Details
-
Type:
Improvement
-
Status:
Open
-
Priority:
Trivial
-
Resolution: Unresolved
-
Affects Version/s: 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6
-
Fix Version/s: STABLE backlog
-
Component/s: Authentication
-
Labels:None
-
Difficulty:Easy
-
Affected Branches:MOODLE_19_STABLE
Description
LDAP Auth plug-in -> auth.php -> function loginpage_hook() :
actual code in ntlm sso branche :
// Now start the whole NTLM machinery.
if(!empty($this->config->ntlmsso_ie_fastpath)) {
// Shortcut for IE browsers: skip the attempt page at all
if(check_browser_version('MSIE')) {
$sesskey = sesskey();
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
} else {
redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
}
} else {
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
}
If IE fast path is enabled, we lose the ability to connect to moodle by sso from firefox or other browsers that supports it. Is there a reason to ?
If IE fast path is enabled and the active browser is not IE, we can force the configuration ntlmsso_ie_fastpath flag to false and then not skip ntlm sso.
Here is a piece of code of what it can be :
// Now start the whole NTLM machinery.
if(!empty($this->config->ntlmsso_ie_fastpath)) {
// Shortcut for IE browsers: skip the attempt page at all
if(check_browser_version('MSIE')) { $sesskey = sesskey(); redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey); } } else {
$this->config->ntlmsso_ie_fastpath = 0;
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
}
} else {
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
}
Then if the active browser don't support ntlm sso, the authentication process go on the normal way.
What do you think about ?
Activity
- All
- Comments
- History
- Activity
- Source
- Test Sessions
