From 16ceeb6436d268a602218c86612118d9f4428c8d Mon Sep 17 00:00:00 2001 From: iarenaza Date: Sat, 14 Feb 2009 16:21:58 +0000 Subject: [PATCH] NTLM SSO: MDL-13760 Speed up ntlm sign on with conditional redirect for msie Provides an option, configurable by admin, to make the ntlm test happen only if MSIE is not used. This speeds things up for IE. --- auth/ldap/auth.php | 15 ++++++++++++++- auth/ldap/config.html | 13 +++++++++++++ auth/ldap/ntlmsso_magic.php | 8 +++++++- lang/en_utf8/auth.php | 2 ++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 7376facd2a..1a178cfc7e 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -1793,7 +1793,17 @@ class auth_plugin_ldap extends auth_plugin_base { } // Now start the whole NTLM machinery. - redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php'); + if(!empty($this->config->ntlmsso_ie_fastpath)) { + // Shortcut for IE browsers: skip the attempt page at all + if(check_browser_version('MSIE')) { + $sesskey = sesskey(); + redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey); + } else { + redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1'); + } + } else { + redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php'); + } } // No NTLM SSO, Use the normal login page instead. @@ -1994,6 +2004,8 @@ class auth_plugin_ldap extends auth_plugin_base { {$config->ntlmsso_enabled = 0; } if (!isset($config->ntlmsso_subnet)) {$config->ntlmsso_subnet = ''; } + if (!isset($config->ntlmsso_ie_fastpath)) + {$config->ntlmsso_ie_fastpath = 0; } // save settings set_config('host_url', $config->host_url, 'auth/ldap'); @@ -2026,6 +2038,7 @@ class auth_plugin_ldap extends auth_plugin_base { set_config('removeuser', $config->removeuser, 'auth/ldap'); set_config('ntlmsso_enabled', (int)$config->ntlmsso_enabled, 'auth/ldap'); set_config('ntlmsso_subnet', $config->ntlmsso_subnet, 'auth/ldap'); + set_config('ntlmsso_ie_fastpath', (int)$config->ntlmsso_ie_fastpath, 'auth/ldap'); return true; } diff --git a/auth/ldap/config.html b/auth/ldap/config.html index e2b34fb36c..9783bd35e1 100644 --- a/auth/ldap/config.html +++ b/auth/ldap/config.html @@ -59,6 +59,8 @@ {$config->ntlmsso_enabled = 0; } if (!isset($config->ntlmsso_subnet)) {$config->ntlmsso_subnet = ''; } + if (!isset($config->ntlmsso_ie_fastpath)) + {$config->ntlmsso_ie_fastpath = 0; } $yesno = array( get_string('no'), get_string('yes') ); @@ -468,6 +470,17 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there? + + + + ntlmsso_ie_fastpath, '0'); + ?> + + + + + dirroot . '/pix/spacer.gif'; if ($authplugin->ntlmsso_magic($sesskey) && file_exists($file)) { + if (!empty($authplugin->config->ntlmsso_ie_fastpath)) { + if (check_browser_version('MSIE')) { + redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php'); + } + } + // Serve GIF // Type header('Content-Type: image/gif'); @@ -41,4 +47,4 @@ if ($authplugin->ntlmsso_magic($sesskey) print_error('ntlmsso_iwamagicnotenabled','auth'); } -?> \ No newline at end of file +?> diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php index 2224928b0f..ef4123cd12 100644 --- a/lang/en_utf8/auth.php +++ b/lang/en_utf8/auth.php @@ -253,6 +253,8 @@ $string['auth_ldapnotinstalled'] = 'Cannot use LDAP authentication. The PHP LDAP $string['auth_ntlmsso'] = 'NTLM SSO'; $string['auth_ntlmsso_enabled_key'] = 'Enable'; $string['auth_ntlmsso_enabled'] = 'Set to yes to attempt Single Sign On with the NTLM domain. Note: this requires additional setup on the webserver to work, see http://docs.moodle.org/en/NTLM_authentication'; +$string['auth_ntlmsso_ie_fastpath'] = 'Set to yes to enable the NTLM SSO fast path (bypasses certain steps and only works if the client\'s browser is MS Internet Explorer).'; +$string['auth_ntlmsso_ie_fastpath_key'] = 'MS IE fast path?'; $string['auth_ntlmsso_subnet_key'] = 'Subnet'; $string['auth_ntlmsso_subnet'] = 'If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask'; $string['ntlmsso_attempting'] = 'Attempting Single Sign On via NTLM...'; -- 2.39.5