All appeared fine and dandy on initial testing. However I was expecting it to work differently once we put all our IP/Subnet masks. Correct me If i'm wrong, but me and the network admin, were under the assumption that once users goto the moodle home page they would automatically be logged in if they were within the subnet, without having to click login.
also - for users working outside of the subnet, that it should not attempt SSO?- it seems to loop and not ever give you a chance to enter credentials or present with the original login page.
Is there some setting I'm missing, please advise, or is this how it's supposed to work?
From memory (looked at this a few months back, then decided Shibboleth would be smarter for us):
- It doesn't SSO you when you hit the homepage - you have to hit wwwroot/login/ for it to try SSO if it picks up you're in the right subnet.
- If it fails, you should get the option to login manually (a link to the form).
- Bear in mind there is a link to skip the SSO login (you need this to login as admin and any manual user):
Hi David thanks for the response,
The problem is that the SSO, tries regardless whether their in the subnet or not, and the /login/index.php?authldap_skipntlmsso=1 doesnt seem to bypass the SSO attempt and doesn't present with the traditional login screen. What is the url of the traditional login screen?
At the moment it's fine if your in the subnet and get logged in, but external is a right pain, with the SSO loop and no bypass link or alternate login form working.
once I've worked this out, I guess I can use the 'Force Login' in Site policies, to redirect users to wwwroot/login/, don't wanna do that till I've got the alternate login working properly though!!
Thanks, anybody else got any ideas?
Just tested again on my Mac (see image), (not in subnet) and when I click login, it brings up the login box, over the top of ntlmsso_attempt, which is looping with ntlmsso_finish while I try and login manually, I click login and nothing happens, just tries the sso and fails and loops over and over,
I've also tried loading up the https://vle.exe-coll.ac.uk/vle/login/index.php?authldap_skipntlmsso=1 which gives the same result,
weird, surely it should stop attempting and looping, and either redirect to a login page or let me login with the manual box provided?
The FFTMG settings I couldn't tell, you our admins did that (and when he tried to do a settings export it wasn't a nice XML thing so we couldn't be sure it was free of sensitive information, hence not sharing it).
We tried to get it to run behind FFTMG before to no avail, (or should I say the Systems Admin team did, before I arrived at Exeter) It is an internal virtual server (I believe to be in the AD domain).
Anyway, we managed to fix the problem- such a small thing, moodle was being fussy about the subnets format when we entered them as xxx.xx.x.x/255.255.0, etc so instead I thought I'd give a stab at entering them as CIDR notation, bingo all working fine!
Have set the Site Policy to 'Force Login' therefore any moodle page that is loaded, it starts the NTLM auth process and either logs you in, or redirects to the default login/index.php!
it's always the overlooked small things isnt it!