moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

NTLM SSO: MDL-13760 Speed up ntlm sign on with conditional redirect for msie

Browse source 
Provides an option, configurable by admin, to make the ntlm test happen
only if MSIE is not used. This speeds things up for IE.
This commit is contained in:
iarenaza 2009-02-14 16:21:58 +00:00
parent 4194d32185
commit 16ceeb6436
4 changed files with 36 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
auth/ldap/auth.php
View file

@ -1793,7 +1793,17 @@ class auth_plugin_ldap extends auth_plugin_base {
}
// Now start the whole NTLM machinery.
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
if(!empty($this->config->ntlmsso_ie_fastpath)) {
// Shortcut for IE browsers: skip the attempt page at all
if(check_browser_version('MSIE')) {
$sesskey = sesskey();
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
} else {
redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
}
} else {
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
}
}
// No NTLM SSO, Use the normal login page instead.
@ -1994,6 +2004,8 @@ class auth_plugin_ldap extends auth_plugin_base {
{$config->ntlmsso_enabled = 0; }
if (!isset($config->ntlmsso_subnet))
{$config->ntlmsso_subnet = ''; }
if (!isset($config->ntlmsso_ie_fastpath))
{$config->ntlmsso_ie_fastpath = 0; }
// save settings
set_config('host_url', $config->host_url, 'auth/ldap');
@ -2026,6 +2038,7 @@ class auth_plugin_ldap extends auth_plugin_base {
set_config('removeuser', $config->removeuser, 'auth/ldap');
set_config('ntlmsso_enabled', (int)$config->ntlmsso_enabled, 'auth/ldap');
set_config('ntlmsso_subnet', $config->ntlmsso_subnet, 'auth/ldap');
set_config('ntlmsso_ie_fastpath', (int)$config->ntlmsso_ie_fastpath, 'auth/ldap');
return true;
}

13
auth/ldap/config.html
View file

@ -59,6 +59,8 @@
{$config->ntlmsso_enabled = 0; }
if (!isset($config->ntlmsso_subnet))
{$config->ntlmsso_subnet = ''; }
if (!isset($config->ntlmsso_ie_fastpath))
{$config->ntlmsso_ie_fastpath = 0; }
$yesno = array( get_string('no'), get_string('yes') );
@ -468,6 +470,17 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
<?php print_string('auth_ntlmsso_subnet','auth') ?>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key','auth') ?></label></td>
<td>
<?php
choose_from_menu($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath, '0');
?>
</td>
<td>
<?php print_string('auth_ntlmsso_ie_fastpath','auth') ?>
</td>
</tr>
<?php

8
auth/ldap/ntlmsso_magic.php
View file

@ -27,6 +27,12 @@ $file = $CFG->dirroot . '/pix/spacer.gif';
if ($authplugin->ntlmsso_magic($sesskey)
&& file_exists($file)) {
if (!empty($authplugin->config->ntlmsso_ie_fastpath)) {
if (check_browser_version('MSIE')) {
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php');
}
}
// Serve GIF
// Type
header('Content-Type: image/gif');
@ -41,4 +47,4 @@ if ($authplugin->ntlmsso_magic($sesskey)
print_error('ntlmsso_iwamagicnotenabled','auth');
}
?>
?>

2
lang/en_utf8/auth.php
View file

@ -253,6 +253,8 @@ $string['auth_ldapnotinstalled'] = 'Cannot use LDAP authentication. The PHP LDAP
$string['auth_ntlmsso'] = 'NTLM SSO';
$string['auth_ntlmsso_enabled_key'] = 'Enable';
$string['auth_ntlmsso_enabled'] = 'Set to yes to attempt Single Sign On with the NTLM domain. <strong>Note:</strong> this requires additional setup on the webserver to work, see <a href=\"http://docs.moodle.org/en/NTLM_authentication\">http://docs.moodle.org/en/NTLM_authentication</a>';
$string['auth_ntlmsso_ie_fastpath'] = 'Set to yes to enable the NTLM SSO fast path (bypasses certain steps and only works if the client\'s browser is MS Internet Explorer).';
$string['auth_ntlmsso_ie_fastpath_key'] = 'MS IE fast path?';
$string['auth_ntlmsso_subnet_key'] = 'Subnet';
$string['auth_ntlmsso_subnet'] = 'If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask';
$string['ntlmsso_attempting'] = 'Attempting Single Sign On via NTLM...';