Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000003Active Directory IntegrationGeneralpublic2011-02-18 13:542012-02-09 14:36
Reportercst 
Assigned Tocst 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000003: Automated login from Windows credentials
DescriptionOriginal request by Terry Moore[wirefly@hotmail.co.uk]:

Hello - I have recently set up plugin 0.9.9 on wp 3.0.1 on IIS6/Win 2003 server. Integration is working but it seems that users still need to initially login to the system for the account to be created. Is this by design ? If so, is there a way this can be modified so AD users are automatically authenticated when they attempt to access a secure page ? I did check on the WP forum for this but was unable to find an answer, although this was recently raised by another user:

http://wordpress.org/support/topic/plugin-active-directory-integration-automated-login-from-windows-credentials [^]

[..]

Many thanks for your time -

Terry Moore
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000062)
mircea.t (reporter)
2011-06-26 18:56

Hello,

I'm looking for same feature, it is possible with Active Directory Integration plugin? Windows 2003 Server, IIS6
(0000083)
cst (administrator)
2012-01-19 11:18

Work on this was started yesterday.

We have to look for $_SERVER["LOGON_USER"]. If this is set, we get the Username and the NETBIOS name of the domain - not the DNS name of the domain (FQDN) itself. Example: DNS name is "adi.local" but the NETBIOS name is "ADI". $_SERVER["LOGON_USER"] will contain "ADI\johndoe". So we need to map "ADI" to "adi.local" and append this to the username "johndoe" so we get "johndoe@adi.local" as the user.
Now we have the user but not his password. We will never get it. So we need a special LDAP User, like the Bulk Import User or the Sync Back User who has the right to read all information of our users from AD. The password of the SSO user will be stored encrypted.

New Options on a new tab labled "SSO":
1. Use Single Sign On (SSO): protected $_sso_enabled = false; // AD_Integration_sso_enabled
2. NETBIOS to domain mapping: protected $_sso_netbios_mapping = ""; // AD_Integration_sso_netbios_mapping
3. SSO LDAP User: protected $_sso_user = ""; // AD_Integration_sso_user
4. SSO LDAP Password: protected $_sso_pwd = ""; // AD_Integration_sso_pwd
(0000084)
cst (administrator)
2012-01-19 11:31

If sso is enabled ($_sso_enabled) ADI will look if the user is logged in. If not and $_SERVER["LOGON_USER"] ADI tries to authenticate/authorize the user using the SSO User to connect to AD. If the user is authenticated and authorized to log in, we set the needed values in WordPress:

$user_login = substr($_SERVER['LOGON_USER'], strrpos($_SERVER['LOGON_USER'],'\\')+1, strlen($_SERVER['LOGON_USER'])-strrpos($_SERVER['LOGON_USER'],'\\'));

$user = get_userdatabylogin($user_login); // TODO: deprecated
$user_id = $user->ID;
wp_set_current_user($user_id, $user_login);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_login);
(0000088)
cst (administrator)
2012-02-09 14:36

I'll add a new tab called "SSO" to the options page where all needed options can be set.

- Issue History
Date Modified Username Field Change
2011-02-18 13:54 cst New Issue
2011-02-18 13:54 cst Status new => assigned
2011-02-18 13:54 cst Assigned To => cst
2011-06-26 18:56 mircea.t Note Added: 0000062
2012-01-19 11:18 cst Note Added: 0000083
2012-01-19 11:31 cst Note Added: 0000084
2012-02-09 14:36 cst Note Added: 0000088


Copyright © 2000 - 2010 MantisBT Group
Powered by Mantis Bugtracker