Check LDAP Authentication first then redirect to CAS?

  • Resolved danseitz

    (@danseitz)


    7 years, 1 month ago

    A bit of a unique use case here. We use both Active Directory/LDAP and CAS. Basically, Active Directory authentication used while on local intranet (with a fixed external IP) but CAS when outside the local network. Is there a way to redirect to LDAP when traffic is coming from a specific IP address/range and otherwise direct to CAS if on an external IP? Would htaccess work to configure this? Where would I make that configuration? (Ideally the site would auto login if on a local workstation signed in to Active Directory.)

Viewing 1 replies (of 1 total)
  • Plugin Author pkarjala

    (@pkarjala)

    Hi @danseitz, apologies for the slow response time.

    I would recommend creating a whitelist to check if the user is on a specific IP block, then “showing” only the applicable login (in this case, LDAP) if the user is in that IP range.

    You would need to write a PHP implementation of this to check the user’s IP and create and check a whitelist. Advanced Custom Fields may help with this process for creating and storing the whitelist information; their Options Page would be a good start: https://www.advancedcustomfields.com/resources/options-page/.

    You can then customize the login form using the information at https://codex.www.ads-software.com/Customizing_the_Login_Form, and the code in the login_form_add_external_service_links() function on line 1912 of authorizer.php in the plugin. You would need to alter the code there to only present one type of login or another based on the results of the check against the whitelist.

    There may also be plugins that allow you to do this, but I have not done a thorough search to see what is available.

    I’m also unfortunately not sure how the auto-login would be processed if it is an LDAP/AD based login.

    I hope this helps!

Viewing 1 replies (of 1 total)
  • The topic ‘Check LDAP Authentication first then redirect to CAS?’ is closed to new replies.