SSO moodle and binded url

SSO moodle and binded url

de Seb Cren -
Número de respuestas: 5

Dear,

I have bound 2 urls to access to my moodle platform.

Let's say http://moodle2.corp and https://moodle.corp.

Of course, I adapt the $CFG->wwwroot variable according to the URL I'm testing.

If I try to access it through https://moodle2.corp, the sso works.

With the other one, it doesn't work.

Do you have any clue about what could avoid the SSO to operate when i pick up the moodle.corp url?

Regards

Promedio de valoraciones: -
En respuesta a Seb Cren

Re: SSO moodle and binded url

de Leon Stringer -
Foto de Core developers Foto de Particularly helpful Moodlers

You don't say which SSO mechanism you're using. But browsers restrict some functionality when HTTP (insecure) is in use, functionality which works with HTTPS (secure). From memory using NTLM for SSO with LDAP doesn't work with non-HTTPS sites because browsers won't perform the challenge/response over HTTP.

I'll also add that a Moodle site should have one URL only – e.g. https://moodle2.corp – and all user access should be via that URL. The docs explicitly say:

Do not try to set this with any PHP code that can generate a variable URL. This is not supported, can cause strange problems and will stop command line scripts working completely.

Promedio de valoraciones: -
En respuesta a Seb Cren

Re: SSO moodle and binded url

de Emma Richardson -
Foto de Documentation writers Foto de Particularly helpful Moodlers Foto de Plugin developers
In addition to Leon's comments, do you have your sso set up to work with both urls? How do you expect this to work when you go live?
Promedio de valoraciones: -
En respuesta a Emma Richardson

Re: SSO moodle and binded url

de Seb Cren -
Well I think it's the point, but I do not see how to setup a sso for an url. I mean, If I switch completely to https://moodle.corp the sso doesn't work whereas it works for https://moodle2.corp.

In fact we'd just want https://moodle.corp to work (and only this one).
Promedio de valoraciones: -
En respuesta a Seb Cren

Re: SSO moodle and binded url

de Seb Cren -
I'll try to clarify my issue.

I try to access to moodle using the url: https://moodle.corp

I locate the issue in the webpage ntlmsso_attempt.php. During the $msg instanciation:

$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'
    . '<img width="1", height="1" '
    . ' src="' . $CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
    . $sesskey . '" />';
echo ($msg);
//redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);

I see in my webpage:
<p>Attempting Single Sign On via NTLM...</p><img width="1", height="1" src="https://moodle.corp/auth/ldap/ntlmsso_magic.php?sesskey=O6nbc1ZTxV" />

If i click on that link, I'm prompted for entering credentials:
Moodle sso prompt

And in the browser I have a 401 error.

If I simply use another url, that I switch in the config.php file, binded on the same website, everything turn well, I'm not prompted.

Is there any other configuration that I'm missing?
Promedio de valoraciones: -