Permalink
Browse files

NTLM SSO: MDL-13760 Speed up ntlm sign on with conditional redirect f…

…or msie

Provides an option, configurable by admin, to make the ntlm test happen
only if MSIE is not used. This speeds things up for IE.
  • Loading branch information...
1 parent f8102d9 commit b65da94dd72abfd19df46954dff77cd44bdc9bae iarenaza committed Feb 14, 2009
Showing with 36 additions and 2 deletions.
  1. +14 −1 auth/ldap/auth.php
  2. +13 −0 auth/ldap/config.html
  3. +7 −1 auth/ldap/ntlmsso_magic.php
  4. +2 −0 lang/en_utf8/auth.php
View
@@ -1840,7 +1840,17 @@ function loginpage_hook() {
}
// Now start the whole NTLM machinery.
- redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
+ if(!empty($this->config->ntlmsso_ie_fastpath)) {
+ // Shortcut for IE browsers: skip the attempt page at all
+ if(check_browser_version('MSIE')) {
+ $sesskey = sesskey();
+ redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
+ } else {
+ redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
+ }
+ } else {
+ redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
+ }
}
// No NTLM SSO, Use the normal login page instead.
@@ -2041,6 +2051,8 @@ function process_config($config) {
{$config->ntlmsso_enabled = 0; }
if (!isset($config->ntlmsso_subnet))
{$config->ntlmsso_subnet = ''; }
+ if (!isset($config->ntlmsso_ie_fastpath))
+ {$config->ntlmsso_ie_fastpath = 0; }
// save settings
set_config('host_url', $config->host_url, 'auth/ldap');
@@ -2073,6 +2085,7 @@ function process_config($config) {
set_config('removeuser', $config->removeuser, 'auth/ldap');
set_config('ntlmsso_enabled', (int)$config->ntlmsso_enabled, 'auth/ldap');
set_config('ntlmsso_subnet', $config->ntlmsso_subnet, 'auth/ldap');
+ set_config('ntlmsso_ie_fastpath', (int)$config->ntlmsso_ie_fastpath, 'auth/ldap');
return true;
}
View
@@ -59,6 +59,8 @@
{$config->ntlmsso_enabled = 0; }
if (!isset($config->ntlmsso_subnet))
{$config->ntlmsso_subnet = ''; }
+ if (!isset($config->ntlmsso_ie_fastpath))
+ {$config->ntlmsso_ie_fastpath = 0; }
$yesno = array( get_string('no'), get_string('yes') );
@@ -468,6 +470,17 @@
<?php print_string('auth_ntlmsso_subnet','auth') ?>
</td>
</tr>
+<tr valign="top">
+ <td align="right"><label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key','auth') ?></label></td>
+ <td>
+ <?php
+ choose_from_menu($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath, '0');
+ ?>
+ </td>
+ <td>
+ <?php print_string('auth_ntlmsso_ie_fastpath','auth') ?>
+ </td>
+</tr>
<?php
@@ -27,6 +27,12 @@
if ($authplugin->ntlmsso_magic($sesskey)
&& file_exists($file)) {
+ if (!empty($authplugin->config->ntlmsso_ie_fastpath)) {
+ if (check_browser_version('MSIE')) {
+ redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php');
+ }
+ }
+
// Serve GIF
// Type
header('Content-Type: image/gif');
@@ -41,4 +47,4 @@
print_error('ntlmsso_iwamagicnotenabled','auth');
}
-?>
+?>
@@ -252,6 +252,8 @@
$string['auth_ntlmsso'] = 'NTLM SSO';
$string['auth_ntlmsso_enabled_key'] = 'Enable';
$string['auth_ntlmsso_enabled'] = 'Set to yes to attempt Single Sign On with the NTLM domain. <strong>Note:</strong> this requires additional setup on the webserver to work, see <a href=\"http://docs.moodle.org/en/NTLM_authentication\">http://docs.moodle.org/en/NTLM_authentication</a>';
+$string['auth_ntlmsso_ie_fastpath'] = 'Set to yes to enable the NTLM SSO fast path (bypasses certain steps and only works if the client\'s browser is MS Internet Explorer).';
+$string['auth_ntlmsso_ie_fastpath_key'] = 'MS IE fast path?';
$string['auth_ntlmsso_subnet_key'] = 'Subnet';
$string['auth_ntlmsso_subnet'] = 'If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask';
$string['ntlmsso_attempting'] = 'Attempting Single Sign On via NTLM...';

0 comments on commit b65da94

Please sign in to comment.