SSO moodle and binded url

SSO moodle and binded url

by Seb Cren -
Number of replies: 5

Dear,

I have bound 2 urls to access to my moodle platform.

Let's say http://moodle2.corp and https://moodle.corp.

Of course, I adapt the $CFG->wwwroot variable according to the URL I'm testing.

If I try to access it through https://moodle2.corp, the sso works.

With the other one, it doesn't work.

Do you have any clue about what could avoid the SSO to operate when i pick up the moodle.corp url?

Regards

Average of ratings: -
In reply to Seb Cren

Re: SSO moodle and binded url

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

You don't say which SSO mechanism you're using. But browsers restrict some functionality when HTTP (insecure) is in use, functionality which works with HTTPS (secure). From memory using NTLM for SSO with LDAP doesn't work with non-HTTPS sites because browsers won't perform the challenge/response over HTTP.

I'll also add that a Moodle site should have one URL only – e.g. https://moodle2.corp – and all user access should be via that URL. The docs explicitly say:

Do not try to set this with any PHP code that can generate a variable URL. This is not supported, can cause strange problems and will stop command line scripts working completely.

Average of ratings: -
In reply to Leon Stringer

Re: SSO moodle and binded url

by Seb Cren -

Hello Leon,

I'm using https and the sso is the ldap connection available in the auth plugins menu.

Average of ratings: -
In reply to Seb Cren

Re: SSO moodle and binded url

by Emma Richardson -
Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Plugin developers
In addition to Leon's comments, do you have your sso set up to work with both urls? How do you expect this to work when you go live?
Average of ratings: -
In reply to Emma Richardson

Re: SSO moodle and binded url

by Seb Cren -
Well I think it's the point, but I do not see how to setup a sso for an url. I mean, If I switch completely to https://moodle.corp the sso doesn't work whereas it works for https://moodle2.corp.

In fact we'd just want https://moodle.corp to work (and only this one).
Average of ratings: -
In reply to Seb Cren

Re: SSO moodle and binded url

by Seb Cren -
I'll try to clarify my issue.

I try to access to moodle using the url: https://moodle.corp

I locate the issue in the webpage ntlmsso_attempt.php. During the $msg instanciation:

$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'
    . '<img width="1", height="1" '
    . ' src="' . $CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
    . $sesskey . '" />';
echo ($msg);
//redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);

I see in my webpage:
<p>Attempting Single Sign On via NTLM...</p><img width="1", height="1" src="https://moodle.corp/auth/ldap/ntlmsso_magic.php?sesskey=O6nbc1ZTxV" />

If i click on that link, I'm prompted for entering credentials:
Moodle sso prompt

And in the browser I have a 401 error.

If I simply use another url, that I switch in the config.php file, binded on the same website, everything turn well, I'm not prompted.

Is there any other configuration that I'm missing?
Average of ratings: -