mirrored from git://git.moodle.org/moodle.git
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDL-9399 auth/ldap: Add NTLM SSO pages
These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures.
- Loading branch information
martinlanghoff
committed
Nov 14, 2007
1 parent
94beeb7
commit bdadff3
Showing
3 changed files
with
102 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<?php | ||
|
||
require_once("../../config.php"); | ||
|
||
//HTTPS is potentially required in this page | ||
httpsrequired(); | ||
|
||
/// Define variables used in page | ||
if (!$site = get_site()) { | ||
error("No site found!"); | ||
} | ||
|
||
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence | ||
if (!in_array('ldap',$authsequence,true)) { | ||
print_error('ldap_isdisabled','auth'); | ||
} | ||
|
||
$authplugin = get_auth_plugin('ldap'); | ||
if (empty($authplugin->config->ntlmsso_enabled)) { | ||
print_error('ntlmsso_isdisabled','auth'); | ||
} | ||
|
||
$sesskey = sesskey(); | ||
|
||
//print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, '', true); | ||
$msg = '<p>Attempting SSO...</p>' | ||
. '<img width="1", height="1" ' | ||
. ' src="' . $CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey=' | ||
. $sesskey . '" />'; | ||
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3); | ||
|
||
|
||
|
||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?php | ||
|
||
require_once("../../config.php"); | ||
|
||
//HTTPS is potentially required in this page | ||
httpsrequired(); | ||
|
||
/// Define variables used in page | ||
if (!$site = get_site()) { | ||
error("No site found!"); | ||
} | ||
|
||
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence | ||
if (!in_array('ldap',$authsequence,true)) { | ||
print_error('ldap_isdisabled','auth'); | ||
} | ||
|
||
$authplugin = get_auth_plugin('ldap'); | ||
if (empty($authplugin->config->ntlmsso_enabled)) { | ||
print_error('ntlmsso_isdisabled','auth'); | ||
} | ||
|
||
// If ntlmsso_finish() succeeds, then the code never returns, | ||
// so we only worry about failure. | ||
if (!$authplugin->ntlmsso_finish()) { | ||
// Redirect to login, saying "don't try again!" | ||
redirect($CFG->wwwroot . '/login/index.php?authldap_skipntlmsso=1', | ||
"Single Sign On failed, proceed to normal login", 3); | ||
} | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
<?php | ||
|
||
// Disable session handling here? | ||
require_once("../../config.php"); | ||
session_write_close(); | ||
|
||
//HTTPS is potentially required in this page | ||
httpsrequired(); | ||
|
||
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence | ||
if (!in_array('ldap',$authsequence,true)) { | ||
print_error('ldap_isdisabled','auth'); | ||
} | ||
|
||
$authplugin = get_auth_plugin('ldap'); | ||
if (empty($authplugin->config->ntlmsso_enabled)) { | ||
print_error('ntlmsso_isdisabled','auth'); | ||
} | ||
|
||
$sesskey = required_param('sesskey', PARAM_RAW); | ||
if ($authplugin->ntlmsso_magic($sesskey)) { | ||
// Serve GIF | ||
$file = $CFG->dirroot . '/pix/spacer.gif'; | ||
|
||
// Type | ||
header('Content-Type: image/gif'); | ||
header('Content-Length: '.filesize($file)); | ||
|
||
// Output file | ||
$handle=fopen($file,'r'); | ||
fpassthru($handle); | ||
fclose($handle); | ||
exit; | ||
} else { | ||
print_error('ntlmsso_iwamagicnotenabled','auth'); | ||
} | ||
|
||
?> |