Moodle ntlm issue with IIS

Moodle ntlm issue with IIS

by Seb Cren -
Number of replies: 5

Dear,

It's a bit hopeless that i came to you.

I try to setup an SSO on moodle with my AD under IIS.

All my attempts failed, with a 404 error on ntlmsso_magic.php in the developper tools of the browser i used (the file is here and reachable).

I try this script:

<?php
if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
    echo "<p>NTLM authentication seems to be working. User: " . $_SERVER['REMOTE_USER'] . "</p>";
} else {
    echo '<p>NTLM is not working</p>';
}
?>

<?php

echo 'remote: '.$_SERVER['REMOTE_USER'];

?>

But the $_SERVER['REMOTE_USER'] remains empty, what does it means?

I suppose that is the point of my issues but anyway, I don't know how to get rid of this.

Best regards

Average of ratings: -
In reply to Seb Cren

Re: Moodle ntlm issue with IIS

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Once you've configured IIS so that auth/ldap/ntlmsso_magic.php has Anonymous Authentication disabled and Windows Authentication enabled then IIS should challenge the browser to obtain the authenticated user's details. You should see additional HTTP headers (WWW-Authenticate I think) for this in the response from IIS if you open your browser's development tools. From memory, IIS sends some status, presumably 401 Unauthorized, for the above URL and the browser should respond with a "negotiation" attempt to authenticate with IIS.

Of course, you'll have to configure IIS with the same authentication settings for your script too so that the authentication challenge and negotiation occurs.

Average of ratings: -
In reply to Leon Stringer

Re: Moodle ntlm issue with IIS

by Seb Cren -
Thanks Leon! Sure I forget for the script, but the $_SERVER['REMOTE_USER'] remains empty.
I've put the ntlmsso_magic.php in windows authentication only with NTLM on the top of the list. I did that too for attempt and finish pages, but my issue remain the same.

As you can see in that printscreen, the page still raise a 404 for an item called inside probably and I don't know which one:

Wouldn't be something on the php configuration?
Average of ratings: -
In reply to Seb Cren

Re: Moodle ntlm issue with IIS

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I'm pretty sure you shouldn't be getting 404 Not Found for auth/ldap/ntlmsso_magic.php, you should be getting 401 Unauthorized instead.

Can you add a screenshot of the authentication settings for auth/ldap/ntlmsso_magic.php in the IIS Manager console?

I can't rule out that this is a PHP configuration issue but I don't think so. These are the instructions I always followed for PHP and IIS. The points about which account is used for anonymous access (typically IUSR) and fastcgi.impersonate = 1 could be relevant.

Average of ratings: -
In reply to Leon Stringer

Re: Moodle ntlm issue with IIS

by Seb Cren -

Hello Leon,

Here are my settings:



I'll ensure that my IIS configuration is the same than you showed me.

Regards

Average of ratings: -
In reply to Seb Cren

Re: Moodle ntlm issue with IIS

by Seb Cren -
Leon, I found my issue. the iis sources weren't under c:\inetpub\wwwroot . I put them back in that folder and everything is working fine now. Thanks a lot for your help.
Average of ratings: -