diff --git a/ldap_authentication/LdapAuthenticationConf.class.php b/ldap_authentication/LdapAuthenticationConf.class.php index ae0f7fd..9b6dc41 100644 --- a/ldap_authentication/LdapAuthenticationConf.class.php +++ b/ldap_authentication/LdapAuthenticationConf.class.php @@ -111,6 +111,7 @@ class LdapAuthenticationConf { public $ssoEnabled = FALSE; public $ssoRemoteUserStripDomainName = FALSE; public $ssoExcludedPaths = NULL; + public $ssoExcludedHosts = NULL; public $seamlessLogin = FALSE; public $ldapImplementation = FALSE; public $cookieExpire = LDAP_AUTHENTICATION_COOKIE_EXPIRE; @@ -173,6 +174,7 @@ class LdapAuthenticationConf { 'excludeIfNoAuthorizations', 'ssoRemoteUserStripDomainName', 'ssoExcludedPaths', + 'ssoExcludedHosts', 'seamlessLogin', 'ldapImplementation', 'cookieExpire', diff --git a/ldap_authentication/LdapAuthenticationConfAdmin.class.php b/ldap_authentication/LdapAuthenticationConfAdmin.class.php index 2c2ccd7..7eaf1dd 100644 --- a/ldap_authentication/LdapAuthenticationConfAdmin.class.php +++ b/ldap_authentication/LdapAuthenticationConfAdmin.class.php @@ -111,6 +111,12 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf { array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '')); '

'; + $values['ssoExcludedHostsDescription'] = '

' . + t('If your site is accessible via multiple hostnames, you may only want + the LDAP SSO module to authenticate against some of them. To exclude + any hostnames from SSO, enter them here. Enter one host per line.'); + '

'; + $values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' . 'WWW server provides authentication in the form of user@realm and you ' . 'want to have both SSO and regular forms based authentication ' . @@ -443,6 +449,14 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf { '#disabled' => (boolean)(!$this->ssoEnabled), ); + $form['sso']['ssoExcludedHosts'] = array( + '#type' => 'textarea', + '#title' => t('SSO Excluded Hosts'), + '#description' => t($this->ssoExcludedHostsDescription), + '#default_value' => $this->arrayToLines($this->ssoExcludedHosts), + '#disabled' => (boolean)(!$this->ssoEnabled), + ); + $form['submit'] = array( '#type' => 'submit', '#value' => 'Save', @@ -505,6 +519,7 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf { $this->emailOption = ($values['emailOption']) ? (int)$values['emailOption'] : NULL; $this->emailUpdate = ($values['emailUpdate']) ? (int)$values['emailUpdate'] : NULL; $this->ssoExcludedPaths = $this->linesToArray($values['ssoExcludedPaths']); + $this->ssoExcludedHosts = $this->linesToArray($values['ssoExcludedHosts']); $this->ssoRemoteUserStripDomainName = ($values['ssoRemoteUserStripDomainName']) ? (int)$values['ssoRemoteUserStripDomainName'] : NULL; $this->seamlessLogin = ($values['seamlessLogin']) ? (int)$values['seamlessLogin'] : NULL; $this->cookieExpire = ($values['cookieExpire']) ? (int)$values['cookieExpire'] : NULL; diff --git a/ldap_sso/ldap_sso.module b/ldap_sso/ldap_sso.module index 76ba346..4107016 100644 --- a/ldap_sso/ldap_sso.module +++ b/ldap_sso/ldap_sso.module @@ -98,6 +98,14 @@ function ldap_sso_path_excluded_from_sso($path = FALSE) { } $ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); + if ($ldap_authentication_conf['ssoExcludedHosts']) { + $host = $_SERVER['SERVER_NAME']; + foreach($ldap_authentication_conf['ssoExcludedHosts'] as $host_to_check) { + if($host_to_check == $host) { + return TRUE; + } + } + } if ($ldap_authentication_conf['ssoExcludedPaths']) { $patterns = join("\r\n", $ldap_authentication_conf['ssoExcludedPaths']); if ($patterns) {