In the previous version of the LDAP SSO module (8.x-1.0-beta9) the checkExcludePath() method handles the wildcards in the excluded paths if any. Specifically, it uses the asterisk * as a wildcard character in the exclusion patterns. The wildcard is replaced with a regular expression equivalent (.*) to match any characters in that position.
Unfortunately, this is not the case with the newer version of this module (8.x-4.0) where the wildcard handling is not explicitly present. Instead of using wildcard replacement in a regular expression, the checkExcludePath() method directly checks if the lowercase form of the paths matches, without using wildcards.
If we are using a wildcard in some / all of the excluded paths that are added in the LDAP SSO configuration like `*sites/default/files/*` the provided path will not be excluded.
@grahl, could you please tell me if there is a reason for the wildcard support to be removed from the module, if possible? Of course, I could create a patch, but before that, I would like to know if this was done with a purpose.
Thank you in advance!
Active
4.0
Code
I also ran into this issue, since the description of the "SSO Excluded Paths" option mentions to use * as wildcard. It would be nice, if either the support for wildcards or the description could be fixed (I would prefer the former).
I created an issue fork with a patch using the path.matcher core service to allow matching wildcards.