Closed xperseguers closed 4 years ago
My case is a little different. In order to authenticate I need to strip off the domain name and get rid of it. For instance:
It looks like the patch above either allows not to alter anything or to strip the domain and assign it to $domain, instead.
Maybe one more configuration option (SSOStripOffDomainName ?) might be added so as to get what I need:
if (!Configuration::getValue('SSOKeepDomainName')) {
if ($pos = strpos($remoteUser, '@')) {
$domain = substr($remoteUser, $pos + 1);
$remoteUser = substr($remoteUser, 0, $pos);
} elseif ($pos = strrpos($remoteUser, '\\')) {
$domain = substr($remoteUser, 0, $pos);
$remoteUser = substr($remoteUser, $pos + 1);
}
}
// BEGIN NEW PATCH
if (Configuration::getValue('SSOStripOffDomainName')) {
domain = null;
}
// END NEW PATCH
Any better idea would be appreciated.
My case is a little different. In order to authenticate I need to strip off the domain name and get rid of it.
Actually it seems that before this PR the behaviour of ig_ldap_sso_auth was probably just like that?
We are seeing our (formerly working) SSO-Setup is broken after an update of TYPO3 (and ig_ldap_sso_auth). After doing some debugging I found that there is a mismatch between the '@foo.INT' and '@foo.local' top level domain as used by kerberos (available in $_SERVER['REMOTE_USER']) and LDAP.
@pniederlag This feature is closed for quite some time now, please open a new ticket and reference this one if wished so that we can find a solution.
This is useful e.g., on a CAS-Server, to continue the chain of authentication through LDAP.
Resolves: #81