My organization had a need because our site is both public and private to be able to limit single sign on to only occur if you belong to our internal IP address range. Otherwise you need to authenticate normally. So here is a patch that adds that functionality for a variety of IP range options. Sorry I don't know how to write tests so this does not include them.

CommentFileSizeAuthor
#2 ldap-included-ip-sso-1992130-2.patch8.26 KBAgileware
ldap-included-ip-sso.patch8.27 KBhaydeniv
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented
Title: Add the ability to SSO based on IP address range » LDAP SSO: Add the ability to SSO based on IP address range

this looks like a good patch. I'm avoiding SSO committs since I'm not on top of it.

Agileware’s picture

Agileware CreditAttribution: Agileware commented
Issue summary: View changes
FileSize
ldap-included-ip-sso-1992130-2.patch8.26 KB

Doesn't apply on 7.x-2.0-beta8
I've manually added the rejected hunks and re-rolled the patch.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Needs review » Needs work 
  1. +++ b/ldap_authentication/LdapAuthenticationConfAdmin.class.php
@@ -131,6 +131,18 @@ class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
+          you do not specify any value here, all IPs will be subject to SSO. ¶
+          This is useful if you have a site that exists both publicly and ¶

    couple of trailing whitespaces here 

  2. +++ b/ldap_sso/ldap_sso.module
@@ -173,6 +179,28 @@ function ldap_sso_path_excluded_from_sso($path = FALSE) {
+ * Returns FALSE if IP ranges have been specified in ssoIncludedIps
...
+function ldap_sso_ip_included_for_sso() {

    The function name should be ldap_sso_ip_excluded_for_sso based on the signature and comment 

  3. +++ b/ldap_sso/ldap_sso.module
@@ -428,3 +456,120 @@ function ldap_servers_delete_globals($global_type, $key, $only_mock_values = FAL
+class LdapSsoIpRangeMatch {

    this needs tests

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Needs work » Needs review

The last submitted patch, ldap-included-ip-sso.patch, failed testing.

The last submitted patch, ldap-included-ip-sso.patch, failed testing.

The last submitted patch, ldap-included-ip-sso.patch, failed testing.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Project: Lightweight Directory Access Protocol » LDAP Single Sign On
grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Version: 7.x-2.x-dev » 8.x-1.x-dev
Status: Needs review » Postponed

Setting to 8.x and postponed since no one has shown recent interest in this.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Postponed » Closed (outdated)

No interest in 4+ years, closing.