if ($accessUrlHelper->isMultiple()) {
             $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
-            $current_url_id = api_get_current_access_url_id();
+            $current_url_id = $accessUrl->getId();
 
             $sql .= " FROM $user_table as user, $login_table as access, $access_url_rel_user_table as url
                       WHERE
@@ -103,7 +109,10 @@ public static function listZombies(
 
         $result = Database::query($sql);
 
-        return Database::store_result($result, 'ASSOC');
+        $userInfo = Database::store_result($result, 'ASSOC');
+        $userInfo['auth_sources'] = api_get_user_entity($userInfo['id'])->getAuthSourcesAuthentications($accessUrl);
+
+        return $userInfo;
     }
 
     /**
diff --git a/public/main/inc/lib/zombie/zombie_report.class.php b/public/main/inc/lib/zombie/zombie_report.class.php
index 063c26fbad6..2ea394c338c 100644
--- a/public/main/inc/lib/zombie/zombie_report.class.php
+++ b/public/main/inc/lib/zombie/zombie_report.class.php
@@ -207,7 +207,7 @@ public function get_data($from, $count, $column, $direction)
             $row[] = $item['username'];
             $row[] = $item['email'];
             $row[] = $item['status'];
-            $row[] = $item['auth_source'];
+            $row[] = $item['auth_sources'];
             $row[] = api_format_date($item['created_at'], DATE_FORMAT_SHORT);
             $row[] = api_format_date($item['login_date'], DATE_FORMAT_SHORT);
             $row[] = $item['active'];
@@ -240,7 +240,7 @@ public function display_data($return = false)
         $table->set_header($col++, get_lang('Login'));
         $table->set_header($col++, get_lang('e-mail'));
         $table->set_header($col++, get_lang('Profile'));
-        $table->set_header($col++, get_lang('Authentication source'));
+        $table->set_header($col++, get_lang('Authentication source'), false);
         $table->set_header($col++, get_lang('Registered date'));
         $table->set_header($col++, get_lang('Latest access'), false);
         $table->set_header($col, get_lang('active'), false);
diff --git a/public/main/install/install.lib.php b/public/main/install/install.lib.php
index 9d0196c1dca..600621dddd0 100644
--- a/public/main/install/install.lib.php
+++ b/public/main/install/install.lib.php
@@ -5,9 +5,11 @@
 use Chamilo\CoreBundle\DataFixtures\LanguageFixtures;
 use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\Repository\GroupRepository;
 use Chamilo\CoreBundle\Repository\Node\AccessUrlRepository;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use Chamilo\CoreBundle\Tool\ToolChain;
 use Doctrine\DBAL\Connection;
 use Doctrine\Migrations\Configuration\Connection\ExistingConnection;
@@ -1497,6 +1499,9 @@ function finishInstallationWithContainer(
     /** @var User $admin */
     $admin = $repo->findOneBy(['username' => 'admin']);
 
+    /** @var AccessUrl $accessUrl */
+    $accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
     $admin
         ->setLastname($adminLastName)
         ->setFirstname($adminFirstName)
@@ -1505,7 +1510,7 @@ function finishInstallationWithContainer(
         ->setPlainPassword($passForm)
         ->setEmail($emailForm)
         ->setOfficialCode('ADMIN')
-        ->setAuthSource(PLATFORM_AUTH_SOURCE)
+        ->addAuthSourceByAuthentication(UserAuthSource::PLATFORM, $accessUrl)
         ->setPhone($adminPhoneForm)
         ->setLocale($languageForm)
         ->setTimezone($timezone)
diff --git a/public/main/my_space/user_edit.php b/public/main/my_space/user_edit.php
index 50255b066c2..461bafd69e8 100644
--- a/public/main/my_space/user_edit.php
+++ b/public/main/my_space/user_edit.php
@@ -101,9 +101,8 @@
         $email = $userInfo['email'];
         $username = $userInfo['username'];
         $send_mail = intval($user['mail']['send_mail']);
-        $auth_source = PLATFORM_AUTH_SOURCE;
         $resetPassword = '1' == $user['password']['password_auto'] ? 0 : 2;
-        $auth_source = $userInfo['auth_source'];
+        $auth_sources = $userInfo['auth_sources'];
         $password = '1' == $user['password']['password_auto'] ? api_generate_password() : $user['password']['password'];
 
         UserManager::update_user(
@@ -112,7 +111,7 @@
             $userInfo['lastname'],
             $userInfo['username'],
             $password,
-            $auth_source,
+            $auth_sources,
             $userInfo['email'],
             $userInfo['status'],
             $userInfo['official_code'],
diff --git a/public/main/session/session_import.php b/public/main/session/session_import.php
index ceb4fcfc24c..4667a5a84ff 100644
--- a/public/main/session/session_import.php
+++ b/public/main/session/session_import.php
@@ -4,6 +4,7 @@
 
 use Chamilo\CoreBundle\Entity\Session;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 
 $cidReset = true;
 
@@ -97,7 +98,7 @@
                                 null,
                                 api_utf8_decode($nodeUser->Phone),
                                 null,
-                                PLATFORM_AUTH_SOURCE,
+                                [UserAuthSource::PLATFORM],
                                 null,
                                 1,
                                 0,
@@ -134,7 +135,7 @@
                                     $lastname,
                                     $username,
                                     $password,
-                                    null,
+                                    [],
                                     $email,
                                     $status,
                                     $officialCode,
diff --git a/public/main/user/user_export.php b/public/main/user/user_export.php
index f108fed9a7d..24c1fff8671 100644
--- a/public/main/user/user_export.php
+++ b/public/main/user/user_export.php
@@ -2,11 +2,18 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+
 require_once __DIR__.'/../inc/global.inc.php';
 $this_section = SECTION_COURSES;
 
 api_protect_admin_script(true, true);
 
+/** @var AccessUrlHelper $accessUrlHelper */
+$accessUrlHelper = Container::$container->get(AccessUrlHelper::class);
+
 $encryption = api_get_configuration_value('password_encryption');
 
 $export = [];
@@ -49,9 +56,10 @@
 
 $extraUrlJoin = '';
 $extraUrlCondition = '';
-if (api_is_multiple_url_enabled()) {
+$accessUrl = $accessUrlHelper->getCurrent();
+if ($accessUrlHelper->isMultiple()) {
     $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
-    $access_url_id = api_get_current_access_url_id();
+    $access_url_id = $accessUrl->getId();
     if (-1 != $access_url_id) {
         $extraUrlJoin .= " INNER JOIN $tbl_user_rel_access_url as user_rel_url
 				           ON (u.id = user_rel_url.user_id) ";
@@ -66,7 +74,6 @@
             u.email 		AS Email,
             u.username	AS UserName,
             ".(('none' !== $encryption) ? " " : "u.password AS Password, ")."
-            u.auth_source	AS AuthSource,
             u.status		AS Status,
             u.official_code	AS OfficialCode,
             u.phone		AS Phone,
@@ -107,9 +114,9 @@
 					ORDER BY lastname,firstname";
     $filename = 'export_users_'.$sessionInfo['name'].'_'.api_get_local_time();
 } else {
-    if (api_is_multiple_url_enabled()) {
+    if ($accessUrlHelper->isMultiple()) {
         $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
-        $access_url_id = api_get_current_access_url_id();
+        $access_url_id = $accessUrl->getId();
         if (-1 != $access_url_id) {
             $sql .= " FROM $userTable u
 					INNER JOIN $tbl_user_rel_access_url as user_rel_url
@@ -161,6 +168,7 @@
 
 $res = Database::query($sql);
 while ($user = Database::fetch_assoc($res)) {
+    $userEntity = api_get_user_entity($user['UserId']);
     $studentData = UserManager:: get_extra_user_data(
         $user['UserId'],
         true,
@@ -174,6 +182,13 @@
             $user[$key] = $value;
         }
     }
+
+    $authSources = $userEntity->getAuthSourcesByUrl($accessUrl)
+        ->map(fn (UserAuthSource $authSource) => $authSource->getAuthentication())
+        ->toArray()
+    ;
+    $user['AuthSource'] = implode(', ', $authSources);
+
     $data[] = $user;
 }
 
diff --git a/public/plugin/azure_active_directory/src/callback.php b/public/plugin/azure_active_directory/src/callback.php
index 7bea1638a15..e420475fe3d 100644
--- a/public/plugin/azure_active_directory/src/callback.php
+++ b/public/plugin/azure_active_directory/src/callback.php
@@ -89,7 +89,7 @@
                 null,
                 $me['telephoneNumber'],
                 null,
-                'azure',
+                ['azure'],
                 null,
                 ($me['accountEnabled'] ? 1 : 0),
                 null,
diff --git a/public/plugin/ext_auth_chamilo_logout_button_behaviour/index.php b/public/plugin/ext_auth_chamilo_logout_button_behaviour/index.php
index 613d23bdc75..3b074879d8c 100644
--- a/public/plugin/ext_auth_chamilo_logout_button_behaviour/index.php
+++ b/public/plugin/ext_auth_chamilo_logout_button_behaviour/index.php
@@ -2,11 +2,14 @@
 
 // personalize the logout button behaviour
 global $_user;
+
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+
 $_template['show_message'] = false;
 
 if (!api_is_anonymous() &&
     'true' == api_get_setting('cas_activate') &&
-    CAS_AUTH_SOURCE == $_user['auth_source']
+    in_array(UserAuthSource::CAS, $_user['auth_sources'])
 ) {
     $_template['show_message'] = true;
     // the link URL
diff --git a/public/plugin/lti_provider/src/LtiProvider.php b/public/plugin/lti_provider/src/LtiProvider.php
index dd77548c19f..c445fc46286 100644
--- a/public/plugin/lti_provider/src/LtiProvider.php
+++ b/public/plugin/lti_provider/src/LtiProvider.php
@@ -118,7 +118,7 @@ public function validateUser(array $launchData, string $courseCode, string $tool
                 '',
                 '',
                 '',
-                $authSource
+                [$authSource]
             );
         } else {
             $userId = $userInfo['user_id'];
diff --git a/public/plugin/migrationmoodle/src/Loader/UsersLoader.php b/public/plugin/migrationmoodle/src/Loader/UsersLoader.php
index 9b0e7acf1ec..bcf5787cf3e 100644
--- a/public/plugin/migrationmoodle/src/Loader/UsersLoader.php
+++ b/public/plugin/migrationmoodle/src/Loader/UsersLoader.php
@@ -57,7 +57,7 @@ public function load(array $incomingData)
             $incomingData['language'],
             $incomingData['phone'],
             null,
-            $incomingData['auth_source'],
+            [$incomingData['auth_source']],
             null,
             $incomingData['active'],
             0,
diff --git a/src/CoreBundle/DataFixtures/AccessUserFixtures.php b/src/CoreBundle/DataFixtures/AccessUserFixtures.php
index 13d543bfe17..89834e4ede6 100644
--- a/src/CoreBundle/DataFixtures/AccessUserFixtures.php
+++ b/src/CoreBundle/DataFixtures/AccessUserFixtures.php
@@ -7,7 +7,9 @@
 namespace Chamilo\CoreBundle\DataFixtures;
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Repository\Node\UserRepository;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use Chamilo\CoreBundle\Tool\ToolChain;
 use Doctrine\Bundle\FixturesBundle\Fixture;
 use Doctrine\Persistence\ObjectManager;
@@ -20,7 +22,8 @@ class AccessUserFixtures extends Fixture
 
     public function __construct(
         private readonly ToolChain $toolChain,
-        private readonly UserRepository $userRepository
+        private readonly UserRepository $userRepository,
+        private readonly AccessUrlHelper $accessUrlHelper,
     ) {}
 
     public function load(ObjectManager $manager): void
@@ -28,6 +31,8 @@ public function load(ObjectManager $manager): void
         $timezone = 'Europe\Paris';
         $this->toolChain->createTools();
 
+        $accessUrl = $this->accessUrlHelper->getCurrent();
+
         // Defined in AccessGroupFixtures.php.
         // $group = $this->getReference('GROUP_ADMIN');
 
@@ -76,7 +81,7 @@ public function load(ObjectManager $manager): void
             ->setFirstname('User')
             ->setCreatorId(1)
             ->setOfficialCode('FALLBACK')
-            ->setAuthSource(PLATFORM_AUTH_SOURCE)
+            ->addAuthSourceByAuthentication(UserAuthSource::PLATFORM, $accessUrl)
             ->setPhone('0000000000')
             ->setTimezone($timezone)
             ->setActive(USER_SOFT_DELETED)
diff --git a/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php b/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php
index 04ed7708ea0..0d0bd9dda68 100644
--- a/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php
+++ b/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php
@@ -54,7 +54,7 @@ public function createProvider(
                     'responseResourceOwnerId' => 'sub',
                 ];
 
-                $customOptions = $this->authenticationConfigHelper->getProviderOptions(
+                $customOptions = $this->authenticationConfigHelper->getOAuthProviderOptions(
                     'generic',
                     [
                         'client_id' => $customConfig['client_id'],
@@ -66,7 +66,7 @@ public function createProvider(
                 break;
 
             case Facebook::class:
-                $customOptions = $this->authenticationConfigHelper->getProviderOptions('facebook', $customConfig);
+                $customOptions = $this->authenticationConfigHelper->getOAuthProviderOptions('facebook', $customConfig);
 
                 break;
 
@@ -74,12 +74,12 @@ public function createProvider(
                 $customConfig['auth_server_url'] ??= '';
                 $customConfig['realm'] ??= '';
 
-                $customOptions = $this->authenticationConfigHelper->getProviderOptions('keycloak', $customConfig);
+                $customOptions = $this->authenticationConfigHelper->getOAuthProviderOptions('keycloak', $customConfig);
 
                 break;
 
             case Azure::class:
-                $customOptions = $this->authenticationConfigHelper->getProviderOptions('azure', $customConfig);
+                $customOptions = $this->authenticationConfigHelper->getOAuthProviderOptions('azure', $customConfig);
 
                 break;
 
diff --git a/src/CoreBundle/Entity/User.php b/src/CoreBundle/Entity/User.php
index ce0a8af6308..db467773989 100644
--- a/src/CoreBundle/Entity/User.php
+++ b/src/CoreBundle/Entity/User.php
@@ -585,9 +585,6 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
     #[ORM\OneToMany(mappedBy: 'user', targetEntity: CGroupRelTutor::class, orphanRemoval: true)]
     protected Collection $courseGroupsAsTutor;
 
-    #[ORM\Column(name: 'auth_source', type: 'string', length: 50, nullable: true)]
-    protected ?string $authSource;
-
     #[ORM\Column(name: 'status', type: 'integer')]
     protected int $status;
 
@@ -702,6 +699,12 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
     #[ORM\OneToMany(mappedBy: 'user', targetEntity: SocialPostFeedback::class, orphanRemoval: true)]
     private Collection $socialPostsFeedbacks;
 
+    /**
+     * @var Collection<int, UserAuthSource>
+     */
+    #[ORM\OneToMany(mappedBy: 'user', targetEntity: UserAuthSource::class, cascade: ['persist'], orphanRemoval: true)]
+    private Collection $authSources;
+
     public function __construct()
     {
         $this->skipResourceNode = false;
@@ -711,7 +714,6 @@ public function __construct()
         $this->website = '';
         $this->locale = 'en';
         $this->timezone = 'Europe\Paris';
-        $this->authSource = 'platform';
         $this->status = CourseRelUser::STUDENT;
         $this->salt = sha1(uniqid('', true));
         $this->active = 1;
@@ -765,6 +767,7 @@ public function __construct()
         $this->sentSocialPosts = new ArrayCollection();
         $this->receivedSocialPosts = new ArrayCollection();
         $this->socialPostsFeedbacks = new ArrayCollection();
+        $this->authSources = new ArrayCollection();
     }
 
     public function __toString(): string
@@ -2405,4 +2408,90 @@ public function isCourseTutor(?Course $course = null, ?Session $session = null):
     {
         return $session?->hasCoachInCourseList($this) || $course?->getSubscriptionByUser($this)?->isTutor();
     }
+
+    /**
+     * @return Collection<int, UserAuthSource>
+     */
+    public function getAuthSources(): Collection
+    {
+        return $this->authSources;
+    }
+
+    public function getAuthSourcesByUrl(AccessUrl $url): Collection
+    {
+        $criteria = Criteria::create();
+        $criteria->where(
+            Criteria::expr()->eq('url', $url)
+        );
+
+        return $this->authSources->matching($criteria);
+    }
+
+    /**
+     * @return array<int, string>
+     */
+    public function getAuthSourcesAuthentications(?AccessUrl $url = null): array
+    {
+        $authSources = $url ? $this->getAuthSourcesByUrl($url) : $this->getAuthSources();
+
+        return $authSources->map(fn (UserAuthSource $authSource) => $authSource->getAuthentication())->toArray();
+    }
+
+    public function addAuthSource(UserAuthSource $authSource): static
+    {
+        if (!$this->authSources->contains($authSource)) {
+            $this->authSources->add($authSource);
+            $authSource->setUser($this);
+        }
+
+        return $this;
+    }
+
+    public function addAuthSourceByAuthentication(string $authentication, AccessUrl $url): static
+    {
+        $authSource = (new UserAuthSource())
+            ->setAuthentication($authentication)
+            ->setUrl($url)
+        ;
+
+        $this->addAuthSource($authSource);
+
+        return $this;
+    }
+
+    public function hasAuthSourceByAuthentication(string $authentication): bool
+    {
+        return $this->authSources
+            ->exists(fn(UserAuthSource $authSource) => $authSource->getAuthentication() === $authentication)
+        ;
+    }
+
+    public function getAuthSourceByAuthentication(string $authentication): UserAuthSource
+    {
+        return $this->authSources->findFirst(
+            fn(UserAuthSource $authSource) => $authSource->getAuthentication() === $authentication
+        );
+    }
+
+    public function removeAuthSources(): static {
+        foreach ($this->authSources as $authSource) {
+            $authSource->setUser(null);
+        }
+
+        $this->authSources = new ArrayCollection();
+
+        return $this;
+    }
+
+    public function removeAuthSource(UserAuthSource $authSource): static
+    {
+        if ($this->authSources->removeElement($authSource)) {
+            // set the owning side to null (unless already changed)
+            if ($authSource->getUser() === $this) {
+                $authSource->setUser(null);
+            }
+        }
+
+        return $this;
+    }
 }
diff --git a/src/CoreBundle/Entity/UserAuthSource.php b/src/CoreBundle/Entity/UserAuthSource.php
new file mode 100644
index 00000000000..6defda126bf
--- /dev/null
+++ b/src/CoreBundle/Entity/UserAuthSource.php
@@ -0,0 +1,77 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Entity;
+
+use Chamilo\CoreBundle\Repository\UserAuthSourceRepository;
+use Doctrine\ORM\Mapping as ORM;
+
+//agregar url_id priority
+#[ORM\Entity(repositoryClass: UserAuthSourceRepository::class)]
+class UserAuthSource
+{
+    public const PLATFORM = 'platform';
+    public const CAS = 'cas';
+    public const LDAP = 'extldap';
+
+
+    #[ORM\Id]
+    #[ORM\GeneratedValue]
+    #[ORM\Column]
+    private ?int $id = null;
+
+    #[ORM\Column(length: 255)]
+    private ?string $authentication = null;
+
+    #[ORM\ManyToOne]
+    #[ORM\JoinColumn(nullable: false)]
+    private ?AccessUrl $url = null;
+
+    #[ORM\ManyToOne(inversedBy: 'authSources')]
+    #[ORM\JoinColumn(nullable: false)]
+    private ?User $user = null;
+
+    public function getId(): ?int
+    {
+        return $this->id;
+    }
+
+    public function getAuthentication(): ?string
+    {
+        return $this->authentication;
+    }
+
+    public function setAuthentication(string $authentication): static
+    {
+        $this->authentication = $authentication;
+
+        return $this;
+    }
+
+    public function getUrl(): ?AccessUrl
+    {
+        return $this->url;
+    }
+
+    public function setUrl(?AccessUrl $url): static
+    {
+        $this->url = $url;
+
+        return $this;
+    }
+
+    public function getUser(): ?User
+    {
+        return $this->user;
+    }
+
+    public function setUser(?User $user): static
+    {
+        $this->user = $user;
+
+        return $this;
+    }
+}
diff --git a/src/CoreBundle/EventSubscriber/AnonymousUserSubscriber.php b/src/CoreBundle/EventSubscriber/AnonymousUserSubscriber.php
index 9452138dcd8..57d8a6be186 100644
--- a/src/CoreBundle/EventSubscriber/AnonymousUserSubscriber.php
+++ b/src/CoreBundle/EventSubscriber/AnonymousUserSubscriber.php
@@ -8,6 +8,7 @@
 
 use Chamilo\CoreBundle\Entity\TrackELogin;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
 use Chamilo\CoreBundle\Settings\SettingsManager;
 use DateTime;
 use Doctrine\ORM\EntityManagerInterface;
@@ -23,7 +24,8 @@ class AnonymousUserSubscriber implements EventSubscriberInterface
     public function __construct(
         private readonly Security $security,
         private readonly EntityManagerInterface $entityManager,
-        private readonly SettingsManager $settingsManager
+        private readonly SettingsManager $settingsManager,
+        private readonly AccessUrlHelper $accessUrlHelper,
     ) {}
 
     public function onKernelRequest(RequestEvent $event): void
@@ -34,6 +36,7 @@ public function onKernelRequest(RequestEvent $event): void
 
         $request = $event->getRequest();
         $userIp = $request->getClientIp() ?: '127.0.0.1';
+        $accessUrl = $this->accessUrlHelper->getCurrent();
 
         $anonymousUserId = $this->getOrCreateAnonymousUserId($userIp);
         if (null !== $anonymousUserId) {
@@ -70,7 +73,7 @@ public function onKernelRequest(RequestEvent $event): void
                     'picture_uri' => $user->getPictureUri(),
                     'status' => $user->getStatus(),
                     'active' => $user->isActive(),
-                    'auth_source' => $user->getAuthSource(),
+                    'auth_sources' => $user->getAuthSourcesAuthentications($accessUrl),
                     'theme' => $user->getTheme(),
                     'language' => $user->getLocale(),
                     'created_at' => $user->getCreatedAt()->format('Y-m-d H:i:s'),
diff --git a/src/CoreBundle/Migrations/Schema/V200/Version20250221113400.php b/src/CoreBundle/Migrations/Schema/V200/Version20250221113400.php
new file mode 100644
index 00000000000..1a0ab16dec8
--- /dev/null
+++ b/src/CoreBundle/Migrations/Schema/V200/Version20250221113400.php
@@ -0,0 +1,46 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Migrations\Schema\V200;
+
+use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
+use Doctrine\DBAL\Schema\Schema;
+
+class Version20250221113400 extends AbstractMigrationChamilo
+{
+    public function getDescription(): string
+    {
+        return 'Extend the user.auth_source field';
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function up(Schema $schema): void
+    {
+        $this->addSql('CREATE TABLE user_auth_source (id INT AUTO_INCREMENT NOT NULL, url_id INT NOT NULL, user_id INT NOT NULL, authentication VARCHAR(255) NOT NULL, INDEX IDX_D632110481CFDAE7 (url_id), INDEX IDX_D6321104A76ED395 (user_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8mb4 COLLATE `utf8mb4_unicode_ci` ENGINE = InnoDB ROW_FORMAT = DYNAMIC');
+        $this->addSql('ALTER TABLE user_auth_source ADD CONSTRAINT FK_D632110481CFDAE7 FOREIGN KEY (url_id) REFERENCES access_url (id)');
+        $this->addSql('ALTER TABLE user_auth_source ADD CONSTRAINT FK_D6321104A76ED395 FOREIGN KEY (user_id) REFERENCES user (id)');
+
+        $rows = $this->connection
+            ->executeQuery(
+                'SELECT u.id user_id, u.auth_source authentication, uru.access_url_id url_id
+                    FROM user u LEFT JOIN  access_url_rel_user uru ON u.id = uru.user_id'
+            )
+            ->fetchAllAssociative();
+
+        foreach ($rows as $row) {
+            $row['url_id'] ??= 1;
+
+            $this->addSql(
+                'INSERT INTO user_auth_source (user_id, authentication, url_id) VALUES (:user_id, :authentication, :url_id)',
+                $row
+            );
+        }
+
+        $this->addSql('ALTER TABLE user DROP auth_source');
+    }
+}
diff --git a/src/CoreBundle/Repository/UserAuthSourceRepository.php b/src/CoreBundle/Repository/UserAuthSourceRepository.php
new file mode 100644
index 00000000000..162091f8278
--- /dev/null
+++ b/src/CoreBundle/Repository/UserAuthSourceRepository.php
@@ -0,0 +1,22 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Repository;
+
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
+use Doctrine\Persistence\ManagerRegistry;
+
+/**
+ * @extends ServiceEntityRepository<UserAuthSource>
+ */
+class UserAuthSourceRepository extends ServiceEntityRepository
+{
+    public function __construct(ManagerRegistry $registry)
+    {
+        parent::__construct($registry, UserAuthSource::class);
+    }
+}
diff --git a/src/CoreBundle/Security/Authenticator/OAuth2/GenericAuthenticator.php b/src/CoreBundle/Security/Authenticator/OAuth2/GenericAuthenticator.php
index bb87d3b5da3..8be44928efb 100644
--- a/src/CoreBundle/Security/Authenticator/OAuth2/GenericAuthenticator.php
+++ b/src/CoreBundle/Security/Authenticator/OAuth2/GenericAuthenticator.php
@@ -9,6 +9,7 @@
 use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\AccessUrlRelUser;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Repository\ExtraFieldRepository;
 use Chamilo\CoreBundle\Repository\ExtraFieldValuesRepository;
 use Chamilo\CoreBundle\Repository\Node\AccessUrlRepository;
@@ -91,7 +92,7 @@ protected function userLoader(AccessToken $accessToken): User
             /** @var User $user */
             $user = $this->userRepository->findOneBy(['username' => $username]);
 
-            if (!$user || 'platform' !== $user->getAuthSource()) {
+            if (!$user || $user->hasAuthSourceByAuthentication(UserAuthSource::PLATFORM)) {
                 if (!$providerParams['allow_create_new_users']) {
                     throw new AuthenticationException('This user doesn\'t have an account yet and auto-provisioning is not enabled. Please contact this portal administration team to request access.');
                 }
diff --git a/src/CoreBundle/ServiceHelper/AuthenticationConfigHelper.php b/src/CoreBundle/ServiceHelper/AuthenticationConfigHelper.php
index c4c5a95c585..a126499dcc5 100644
--- a/src/CoreBundle/ServiceHelper/AuthenticationConfigHelper.php
+++ b/src/CoreBundle/ServiceHelper/AuthenticationConfigHelper.php
@@ -7,6 +7,7 @@
 namespace Chamilo\CoreBundle\ServiceHelper;
 
 use Chamilo\CoreBundle\Entity\AccessUrl;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use InvalidArgumentException;
 use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@@ -62,26 +63,50 @@ public function getEnabledOAuthProviders(?AccessUrl $url = null): array
         return $enabledProviders;
     }
 
-    private function getOAuthProvidersForUrl(?AccessUrl $url): array
+    public function getAuthSources(?AccessUrl $url)
     {
-        $urlId = $url ? $url->getId() : $this->urlHelper->getCurrent()->getId();
+        $urlId = $url ?: $this->urlHelper->getCurrent();
 
         $authentication = $this->parameterBag->has('authentication')
             ? $this->parameterBag->get('authentication')
             : [];
 
-        if (isset($authentication[$urlId]['oauth2'])) {
-            return $authentication[$urlId]['oauth2'];
+        if (isset($authentication[$urlId->getId()])) {
+            return $authentication[$urlId->getId()];
         }
 
-        if (isset($authentication['default']['oauth2'])) {
-            return $authentication['default']['oauth2'];
+        if (isset($authentication['default'])) {
+            return $authentication['default'];
         }
 
         return [];
     }
 
-    public function getProviderOptions(string $providerType, array $config): array
+    /**
+     * @return array<string, array<string, mixed>>
+     */
+    private function getOAuthProvidersForUrl(?AccessUrl $url): array
+    {
+        $authentication = $this->getAuthSources($url);
+
+        if (isset($authentication['oauth2'])) {
+            return $authentication['oauth2'];
+        }
+
+        return [];
+    }
+
+    /**
+     * @return array<int, string>
+     */
+    public function getAuthSourceAuthentications(?AccessUrl $url): array
+    {
+        $authSources = $this->getAuthSources($url);
+
+        return [UserAuthSource::PLATFORM, ...array_keys($authSources)];
+    }
+
+    public function getOAuthProviderOptions(string $providerType, array $config): array
     {
         $defaults = match ($providerType) {
             'generic' => [
diff --git a/tests/datafiller/fill_many_users.php b/tests/datafiller/fill_many_users.php
index d4a745eba6f..6af24c2093e 100755
--- a/tests/datafiller/fill_many_users.php
+++ b/tests/datafiller/fill_many_users.php
@@ -43,7 +43,7 @@ function fill_many_users($num)
                 null,
                 null,
                 null,
-                $user['auth_source'],
+                [$user['auth_source']],
                 null,
                 $user['active']
             );
diff --git a/tests/datafiller/fill_users.php b/tests/datafiller/fill_users.php
index a5d9c636da3..0a48363f503 100755
--- a/tests/datafiller/fill_users.php
+++ b/tests/datafiller/fill_users.php
@@ -31,7 +31,7 @@ function fill_users()
             null,
             null,
             null,
-            $user['auth_source'],
+            [$user['auth_source']],
             null,
             $user['active']
         );