diff --git a/.env.example b/.env.example index 6974348f2e..11ca442294 100644 --- a/.env.example +++ b/.env.example @@ -191,6 +191,7 @@ ADLDAP_AUTH_FIELD=distinguishedname # Will allow SSO if your server provides an AUTH_USER field. # You can set the following variables from a file by appending them with _FILE: +WINDOWS_SSO_ENABLED=false WINDOWS_SSO_DISCOVER=samaccountname WINDOWS_SSO_KEY=AUTH_USER diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index f16be906f9..3a66b72d3c 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -26,6 +26,7 @@ use Illuminate\Support\Facades\Schema; use Illuminate\Support\ServiceProvider; use Laravel\Passport\Passport; use URL; +use Adldap\Laravel\Middleware\WindowsAuthenticate; /** * @codeCoverageIgnore @@ -44,6 +45,9 @@ class AppServiceProvider extends ServiceProvider if ('heroku' === config('app.env')) { URL::forceScheme('https'); } + if (config('ldap_auth.identifiers.windows.enabled', false)) { + $this->app['router']->pushMiddlewareToGroup('web', WindowsAuthenticate::class); + } } /** diff --git a/config/ldap_auth.php b/config/ldap_auth.php index a05358b957..2f395c809b 100644 --- a/config/ldap_auth.php +++ b/config/ldap_auth.php @@ -217,6 +217,12 @@ return [ | Windows Authentication Middleware (SSO) |-------------------------------------------------------------------------- | + | Enabled: + | + | The middleware will be registered only if enabled is set to true. + | If you update this file, beware, this is not a standard + | AdLdap2-Laravel configuration key. + | | Locate Users By: | | This value is the users attribute you would like to locate LDAP @@ -239,6 +245,7 @@ return [ */ 'windows' => [ + 'enabled' => envNonEmpty('WINDOWS_SSO_ENABLED', false), 'locate_users_by' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'), 'server_key' => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'), ],