Authentication

 
 
Picture of Mitch Douglas
LDAP auth not accessible outside of college
 

We have a system whereby we use SSO and LDAP to authenticate/log in users for our Moodle while in college. Outside of college however they get a pop-up box asking for their username, which requires typing in both the username and the domain name to log in. Any ideas how I can just send users to the regular login page when attempting to access the server outside of our network?

Thanks in advance for any help.

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: LDAP auth not accessible outside of college
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Make sure you specify the college internal IP subnets in "Site administration >> Plugins >> Authentication >> LDAP server" (see 'Subnet' parameter).

Moodle will only attempt the SSO login if the client is coming from one of those subnets. If you are using some sort of reverse proxy for the external connections to your Moodle site, make sure you exclude the IP address of the reverse proxy from the allowed subnets (otherwise Moodle will think external clients are coming from the allowed internal subnets).

Saludos. Iñaki.

 
Average of ratings: -
Picture of Mitch Douglas
Re: LDAP auth not accessible outside of college
 

I don't believe it's the SSO. The box that is popping up outside of college access is a completely separate box not related to the Moodle system. It is esentially a dialogue login box that you would get when attempting to log into other web-based systems through Windows.

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: LDAP auth not accessible outside of college
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

That's exactly the kind of dialog box you get when you try to SSO using NTLM/Kerberos to a web site that is not part of your IE intranet zone or trusted zone (i.e., when you are "outside of collegue").

Saludos. Iñaki.

 
Average of ratings: -
Picture of Mitch Douglas
Re: LDAP auth not accessible outside of college
 

I relayed this quote to our network manager, he replied with the following;

"Why are we trying to use SSO from outside college? We have no control over the home users’ IE settings"

I assume this might mean that SSO is being used outside of our network. Anyway to get SSO to only work internally?

 
Average of ratings: -
Picture of Iñaki Arenaza
Re: LDAP auth not accessible outside of college
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

As I said before, make sure you specify the college internal IP subnets in "Site administration >> Plugins >> Authentication >> LDAP server" (see 'Subnet' parameter).

Saludos. Iñaki.

 
Average of ratings: -