diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index fcbd2eeef4424f2628ad27f1cf412504126458a6..e1d758fb862414749f9dc29da3bc8881c5844293 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -92,16 +92,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
}
// Prepare SSO
- if(!utf8_check($_SERVER['REMOTE_USER'])) {
- $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
- }
- if($_SERVER['REMOTE_USER'] && $this->conf['sso']) {
- $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
+ if(!empty($_SERVER['REMOTE_USER'])) {
+
+ // make sure the right encoding is used
+ if($this->getConf('sso_charset')) {
+ $_SERVER['REMOTE_USER'] = iconv($this->getConf('sso_charset'), 'UTF-8', $_SERVER['REMOTE_USER']);
+ } elseif(!utf8_check($_SERVER['REMOTE_USER'])) {
+ $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
+ }
- // we need to simulate a login
- if(empty($_COOKIE[DOKU_COOKIE])) {
- $INPUT->set('u', $_SERVER['REMOTE_USER']);
- $INPUT->set('p', 'sso_only');
+ // trust the incoming user
+ if($this->conf['sso']) {
+ $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
+
+ // we need to simulate a login
+ if(empty($_COOKIE[DOKU_COOKIE])) {
+ $INPUT->set('u', $_SERVER['REMOTE_USER']);
+ $INPUT->set('p', 'sso_only');
+ }
}
}
diff --git a/lib/plugins/authad/conf/default.php b/lib/plugins/authad/conf/default.php
index f71202cfcdb8b73a839a037d8ceb3bf38e85ff1a..6fb4c9145659dc6d26112f916cb44b5a0df1f49b 100644
--- a/lib/plugins/authad/conf/default.php
+++ b/lib/plugins/authad/conf/default.php
@@ -4,6 +4,7 @@ $conf['account_suffix'] = '';
$conf['base_dn'] = '';
$conf['domain_controllers'] = '';
$conf['sso'] = 0;
+$conf['sso_charset'] = '';
$conf['admin_username'] = '';
$conf['admin_password'] = '';
$conf['real_primarygroup'] = 0;
diff --git a/lib/plugins/authad/conf/metadata.php b/lib/plugins/authad/conf/metadata.php
index 7b4f895d0d19dfc55cf0ac59a3270d32730bac94..560d25315b8ea298740162edf3a547c8ab8467fb 100644
--- a/lib/plugins/authad/conf/metadata.php
+++ b/lib/plugins/authad/conf/metadata.php
@@ -4,6 +4,7 @@ $meta['account_suffix'] = array('string','_caution' => 'danger');
$meta['base_dn'] = array('string','_caution' => 'danger');
$meta['domain_controllers'] = array('string','_caution' => 'danger');
$meta['sso'] = array('onoff','_caution' => 'danger');
+$meta['sso_charset'] = array('string','_caution' => 'danger');
$meta['admin_username'] = array('string','_caution' => 'danger');
$meta['admin_password'] = array('password','_caution' => 'danger');
$meta['real_primarygroup'] = array('onoff','_caution' => 'danger');
diff --git a/lib/plugins/authad/lang/en/settings.php b/lib/plugins/authad/lang/en/settings.php
index aff49550bf797503ecb605361aa10582f7f52728..92e9ac4e8182ec39f4e7795776afae4fd129ee83 100644
--- a/lib/plugins/authad/lang/en/settings.php
+++ b/lib/plugins/authad/lang/en/settings.php
@@ -6,7 +6,8 @@ $lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg.
$lang['admin_username'] = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
$lang['admin_password'] = 'The password of the above user.';
$lang['sso'] = 'Should Single-Sign-On via Kerberos or NTLM be used?';
-$lang['real_primarygroup'] = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower)';
+$lang['sso_charset'] = 'The charset your webserver will pass the Kerberos or NTLM username in. Empty for UTF-8 or latin-1. Requires the iconv extension.';
+$lang['real_primarygroup'] = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower).';
$lang['use_ssl'] = 'Use SSL connection? If used, do not enable TLS below.';
$lang['use_tls'] = 'Use TLS connection? If used, do not enable SSL above.';
$lang['debug'] = 'Display additional debugging output on errors?';