You are here

Home » API reference » LDAP Single Sign On 8 » LdapSsoAdminForm.php » LdapSsoAdminForm

public function LdapSsoAdminForm::buildForm in LDAP Single Sign On 8

Same name and namespace in other branches
  1. 8.4 src/Form/LdapSsoAdminForm.php \Drupal\ldap_sso\Form\LdapSsoAdminForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides ConfigFormBase::buildForm

File

src/Form/LdapSsoAdminForm.php, line 64

Class

LdapSsoAdminForm
Provides the configuration form SSO under LDAP configuration.

Namespace

Drupal\ldap_sso\Form

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  $config = $this
    ->config('ldap_sso.settings');
  $form['information'] = [
    '#type' => 'markup',
    '#markup' => $this
      ->t('<h2>Single sign-on (SSO)</h2><p>Single sign-on enables users of this site to be authenticated by visiting the URL /user/login/sso, or automatically if selected below. Please review the README file for more information.</p>', [
      '@link' => Url::fromRoute('system.modules_list')
        ->toString(),
    ]),
  ];
  $form['seamlessLogin'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Turn on automated single sign-on'),
    '#description' => $this
      ->t('This requires that you have operational NTLM or Kerberos authentication turned on for at least the path /user/login/sso (enabling it for the entire host works too).'),
    '#default_value' => $config
      ->get('seamlessLogin'),
  ];
  $form['ssoSplitUserRealm'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Split user name and realm'),
    '#description' => $this
      ->t("If your users are shown as user@realm, you need to enable this. <br><strong>This is the default for mod_auth_kerb but not mod_auth_sspi.</strong>"),
    '#default_value' => $config
      ->get('ssoSplitUserRealm'),
  ];
  $form['ssoRemoteUserStripDomainName'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Strip REMOTE_USER of domain name'),
    '#description' => $this
      ->t('Use this if you get users in the form of user@realm via SSO and also want to authenticate manually without a realm and avoid duplicate or conflicting accounts.'),
    '#default_value' => $config
      ->get('ssoRemoteUserStripDomainName'),
  ];
  $form['cookieExpire'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Invalidate SSO cookie immediately'),
    '#description' => $this
      ->t("Turn this on if you want to make it possible for users to log right back in after logging out with automated single sign-on.<br>This is off by default and set to a session cookie so opening a browser clears the setting."),
    '#default_value' => $config
      ->get('cookieExpire'),
  ];
  $form['ssoVariable'] = [
    '#type' => 'textfield',
    '#title' => $this
      ->t('Server variable containing the user'),
    '#description' => $this
      ->t('This is usually REMOTE_USER or REDIRECT_REMOTE_USER.'),
    '#default_value' => $config
      ->get('ssoVariable'),
  ];
  $form['ssoExcludedPaths'] = [
    '#type' => 'textarea',
    '#title' => $this
      ->t('SSO Excluded Paths'),
    '#description' => $this
      ->t("Common paths to exclude from SSO are for example cron.php.<br>This module already excludes some system paths, such as /user/login.<br>Specify pages by using their paths. Enter one path per line. The '*' character is a wildcard.<br>Example paths are %blog for the blog page and %blog-wildcard for all pages below it. %front is the front page.", [
      '%blog' => 'blog',
      '%blog-wildcard' => 'blog/*',
      '%front' => '<front>',
    ]),
    '#default_value' => LdapAuthenticationConfiguration::arrayToLines($config
      ->get('ssoExcludedPaths')),
  ];
  $form['ssoExcludedHosts'] = [
    '#type' => 'textarea',
    '#title' => $this
      ->t('SSO Excluded Hosts'),
    '#description' => $this
      ->t('If your site is accessible via multiple hostnames, you may only want
        the LDAP SSO module to authenticate against some of them.<br>Enter one host per line.'),
    '#default_value' => LdapAuthenticationConfiguration::arrayToLines($config
      ->get('ssoExcludedHosts')),
  ];
  $form['login'] = [
    '#type' => 'fieldset',
    '#title' => $this
      ->t('Login customization'),
  ];
  $form['login']['redirectOnLogout'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Redirect users on logout'),
    '#description' => $this
      ->t('Recommended to be set for most sites to a non-SSO path. Can cause issues with immediate cookie invalidation and automated SSO.'),
    '#default_value' => $config
      ->get('redirectOnLogout'),
  ];
  $form['login']['logoutRedirectPath'] = [
    '#type' => 'textfield',
    '#title' => $this
      ->t('Logout redirect path'),
    '#description' => $this
      ->t('An internal Drupal path that users will be redirected to on logout'),
    '#default_value' => $config
      ->get('logoutRedirectPath'),
    '#required' => FALSE,
    '#states' => [
      'visible' => [
        'input[name="redirectOnLogout"]' => [
          'checked' => TRUE,
        ],
      ],
      'required' => [
        'input[name="redirectOnLogout"]' => [
          'checked' => TRUE,
        ],
      ],
    ],
  ];
  $form['login']['enableLoginConfirmationMessage'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Show a confirmation message on successful login'),
    '#default_value' => $config
      ->get('enableLoginConfirmationMessage'),
  ];
  $form['submit'] = [
    '#type' => 'submit',
    '#value' => 'Save',
  ];
  return $form;
}