Class Shibboleth. More...
Public Member Functions | |
| ShibAuth ($authParams, $updateUserData=false) | |
| Constructor public. | |
| getAuth () | |
| Checks if the current user is authenticated yet public. | |
| setIdle ($time, $add=false) | |
| Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. | |
| setExpire ($time, $add=false) | |
| Set the maximum expire time. | |
| checkAuth () | |
| Checks if there is a session with valid auth information. | |
| start () | |
| Start new auth session. | |
| login () | |
| Login function. | |
| setAuth ($username) | |
| Register variable in a session telling that the user has logged in successfully. | |
| logout () | |
| Logout function. | |
| getUsername () | |
| Get the username. | |
| getStatus () | |
| Get the current status. | |
| & | _importGlobalVariable ($variable) |
| Import variables from special namespaces. | |
| generateLogin () | |
| Automatically generates the username/screenname of a Shibboleth user or returns the user's already existing username. | |
| getFirstString ($string) | |
| Cleans and returns first of potential many values (multi-valued attributes). | |
Data Fields | |
| $username | |
| $_sessionName = '_authsession' | |
| $status = '' | |
| $expire = 0 | |
| $idle = 0 | |
| $idled = false | |
Detailed Description
Class Shibboleth.
This class provides basic functionality for Shibboleth authentication
Definition at line 36 of file class.ilShibboleth.php.
Member Function Documentation
| & ShibAuth::_importGlobalVariable | ( | $ | variable | ) |
Import variables from special namespaces.
private
- Parameters:
-
string Type of variable (server, session, post)
- Returns:
- array
Definition at line 487 of file class.ilShibboleth.php.
References $_GET, $_POST, $_SESSION, and $GLOBALS.
Referenced by checkAuth(), getAuth(), getUsername(), logout(), and setAuth().
{
$var = null;
switch (strtolower($variable)) {
case 'server' :
if (isset($_SERVER)) {
$var = &$_SERVER;
} else {
$var = &$GLOBALS['HTTP_SERVER_VARS'];
}
break;
case 'session' :
if (isset($_SESSION)) {
$var = &$_SESSION;
} else {
$var = &$GLOBALS['HTTP_SESSION_VARS'];
}
break;
case 'post' :
if (isset($_POST)) {
$var = &$_POST;
} else {
$var = &$GLOBALS['HTTP_POST_VARS'];
}
break;
case 'cookie' :
if (isset($_COOKIE)) {
$var = &$_COOKIE;
} else {
$var = &$GLOBALS['HTTP_COOKIE_VARS'];
}
break;
case 'get' :
if (isset($_GET)) {
$var = &$_GET;
} else {
$var = &$GLOBALS['HTTP_GET_VARS'];
}
break;
default:
break;
}
return $var;
}
Here is the caller graph for this function:
| ShibAuth::checkAuth | ( | ) |
Checks if there is a session with valid auth information.
private
- Returns:
- boolean Whether or not the user is authenticated.
Definition at line 163 of file class.ilShibboleth.php.
References _importGlobalVariable(), and logout().
Referenced by start().
{
$session = &$this->_importGlobalVariable('session');
if (isset($session[$this->_sessionName])) {
// Check if authentication session is expired
if ($this->expire > 0 &&
isset($session[$this->_sessionName]['timestamp']) &&
($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
$this->logout();
$this->expired = true;
$this->status = AUTH_EXPIRED;
return false;
}
// Check if maximum idle time is reached
if ($this->idle > 0 &&
isset($session[$this->_sessionName]['idle']) &&
($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
$this->logout();
$this->idled = true;
$this->status = AUTH_IDLED;
return false;
}
if (isset($session[$this->_sessionName]['registered']) &&
isset($session[$this->_sessionName]['username']) &&
$session[$this->_sessionName]['registered'] == true &&
$session[$this->_sessionName]['username'] != '') {
Auth::updateIdle();
return true;
}
}
return false;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::generateLogin | ( | ) |
Automatically generates the username/screenname of a Shibboleth user or returns the user's already existing username.
private
- Returns:
- String Generated username
Definition at line 548 of file class.ilShibboleth.php.
References $ilias, ilObjUser::_checkExternalAuthAccount(), ilUtil::generatePasswords(), getFirstString(), and ilObjUser::getUserIdByLogin().
Referenced by login().
{
global $ilias;
$shibID = $_SERVER[$ilias->getSetting('shib_login')];
$lastname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$firstname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
if (trim($shibID) == "")
{
return;
}
//***********************************************//
// For backwards compatibility with previous versions
// We use the passwd field as mapping attribute for Shibboleth users
// because they don't need a password
$ilias->db->query("UPDATE usr_data SET auth_mode='shibboleth', passwd='".md5(end(ilUtil::generatePasswords(1)))."', ext_account='".$shibID."' WHERE passwd='".$shibID."'");
//***********************************************//
// Let's see if user already is registered
$local_user = ilObjUser::_checkExternalAuthAccount("shibboleth", $shibID);
if ($local_user)
{
return $local_user;
}
// User doesn't seem to exist yet
// Generate new username
// This can be overruled by the data conversion API but you have
// to do it yourself in that case
$prefix = $firstname.' '.$lastname;
if (!ilObjUser::getUserIdByLogin($prefix))
{
return $prefix;
}
// Add a number as prefix if the username already is taken
$number = 2;
$prefix .= ' ';
while (ilObjUser::getUserIdByLogin($prefix.$number))
{
$number++;
}
return $prefix.$number;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::getAuth | ( | ) |
Checks if the current user is authenticated yet public.
- Returns:
- boolean true if user is authenticated
Definition at line 109 of file class.ilShibboleth.php.
References _importGlobalVariable().
{
$session = &$this->_importGlobalVariable('session');
if (!empty($session) &&
(isset($session[$this->_sessionName]['registered']) &&
$session[$this->_sessionName]['registered'] === true))
{
return true;
} else {
return false;
}
}
Here is the call graph for this function:
| ShibAuth::getFirstString | ( | $ | string | ) |
Cleans and returns first of potential many values (multi-valued attributes).
private
- Parameters:
-
string A Shibboleth attribute or other string
- Returns:
- string First value of attribute
Definition at line 606 of file class.ilShibboleth.php.
References $list.
Referenced by generateLogin(), and login().
Here is the caller graph for this function:
| ShibAuth::getStatus | ( | ) |
Get the current status.
public
- Returns:
- string
Definition at line 474 of file class.ilShibboleth.php.
References $status.
{
return $status;
}
| ShibAuth::getUsername | ( | ) |
Get the username.
public
- Returns:
- string
Definition at line 459 of file class.ilShibboleth.php.
References _importGlobalVariable().
{
$session = &$this->_importGlobalVariable('session');
if (!isset($session[$this->_sessionName]['username'])) {
return '';
}
return $session[$this->_sessionName]['username'];
}
Here is the call graph for this function:
| ShibAuth::login | ( | ) |
Login function.
private
- Returns:
- void
Definition at line 227 of file class.ilShibboleth.php.
References $ilias, $rbacadmin, $username, generateLogin(), ilUtil::generatePasswords(), getFirstString(), ilObjUser::getUserIdByLogin(), and setAuth().
{
global $ilias, $rbacadmin;
if (!empty($_SERVER[$ilias->getSetting('shib_login')]))
{
// Get loginname of user, new login name is generated if user is new
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!ilObjUser::getUserIdByLogin($username))
{
$newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
$newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
$newUser["passwd_type"] = IL_PASSWD_MD5;
if (
$ilias->getSetting('shib_update_gender')
&& ($_SERVER[$ilias->getSetting('shib_gender')] == 'm'
|| $_SERVER[$ilias->getSetting('shib_gender')] =='f')
)
{
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
}
// Save mapping between ILIAS user and Shibboleth uniqueID
$newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
$newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
$newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
$newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ( $ilias->getSetting('shib_data_conv')
&& $ilias->getSetting('shib_data_conv') != ''
&& is_readable($ilias->getSetting('shib_data_conv'))
)
{
include($ilias->getSetting('shib_data_conv'));
}
// Create use in DB
$userObj->create();
$userObj->setActive(1, 6);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// setup user preferences
$userObj->writePrefs();
//set role entries
$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
unset($userObj);
}
else
{
// Update user account
$userObj->checkUserId();
$userObj->read();
if (
$ilias->getSetting('shib_update_gender')
&& ($_SERVER[$ilias->getSetting('shib_gender')] == 'm'
|| $_SERVER[$ilias->getSetting('shib_gender')] =='f')
)
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
if ($ilias->getSetting('shib_update_title'))
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
$userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
$userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution'))
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
if ($ilias->getSetting('shib_update_department'))
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
if ($ilias->getSetting('shib_update_street'))
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
if ($ilias->getSetting('shib_update_city'))
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
if ($ilias->getSetting('shib_update_zipcode'))
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
if ($ilias->getSetting('shib_update_country'))
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
if ($ilias->getSetting('shib_update_phone_office'))
$userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
if ($ilias->getSetting('shib_update_phone_home'))
$userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
if ($ilias->getSetting('shib_update_phone_mobile'))
$userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
if ($ilias->getSetting('shib_update_fax'))
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
if ($ilias->getSetting('shib_update_matriculation'))
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
if ($ilias->getSetting('shib_update_email'))
$userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
if ($ilias->getSetting('shib_update_hobby'))
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
if ($ilias->getSetting('shib_update_language'))
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ( $ilias->getSetting('shib_data_conv')
&& $ilias->getSetting('shib_data_conv') != ''
&& is_readable($ilias->getSetting('shib_data_conv'))
)
{
include($ilias->getSetting('shib_data_conv'));
}
$userObj->update();
}
}
else
{
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
Here is the call graph for this function:
| ShibAuth::logout | ( | ) |
Logout function.
This function clears any auth tokens in the currently active session and executes the logout callback function, if any
public
- Returns:
- void
Definition at line 438 of file class.ilShibboleth.php.
References $_SESSION, and _importGlobalVariable().
Referenced by checkAuth().
{
$session = &$this->_importGlobalVariable('session');
$this->username = '';
$session[$this->_sessionName] = array();
if (isset($_SESSION)) {
unset($session[$this->_sessionName]);
} else {
session_unregister($this->_sessionName);
}
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::setAuth | ( | $ | username | ) |
Register variable in a session telling that the user has logged in successfully.
public
- Parameters:
-
string Username
- Returns:
- void
Definition at line 407 of file class.ilShibboleth.php.
References $_SESSION, $username, and _importGlobalVariable().
Referenced by login().
{
$session = &$this->_importGlobalVariable('session');
if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
session_register($this->_sessionName);
}
if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
$session[$this->_sessionName] = array();
}
if(!isset($session[$this->_sessionName]['data'])){
$session[$this->_sessionName]['data'] = array();
}
$session[$this->_sessionName]['registered'] = true;
$session[$this->_sessionName]['username'] = $username;
$session[$this->_sessionName]['timestamp'] = time();
$session[$this->_sessionName]['idle'] = time();
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::setExpire | ( | $ | time, | |
| $ | add = false | |||
| ) |
Set the maximum expire time.
public
- Parameters:
-
integer time in seconds bool add time to current expire time or not
- Returns:
- void
Definition at line 148 of file class.ilShibboleth.php.
References $add.
{
if ($add) {
$this->expire += $time;
} else {
$this->expire = $time;
}
}
| ShibAuth::setIdle | ( | $ | time, | |
| $ | add = false | |||
| ) |
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
- Parameters:
-
integer obj_id of role (role_id) integer ref_id of role folder (ref_id)
- Returns:
- boolean true on success
Definition at line 130 of file class.ilShibboleth.php.
References $add.
{
if ($add) {
$this->idle += $time;
} else {
$this->idle = $time;
}
}
| ShibAuth::ShibAuth | ( | $ | authParams, | |
| $ | updateUserData = false | |||
| ) |
Constructor public.
Definition at line 93 of file class.ilShibboleth.php.
{
$this->updateUserData = $updateUserData;
if (!empty($authParams['sessionName'])) {
$this->_sessionName = $authParams['sessionName'];
unset($authParams['sessionName']);
}
}
| ShibAuth::start | ( | ) |
Start new auth session.
public
- Returns:
- void
Definition at line 212 of file class.ilShibboleth.php.
References checkAuth().
{
@session_start();
if (!$this->checkAuth()) {
//$this->login();
}
}
Here is the call graph for this function:
Field Documentation
| ShibAuth::$_sessionName = '_authsession' |
Definition at line 50 of file class.ilShibboleth.php.
| ShibAuth::$expire = 0 |
Definition at line 67 of file class.ilShibboleth.php.
| ShibAuth::$idle = 0 |
Definition at line 79 of file class.ilShibboleth.php.
| ShibAuth::$idled = false |
Definition at line 87 of file class.ilShibboleth.php.
| ShibAuth::$status = '' |
Definition at line 57 of file class.ilShibboleth.php.
Referenced by getStatus().
| ShibAuth::$username |
Definition at line 43 of file class.ilShibboleth.php.
The documentation for this class was generated from the following file:
- classes/class.ilShibboleth.php
