public function LdapSsoAdminForm::buildForm in LDAP Single Sign On 8.4
Same name and namespace in other branches
- 8 src/Form/LdapSsoAdminForm.php \Drupal\ldap_sso\Form\LdapSsoAdminForm::buildForm()
Form constructor.
Parameters
array $form: An associative array containing the structure of the form.
\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.
Return value
array The form structure.
Overrides ConfigFormBase::buildForm
File
- src/
Form/ LdapSsoAdminForm.php, line 63
Class
- LdapSsoAdminForm
- Provides the configuration form SSO under LDAP configuration.
Namespace
Drupal\ldap_sso\FormCode
public function buildForm(array $form, FormStateInterface $form_state) : array {
$config = $this
->config('ldap_sso.settings');
$form['information'] = [
'#type' => 'markup',
'#markup' => $this
->t('<h2>Single sign-on (SSO)</h2><p>Single sign-on enables users of this site to be authenticated by visiting the URL /user/login/sso, or automatically if selected below. Please review the README file for more information.</p>', [
'@link' => Url::fromRoute('system.modules_list')
->toString(),
]),
];
$form['seamlessLogin'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Turn on automated single sign-on'),
'#description' => $this
->t('This requires that you have operational NTLM or Kerberos authentication turned on for at least the path /user/login/sso (enabling it for the entire host works too).'),
'#default_value' => $config
->get('seamlessLogin'),
];
$form['ssoSplitUserRealm'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Split user name and realm'),
'#description' => $this
->t("If your users are shown as user@realm, you need to enable this. <br><strong>This is the default for mod_auth_kerb but not mod_auth_sspi.</strong>"),
'#default_value' => $config
->get('ssoSplitUserRealm'),
];
$form['ssoRemoteUserStripDomainName'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Strip REMOTE_USER of domain name'),
'#description' => $this
->t('Use this if you get users in the form of user@realm via SSO and also want to authenticate manually without a realm and avoid duplicate or conflicting accounts.'),
'#default_value' => $config
->get('ssoRemoteUserStripDomainName'),
];
$form['cookieExpire'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Invalidate SSO cookie immediately'),
'#description' => $this
->t("Turn this on if you want to make it possible for users to log right back in after logging out with automated single sign-on.<br>This is off by default and set to a session cookie so opening a browser clears the setting."),
'#default_value' => $config
->get('cookieExpire'),
];
$form['ssoVariable'] = [
'#type' => 'textfield',
'#title' => $this
->t('Server variable containing the user'),
'#description' => $this
->t('This is usually REMOTE_USER or REDIRECT_REMOTE_USER.'),
'#default_value' => $config
->get('ssoVariable'),
];
$form['ssoExcludedPaths'] = [
'#type' => 'textarea',
'#title' => $this
->t('SSO Excluded Paths'),
'#description' => $this
->t("Common paths to exclude from SSO are for example cron.php.<br>This module already excludes some system paths, such as /user/login.<br>Specify pages by using their paths. Enter one path per line. The '*' character is a wildcard.<br>Example paths are %blog for the blog page and %blog-wildcard for all pages below it. %front is the front page.", [
'%blog' => 'blog',
'%blog-wildcard' => 'blog/*',
'%front' => '<front>',
]),
'#default_value' => is_array($config
->get('ssoExcludedPaths')) ? implode("\n", $config
->get('ssoExcludedPaths')) : '',
];
$form['ssoExcludedHosts'] = [
'#type' => 'textarea',
'#title' => $this
->t('SSO Excluded Hosts'),
'#description' => $this
->t('If your site is accessible via multiple hostnames, you may only want
the LDAP SSO module to authenticate against some of them.<br>Enter one host per line.'),
'#default_value' => is_array($config
->get('ssoExcludedHosts')) ? implode("\n", $config
->get('ssoExcludedHosts')) : '',
];
$form['login'] = [
'#type' => 'fieldset',
'#title' => $this
->t('Login customization'),
];
$form['login']['redirectOnLogout'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Redirect users on logout'),
'#description' => $this
->t('Recommended to be set for most sites to a non-SSO path. Can cause issues with immediate cookie invalidation and automated SSO. Conflicts with Masquerade and Devel module.'),
'#default_value' => $config
->get('redirectOnLogout'),
];
$form['login']['logoutRedirectPath'] = [
'#type' => 'textfield',
'#title' => $this
->t('Logout redirect path'),
'#description' => $this
->t('An internal Drupal path that users will be redirected to on logout'),
'#default_value' => $config
->get('logoutRedirectPath'),
'#required' => FALSE,
'#states' => [
'visible' => [
'input[name="redirectOnLogout"]' => [
'checked' => TRUE,
],
],
'required' => [
'input[name="redirectOnLogout"]' => [
'checked' => TRUE,
],
],
],
];
$form['login']['enableLoginConfirmationMessage'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Show a confirmation message on successful login'),
'#default_value' => $config
->get('enableLoginConfirmationMessage'),
];
$form['submit'] = [
'#type' => 'submit',
'#value' => 'Save',
];
return $form;
}