NTLM SSO: MDL-13760 Speed up ntlm sign on with conditional redirect for msie

Provides an option, configurable by admin, to make the ntlm test happen
only if MSIE is not used. This speeds things up for IE.

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 7376facd2acfb3925127c711a66337aeea66e0df..1a178cfc7ec875802d89738018f4c624136a4c94 100644 (file)
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1793,7 +1793,17 @@ class auth_plugin_ldap extends auth_plugin_base {
             }
 
             // Now start the whole NTLM machinery.
-            redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
+            if(!empty($this->config->ntlmsso_ie_fastpath)) {
+                // Shortcut for IE browsers: skip the attempt page at all
+                if(check_browser_version('MSIE')) {
+                    $sesskey = sesskey();
+                    redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
+                } else {
+                    redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
+                }
+            } else {
+                redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
+            }
         }
  
         // No NTLM SSO, Use the normal login page instead.
@@ -1994,6 +2004,8 @@ class auth_plugin_ldap extends auth_plugin_base {
             {$config->ntlmsso_enabled = 0; }
         if (!isset($config->ntlmsso_subnet))
             {$config->ntlmsso_subnet = ''; }
+        if (!isset($config->ntlmsso_ie_fastpath))
+            {$config->ntlmsso_ie_fastpath = 0; }
 
         // save settings
         set_config('host_url', $config->host_url, 'auth/ldap');
@@ -2026,6 +2038,7 @@ class auth_plugin_ldap extends auth_plugin_base {
         set_config('removeuser', $config->removeuser, 'auth/ldap');
         set_config('ntlmsso_enabled', (int)$config->ntlmsso_enabled, 'auth/ldap');
         set_config('ntlmsso_subnet', $config->ntlmsso_subnet, 'auth/ldap');
+        set_config('ntlmsso_ie_fastpath', (int)$config->ntlmsso_ie_fastpath, 'auth/ldap');
 
         return true;
     }

diff --git a/auth/ldap/config.html b/auth/ldap/config.html
index e2b34fb36cef298a235c5d080d85a11237c73909..9783bd35e19cc18ce6023429553b2edc1ab9b637 100644 (file)
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@@ -59,6 +59,8 @@
         {$config->ntlmsso_enabled = 0; }
     if (!isset($config->ntlmsso_subnet))
         {$config->ntlmsso_subnet = ''; }
+    if (!isset($config->ntlmsso_ie_fastpath))
+        {$config->ntlmsso_ie_fastpath = 0; }
 
     $yesno = array( get_string('no'), get_string('yes') );
 
@@ -468,6 +470,17 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
     <?php print_string('auth_ntlmsso_subnet','auth') ?>
     </td>
 </tr>
+<tr valign="top">
+    <td align="right"><label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key','auth') ?></label></td>
+    <td>
+    <?php
+       choose_from_menu($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath, '0');
+    ?>
+    </td>
+    <td>
+    <?php print_string('auth_ntlmsso_ie_fastpath','auth') ?>
+    </td>
+</tr>
 
 <?php
 

diff --git a/auth/ldap/ntlmsso_magic.php b/auth/ldap/ntlmsso_magic.php
index fc1120e05efcfc89b4383501bbe464405abe0a0a..c04919a3f59c424c8a08f019caa87d02bc200d40 100644 (file)
--- a/auth/ldap/ntlmsso_magic.php
+++ b/auth/ldap/ntlmsso_magic.php
@@ -27,6 +27,12 @@ $file = $CFG->dirroot . '/pix/spacer.gif';
 if ($authplugin->ntlmsso_magic($sesskey) 
     && file_exists($file)) {
 
+    if (!empty($authplugin->config->ntlmsso_ie_fastpath)) {
+        if (check_browser_version('MSIE')) {
+            redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php');
+        }
+    } 
+
     // Serve GIF
     // Type
     header('Content-Type: image/gif');
@@ -41,4 +47,4 @@ if ($authplugin->ntlmsso_magic($sesskey)
     print_error('ntlmsso_iwamagicnotenabled','auth');
 }
 
-?>
\ No newline at end of file
+?>

diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php
index 2224928b0fde5c4efd58fe696b4f10d466862174..ef4123cd1217327f4969ffa9bf69ce03be32c6e4 100644 (file)
--- a/lang/en_utf8/auth.php
+++ b/lang/en_utf8/auth.php
@@ -253,6 +253,8 @@ $string['auth_ldapnotinstalled'] = 'Cannot use LDAP authentication. The PHP LDAP
 $string['auth_ntlmsso'] = 'NTLM SSO';
 $string['auth_ntlmsso_enabled_key'] = 'Enable';
 $string['auth_ntlmsso_enabled'] = 'Set to yes to attempt Single Sign On with the NTLM domain. <strong>Note:</strong> this requires additional setup on the webserver to work, see <a href=\"http://docs.moodle.org/en/NTLM_authentication\">http://docs.moodle.org/en/NTLM_authentication</a>';
+$string['auth_ntlmsso_ie_fastpath'] = 'Set to yes to enable the NTLM SSO fast path (bypasses certain steps and only works if the client\'s browser is MS Internet Explorer).';
+$string['auth_ntlmsso_ie_fastpath_key'] = 'MS IE fast path?';
 $string['auth_ntlmsso_subnet_key'] = 'Subnet';
 $string['auth_ntlmsso_subnet'] = 'If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask';
 $string['ntlmsso_attempting'] = 'Attempting Single Sign On via NTLM...';