diff --git a/ldap_authentication/LdapAuthenticationConf.class.php b/ldap_authentication/LdapAuthenticationConf.class.php
index 6c12779..0df682d 100644
--- a/ldap_authentication/LdapAuthenticationConf.class.php
+++ b/ldap_authentication/LdapAuthenticationConf.class.php
@@ -30,6 +30,7 @@ class LdapAuthenticationConf {
   public $seamlessLogin = FALSE;
   public $ldapImplementation = FALSE;
   public $cookieExpire = LDAP_AUTHENTICATION_COOKIE_EXPIRE;
+  public $ssoExcludedPaths = NULL;
 
   public $apiPrefs = array();
 
@@ -63,6 +64,7 @@ class LdapAuthenticationConf {
     'seamlessLogin',
     'ldapImplementation',
     'cookieExpire',
+    'ssoExcludedPaths',
   );
 
    /** are any ldap servers that are enabled associated with ldap authentication **/
diff --git a/ldap_authentication/LdapAuthenticationConfAdmin.class.php b/ldap_authentication/LdapAuthenticationConfAdmin.class.php
index 97072e2..6853fc3 100644
--- a/ldap_authentication/LdapAuthenticationConfAdmin.class.php
+++ b/ldap_authentication/LdapAuthenticationConfAdmin.class.php
@@ -105,6 +105,13 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
         l(t('README.txt'), drupal_get_path('module', 'ldap_sso') . '/README.txt')))
         . '</p>';
 
+      $values['ssoExcludedPathsDescription'] = '<p>' .
+        t("Which paths will not check for SSO? cron.php is common example.  Specify pages by using their paths. Enter one path per line. The '*' character is a wildcard.
+          Example paths are %blog for the blog page and %blog-wildcard for every personal blog. %front is the front page.",
+          array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>'));
+        '</p>';
+
+
       $values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' .
         'WWW server provides authentication in the form of user@realm and you ' .
         'want to have both SSO and regular forms based authentication ' .
@@ -166,6 +173,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
    */
 
   public $ssoEnabledDescription;
+  public $ssoExcludedPaths;
   public $ssoRemoteUserStripDomainNameDescription;
   public $ldapImplementationOptions;
   public $cookieExpirePeriod;
@@ -440,6 +448,14 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
       '#disabled' => (boolean)(!$this->ssoEnabled),
     );
 
+    $form['sso']['ssoExcludedPaths'] = array(
+      '#type' => 'textarea',
+      '#title' => t('SSO Excluded Paths'),
+      '#description' => t($this->ssoExcludedPathsDescription),
+      '#default_value' => $this->arrayToLines($this->ssoExcludedPaths),
+      '#disabled' => (boolean)(!$this->ssoEnabled),
+    );
+
     $form['submit'] = array(
       '#type' => 'submit',
       '#value' => 'Save',
@@ -492,6 +508,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
     $this->sids = $values['authenticationServers'];
     $this->allowOnlyIfTextInDn = $this->linesToArray($values['allowOnlyIfTextInDn']);
     $this->excludeIfTextInDn = $this->linesToArray($values['excludeIfTextInDn']);
+    $this->ssoExcludedPaths = $this->linesToArray($values['ssoExcludedPaths']);
     $this->allowTestPhp = $values['allowTestPhp'];
     $this->loginUIUsernameTxt = ($values['loginUIUsernameTxt']) ? (string)$values['loginUIUsernameTxt'] : NULL;
     $this->loginUIPasswordTxt = ($values['loginUIPasswordTxt']) ? (string)$values['loginUIPasswordTxt'] : NULL;
@@ -505,6 +522,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
     $this->seamlessLogin = ($values['seamlessLogin']) ? (int)$values['seamlessLogin'] : NULL;
     $this->cookieExpire = ($values['cookieExpire']) ? (int)$values['cookieExpire'] : NULL;
     $this->ldapImplementation = ($values['ldapImplementation']) ? (string)$values['ldapImplementation'] : NULL;
+    $this->ssoExcludedPaths = $this->linesToArray(drupal_strtolower($values['ssoExcludedPaths']));
   }
 
   public function drupalFormSubmit($values) {
diff --git a/ldap_sso/ldap_sso.module b/ldap_sso/ldap_sso.module
index 887b23e..7d80a41 100644
--- a/ldap_sso/ldap_sso.module
+++ b/ldap_sso/ldap_sso.module
@@ -46,6 +46,9 @@ function ldap_sso_user_logout($account) {
  */
 function ldap_sso_boot() {
   if (!drupal_is_cli() && $GLOBALS['user']->uid == 0) {
+    if (ldap_sso_path_excluded_from_sso()) {
+      return;
+    }
     if (!(isset($_COOKIE['seamless_login'])) || $_COOKIE['seamless_login'] == 'auto login') {
       if ((arg(0) == 'user' && !(is_numeric(arg(1)))) || arg(0) == 'logout' ) {
         return;
@@ -58,14 +61,17 @@ function ldap_sso_boot() {
         }
         require_once(DRUPAL_ROOT . '/includes/common.inc');
         require_once(DRUPAL_ROOT . '/includes/path.inc');
-        $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
+        
         if (isset($ldap_authentication_conf['seamlessLogin']) && $ldap_authentication_conf['seamlessLogin'] == 1 && ($login_attempted != 'true')) {
           setcookie("seamless_login_attempted", 'true', time() + (int)$ldap_authentication_conf['cookieExpire'], base_path(), "");
           $_SESSION['seamless_login_attempted'] = $login_attempted;
           // removed with http://drupal.org/node/1485118 patch
           //$ldap_sso_q = (!isset($_GET['q']) || $_GET['q'] == '') ? 'user' : $_GET['q'];
           //drupal_goto('user/login/sso', array('query' => array('destination' => rawurlencode($ldap_sso_q))));
-          drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE); 
+          drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
+          if (ldap_sso_path_excluded_from_sso()) { // check this again after additional bootstrap
+            return;
+          }
           drupal_goto('user/login/sso', array('query' => drupal_get_destination()));
         }
         else {
@@ -76,6 +82,49 @@ function ldap_sso_boot() {
   }
 }
 
+function ldap_sso_path_excluded_from_sso($path = FALSE) {
+
+  $result = FALSE;
+  if ($path) {
+    // don't derive
+  }
+  elseif ($_SERVER['URL'] == '/index.php') {
+    $path = $_GET['q'];
+  }
+  else {
+    $path = ltrim($_SERVER['URL'], '/'); // cron.php, etc.
+  }
+
+  $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
+  if ($ldap_authentication_conf['ssoExcludedPaths']) {
+    $patterns = join("\r\n", $ldap_authentication_conf['ssoExcludedPaths']);
+    if ($patterns) {
+      if (function_exists('drupal_get_path_alias')) {
+        $path = drupal_get_path_alias($path);
+      }
+      $path = (function_exists('drupal_strtolower')) ? drupal_strtolower($path) : strtolower($path);
+  
+      $to_replace = array(
+        '/(\r\n?|\n)/', // newlines
+        '/\\\\\*/',     // asterisks
+        '/(^|\|)\\\\<front\\\\>($|\|)/' // <front>
+      );
+      $replacements = array(
+        '|',
+        '.*',
+        '\1' . preg_quote(variable_get('site_frontpage', 'node'), '/') . '\2'
+      );
+      $patterns_quoted = preg_quote($patterns, '/');
+      $regex = '/^(' . preg_replace($to_replace, $replacements, $patterns_quoted) . ')$/';
+      $result = (bool)preg_match($regex, $path);
+      // die("match=$result,<br/> patterns=$patterns ,<br/>regex=$regex <br/>q=". $path);
+    }
+  }
+  
+  return $result;
+    
+}
+
 /**
  * A proxy function for the actual authentication routine. This is in place
  * so various implementations of grabbing NTLM credentials can be used and