Having throught about this over night, I'm thinking that I might be able to get this working, if I can explode the user details from the HTTP_Authorization.
I'm guessing that our ISA server is sending the details in the 'domain.com\username' format, but DokuWiki only wants the username. I see you already used explode on the HTTP_Authorization to split the username & password at the ':' point, what I also need to do, is after the username & password have been split, split the username again at the '\' point, so the domain is removed from the username. I'm having a little trouble working out where I'd add this second explode to the code.
I need to add:
explode('\\',$_REQUEST['u'])
somewhere in the code below.
list($_REQUEST['u'],$_REQUEST['p']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Can you help?
SOLVED: After doing some testing, I found that $_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW'] were actually being populated with a username & password during the IE popup login, so I re-enabled the previous code in auth.php and found that it worked the same as the new code, with $_REQUEST['u'] = domain.com\\username. I simply used explode('\\\\',$_SERVER['PHP_AUTH_USER']) to remove the domain, and it all seemed to work. New code below for anyone who wants it!
if(empty($_REQUEST['u']) && !empty($_SERVER['PHP_AUTH_USER'])){
$_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
$EXPLODEUSER = explode('\\\\',$_SERVER['PHP_AUTH_USER']);
$_REQUEST['u'] = $EXPLODEUSER[1];
$_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
}