ldap sso without ntlm

ldap sso without ntlm

by Robert Thomas -
Number of replies: 3

Hello all,

I apologize if this is a repeat. At the company I work at, we use ldap to authenticate log ins for applications and AD for authentication getting into our machines. I have ldap working perfectly with moodle. However, I'm curious about SSO. For moodle is NTLM or AD required for SSO? I'm kinda confused there. I had to set the default user type setting up ldap, MS-AD wouldn't work. If I want SSO, what do I do? We have a portal application that has SSO to other applications. I would like to be able to let moodle log in from there. Please advise.

Average of ratings: -
In reply to Robert Thomas

Re: ldap sso without ntlm

by Jamie Kramer -

In my experience your best bet for AD SSO is going to be ADFS (Active Directory Federation Services), in conjunction with the SAML authentication plugin.


Alternatively you can use the LDAP authentication plugin, however that will not provide SSO. It requires users to log in with their AD username/password.


Using ADFS with SAML would allow for true SSO.


There is also the NTLM SSO built into the LDAP authentication module. I can't speak to the effectiveness of this but I think it may only work well in specific scenarios, such as requirement that users use IE.

I hope the suggestion on ADFS might give you a good start!

Jamie

Average of ratings: -
In reply to Robert Thomas

Re: ldap sso without ntlm

by Sam Stevens -

Documentation page on this. https://docs.moodle.org/29/en/NTLM_authentication 

A simple google of moodle NTLM SSO returns a load of stuff as well.

Average of ratings: -
In reply to Sam Stevens

Re: ldap sso without ntlm

by Robert Thomas -
I get that but I wanted to know does NTLM require you to select the MS-AD usertype in LDAP configuration page?
Average of ratings: -