Skip to content

ApacheAuth: Ignore force_login command #10752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mjansenDatabay wants to merge 2 commits into
base: release_9
Choose a base branch
from
Open

ApacheAuth: Ignore force_login command #10752

mjansenDatabay wants to merge 2 commits into from
+1 −9

Conversation

@mjansenDatabay
Copy link
Contributor

@mjansenDatabay mjansenDatabay commented Dec 17, 2025
edited
Loading

This commit suggests ignoring the force_login
command in the tryAuthenticationOnLoginPage function.

If the public area is enabled, and ILIAS detects
that the user has no valid ILIAS session and access
to the requested resource, an HTTP redirect to the
login view with a cmd=force_login query parameter
will be initiated. This currently leads to a problem
where the automatically initiated "Apache Authentication"
Single Sign-On will not be triggered, even if configured
this way.

Side effect of this PR: With this change, requesting the login page with
an enabled "Apache Authentication" will only be possible
without triggering the automatically initiated Single Sign-On,
if passed_sso=1 is given in the query parameters (no change was
required to achieve this behaviour).

Commit one has to be picked to release_10 as well, commit two has to be be picked to all maintained branches.

@mjansenDatabay
ApacheAuth: Add missing PHP constant in SSO endpoint
f624cd6
@mjansenDatabay
ApacheAuth: Ignore force_login command
fa77d0c 
This commit suggests ignoring the `force_login`
command in the `tryAuthenticationOnLoginPage` function.

If the public area is **enabled**, and ILIAS detects
that the user has **no valid ILIAS session and access**
to the requested resource, an HTTP redirect to the
login view with a `cmd=force_login` query parameter
will be initiated. This currently leads to a problem
where the automatically initiated "Apache Authentication"
Single Sign-On will **not** be triggered, even if configured
this way.

Effect: With this change, requesting the login page with
an **enabled** "Apache Authentication" will only be possible
**without** triggering the automatically initiated Single Sign-On,
if `passed_sso=1` is given in the query parameters (no change was
required to achieve this behaviour).
@mjansenDatabay mjansenDatabay added bugfix improvement php Pull requests that update Php code labels Dec 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thojou thojou Awaiting requested review from thojou

Assignees

@mjansenDatabay mjansenDatabay

@thojou thojou

Labels

bugfix improvement php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mjansenDatabay @thojou