We use Apache authentication in front of SuiteCRM, and many moons ago (and it might even have been vTiger we were using at that point) I managed to add some code that pre-filled added the (validated) username and password that were used to get that far. I never managed to auto-submit the login form, and the code got overwritten by an update.
Anyway, looking at forcing people to log in as themselves, and this would seem the best route since they would not even get to see the login screen if done correctly, plus if we are using LDAP to authenticate, why enter the details again.
But looking at the code, I cannot find the point where it goes “hey, this user hasn’t logged in yet. Send them to the login page”, so I am looking some pointers. Any help greatly appreciated.