Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+4 votes
5.1k views
in Q2A Core by
edited by

Experimentally I receive the user-name of the local user (logged in at a domain-controller) via NTLM -->
I would like to use this user-name to automatically log in this user after he started q2a.

Because only the information of the username is given by external source, the q2a internal user profiles should be used furthermore.
(the q2a single-sign on module" requires, that all user data (profile, picture etc) are provided by the external source - so this is why I can't use this out of the box)

Where is the best location in the code to do this?


More details:
So what I'm seeking for is:
Use Q2A internal profiles -- but instead of manual user login:
Take the system information about the user who gets identified by the NTLM info (NT-user logged in at a domain).

What I have e.g. is a php function which returns a user name from external. Where should I go with this information to automatically log in a user who opens q2a?  
--> if the user is known in the q2a database (same name): just login
--> if the user is unknown: open initial profile page to let the user add profile information...

what I'm playing around with is the mechanism used to read out the cookie and replace something in there -- but this feels like a dirty hack - isn't it?  frown

cheers!

1 Answer

+2 votes
by
You want to use a plugin with a login module rather than full single sign-on integration. That means Q2A keeps control of everything but you have the opportunity to identify users to Q2A.
by
wow - while I'm fighting with the layout of my question - the first answer arrives -- you keep me admiringly (if this is the right wording)  :))

yes - exactly this is what I'm aiming for!
by
Would love some sample code for doing this with user information coming from Active Directory.
by
as stated above - I've implemented this not in a plugin but directly in the core software of q2a.
Never the less it's working since 2011 in an intranet environment of our company and handles more than 3500 active users with over 70000 site hits per month.
If you are interested, willing and able to change the q2a core, I can provide you
--> the interface-files for retrieving the username via NTLM,
---> getting additional information from global forest of active directory and finally
----> automatic log in at q2a with this information....
by
@snoopy if you could provide them, that could save us lots of time.  That would be much appreciated.
by
Hellp Snoopy0815,
I have tried to implement Ldap validation with no success (from karlbitz qa-ldap-login files). NTLM validation would also be a good solution for my intranet.
Can you please send me your files with this functionality?
Thanks in advance.
by
Hip Snoopy0815,
Could you please share the following details
--> the interface-files for retrieving the username via NTLM,
---> getting additional information from global forest of active directory and finally
----> automatic log in at q2a with this information....

so that I can setup SSO using my company LDAP.

Thanks in advance.
by
Hi  snoopy0815,

I'd really appreciate the same code also, please.

thanks
...