We are currently facing issues with the LDAP authentication plugin since we updated moodle from 4.1.0 to 4.4.2.
TL;DR
The auth plugin performs a redirect with a message attached. That message contains markup that needs to be rendered as a notification so that the authentication procedure can succeed. However, the theme's redirect_message (see core_renderer.php or down below) function ignores the message and no notification is rendered. Therefore the authentication fails. Interestingly the core_renderer base class does indeed render notifications. The theme overrides that behavior and does not render notifications at all. Why is that?
Long version
First of all, you may wonder why this should be related to this theme. I am not entirely sure whether this is related to the theme or not, but i traced the issue down to the way notifications are rendered when a redirect is issued and a message is attached. Apparently, the function redirect($msg, $message, $delay, ...) in weblib.php calls the renderer's redirect_message function. In this case the theme's core renderer implementation does not handle the message at all, as you can see here:
https://github.com/willianmano/moodle-theme_moove/blob/571b74a7b879e30f594df3965596310e57a26909/classes/output/core_renderer.php#L502-L543
I am not sure if the theme is supposed to render the notifications, but the base class definetely does. The notification contains an image tag that references the corresponding PHP script that authenticates the session. In detail this is what happens:
/login redirects to /auth/ldap/ntlmsso_attempt.php
ntlmsso_attempt.php calls weblib.php->redirect("...ntlmsso_finish.php", $msg) with msg being of the following form
We are currently facing issues with the LDAP authentication plugin since we updated moodle from 4.1.0 to 4.4.2.
TL;DR
The auth plugin performs a redirect with a message attached. That message contains markup that needs to be rendered as a notification so that the authentication procedure can succeed. However, the theme's
redirect_message
(seecore_renderer.php
or down below) function ignores the message and no notification is rendered. Therefore the authentication fails. Interestingly thecore_renderer
base class does indeed render notifications. The theme overrides that behavior and does not render notifications at all. Why is that?Long version
First of all, you may wonder why this should be related to this theme. I am not entirely sure whether this is related to the theme or not, but i traced the issue down to the way notifications are rendered when a redirect is issued and a message is attached. Apparently, the function
redirect($msg, $message, $delay, ...)
inweblib.php
calls the renderer'sredirect_message
function. In this case the theme's core renderer implementation does not handle the message at all, as you can see here: https://github.com/willianmano/moodle-theme_moove/blob/571b74a7b879e30f594df3965596310e57a26909/classes/output/core_renderer.php#L502-L543I am not sure if the theme is supposed to render the notifications, but the base class definetely does. The notification contains an image tag that references the corresponding PHP script that authenticates the session. In detail this is what happens:
/auth/ldap/ntlmsso_attempt.php
ntlmsso_attempt.php
callsweblib.php->redirect("...ntlmsso_finish.php", $msg)
with msg being of the following formredirect_message
method, but the message is not handled in therePossible workaround
To "fix" this we can simply add the following line in
core_renderer.php -> redirect_message
: