25 define (
"AUTH_LOCAL",1);
26 define (
"AUTH_LDAP",2);
27 define (
"AUTH_RADIUS",3);
28 define (
"AUTH_SCRIPT",4);
29 define (
"AUTH_SHIBBOLETH",5);
30 define (
"AUTH_CAS",6);
31 define (
"AUTH_SOAP",7);
33 define (
"AUTH_HTTP",8);
35 define (
"AUTH_ECS",9);
38 define (
"AUTH_INACTIVE",18);
40 define(
'AUTH_MULTIPLE',20);
42 define(
'AUTH_SOAP_NO_ILIAS_USER', -100);
43 define(
'AUTH_LDAP_NO_ILIAS_USER',-200);
44 define(
'AUTH_RADIUS_NO_ILIAS_USER',-300);
46 define(
'AUTH_MODE_INACTIVE',-1000);
51 define(
'AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
52 define(
'AUTH_CAS_NO_ILIAS_USER', -90);
72 $ilBench->start(
'Auth',
'initAuth');
75 if (!is_object($ilSetting))
77 die (
"Fatal Error: ilAuthUtils::_initAuth called without ilSetting.");
81 if (!is_object($ilDB))
83 die (
"Fatal Error: ilAuthUtils::_initAuth called without ilDB.");
87 if (!is_object($ilClientIniFile))
89 die (
"Fatal Error: ilAuthUtils::_initAuth called without ilClientIniFile.");
94 define (
"AUTH_DEFAULT", $ilSetting->get(
"auth_mode") ? $ilSetting->get(
"auth_mode") :
AUTH_LOCAL);
105 (!isset(
$_SESSION[
'_authsession'][
'registered']) ||
106 $_SESSION[
'_authsession'][
'registered'] !==
true))
109 if ($_POST[
'username'] !=
'' and $_POST[
'password'] !=
'' or isset(
$_GET[
'ecs_hash']))
113 if ($user_auth_mode ==
AUTH_CAS && $ilSetting->get(
"cas_allow_local"))
117 if ($user_auth_mode ==
AUTH_SOAP && $ilSetting->get(
"soap_auth_allow_local"))
121 if ($user_auth_mode ==
AUTH_SHIBBOLETH && $ilSetting->get(
"shib_auth_allow_local"))
129 if (!$ilSetting->get(
"soap_auth_active") && $user_auth_mode ==
AUTH_SOAP)
154 if (($ilSetting->get(
"soap_auth_active") && !empty(
$_GET[
"ext_uid"])
157 include_once(
"Services/SOAPAuth/classes/class.ilSOAPAuth.php");
159 if (!is_object(
$GLOBALS[
'ilSOAPAuth']))
161 $auth_params = array(
162 "server_hostname" => $ilSetting->get(
"soap_auth_server"),
163 "server_port" => $ilSetting->get(
"soap_auth_port"),
164 "server_uri" => $ilSetting->get(
"soap_auth_uri"),
165 "https" => $ilSetting->get(
"soap_auth_use_https"),
166 "namespace" => $ilSetting->get(
"soap_auth_namespace"),
168 'sessionName' =>
"_authhttp".md5($realm),
170 "use_dotnet" => $ilSetting->get(
"soap_auth_use_dotnet")
175 $GLOBALS[
'ilSOAPAuth'] =& $ilSOAPAuth;
179 $ilSOAPAuth =&
$GLOBALS[
'ilSOAPAuth'];
186 else if ( $ilSetting->get(
"shib_active")
187 && $_SERVER[$ilSetting->get(
"shib_login")])
192 else if ($ilSetting->get(
"cas_active") && $_POST[
'username'] ==
'')
194 include_once(
"Services/CAS/classes/class.ilCASAuth.php");
196 if (!is_object(
$GLOBALS[
'ilCASAuth']))
198 $auth_params = array(
200 "server_hostname" => $ilSetting->get(
"cas_server"),
201 "server_port" => $ilSetting->get(
"cas_port"),
202 "server_uri" => $ilSetting->get(
"cas_uri"),
204 'sessionName' =>
"_authhttp".md5($realm)
209 $ilCASAuth =
new ilCASAuth($auth_params);
211 $GLOBALS[
'ilCASAuth'] =& $ilCASAuth;
215 $ilCASAuth =&
$GLOBALS[
'ilCASAuth'];
218 if (
$_GET[
"forceCASLogin"] ==
"1")
220 $ilCASAuth->forceCASAuth();
223 if ($ilCASAuth->checkCASAuth())
229 define (
"AUTH_CURRENT", $user_auth_mode);
235 define (
"AUTH_CURRENT", $user_auth_mode);
250 $authmode = AUTH_CURRENT;
258 require_once(
"Auth/HTTP.php");
259 $auth_params = array();
260 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
261 $auth_params[
'sessionSharing'] =
false;
262 require_once
'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
263 require_once
'Services/LDAP/classes/class.ilLDAPServer.php';
267 $ilAuth =
new Auth_HTTP($authContainer, $auth_params,
"",
false);
268 $ilAuth->setRealm($realm);
273 require_once
'Services/LDAP/classes/class.ilAuthLDAP.php';
274 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
287 require_once(
"Auth/HTTP.php");
288 $auth_params = array();
289 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
290 $auth_params[
'sessionSharing'] =
false;
291 $ilAuth =
new Auth_HTTP(
"RADIUS", $auth_params,
"",
false);
292 $ilAuth->setRealm($realm);
297 $auth_params = array();
298 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
299 include_once(
'./Services/Radius/classes/class.ilAuthRadius.php');
307 $auth_params = array();
308 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
309 $ilAuth =
new ShibAuth($auth_params,
true);
313 $ilAuth =& $ilCASAuth;
314 $ilAuth->forceCASAuth();
318 $ilAuth =& $ilSOAPAuth;
325 require_once(
'./Services/Authentication/classes/class.ilAuthModeDetermination.php');
327 $authModeSequence = array_flip($modeDetermination->getAuthModeSequence());
333 require_once
'Auth/Container/Multiple.php';
334 $multiple_params = array();
336 if (array_key_exists(
AUTH_LDAP, $authModeSequence))
338 require_once
'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
339 require_once
'Services/LDAP/classes/class.ilLDAPServer.php';
340 $container_params = array();
344 $multiple_params[$authModeSequence[
AUTH_LDAP]] = array(
346 'container' => $authContainer,
347 'options' => $container_params
351 if (array_key_exists(
AUTH_LOCAL, $authModeSequence))
353 require_once
'class.ilAuthContainerMDB2.php';
354 $container_params = array();
355 $container_params[
'dsn'] = IL_DSN;
356 $container_params[
'table'] = $ilClientIniFile->readVariable(
"auth",
"table");
357 $container_params[
'usernamecol'] = $ilClientIniFile->readVariable(
"auth",
"usercol");
358 $container_params[
'passwordcol'] = $ilClientIniFile->readVariable(
"auth",
"passcol");
360 $authContainer->setObserversEnabled(
true);
361 $multiple_params[$authModeSequence[
AUTH_LOCAL]] = array(
363 'container' => $authContainer,
364 'options' => $container_params
368 $multipleContainer =
new Auth_Container_Multiple($multiple_params);
371 require_once(
"Auth/HTTP.php");
372 $auth_params = array();
373 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
374 $auth_params[
'sessionSharing'] =
false;
375 $ilAuth =
new Auth_HTTP($multipleContainer, $auth_params,
"",
false);
376 $ilAuth->setRealm($realm);
380 foreach ($multiple_params as $key => $options)
382 $multipleContainer->containers[$key] = $options[
'container'];
383 $options[
'container']->_auth_obj =
$ilAuth;
384 $options[
'container']->setObserversEnabled(
true);
389 require_once(
'./Services/Authentication/classes/class.ilAuthMultiple.php');
394 $auth_params = array();
395 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
396 require_once(
'./Services/WebServices/ECS/classes/class.ilAuthECS.php');
401 require_once(
'./Services/Authentication/classes/class.ilAuthInactive.php');
408 $auth_params = array();
409 $auth_params[
'dsn'] = IL_DSN;
410 $auth_params[
'table'] = $ilClientIniFile->readVariable(
"auth",
"table");
411 $auth_params[
'usernamecol'] = $ilClientIniFile->readVariable(
"auth",
"usercol");
412 $auth_params[
'passwordcol'] = $ilClientIniFile->readVariable(
"auth",
"passcol");
413 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
421 require_once(
"Auth/HTTP.php");
422 require_once
'class.ilAuthContainerMDB2.php';
423 $auth_params[
'sessionSharing'] =
false;
425 $authContainer->setObserversEnabled(
true);
426 $ilAuth =
new Auth_HTTP($authContainer, $auth_params,
"",
false);
427 $ilAuth->setRealm($realm);
432 require_once
'class.ilAuthContainerMDB2.php';
434 $authContainer->setObserversEnabled(
true);
435 $ilAuth =
new Auth($authContainer, $auth_params,
"",
false);
445 $ilAuth->setIdle($ilClientIniFile->readVariable(
"session",
"expire"),
false);
447 $ilAuth->setExpire(0);
453 if(method_exists($ilAuth,
'attachLogObserver'))
455 if(@include_once(
'Log.php'))
457 if(@include_once(
'Log/observer.php'))
459 include_once(
'Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
461 $ilAuth->enableLogging =
true;
467 ini_set(
"session.cookie_lifetime",
"0");
471 $ilBench->stop(
'Auth',
'initAuth');
478 if(isset(
$_GET[
'ecs_hash']))
482 if(isset($_POST[
'auth_mode']))
484 return (
int) $_POST[
'auth_mode'];
487 include_once(
'./Services/Authentication/classes/class.ilAuthModeDetermination.php');
490 if(!$det->isManualSelection())
498 if ($a_db_handler !=
'')
500 $db =& $a_db_handler;
505 $q =
"SELECT auth_mode FROM usr_data WHERE ".
506 "login = ".$ilDB->quote($a_username);
516 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode :
AUTH_INACTIVE;
525 if ($a_db_handler !=
'')
527 $db =& $a_db_handler;
530 switch ($a_auth_mode)
565 $q =
"SELECT value FROM settings WHERE ".
566 "keyword='auth_mode'";
568 $row = $r->fetchRow();
622 'default' => $ilSetting->get(
"auth_mode"),
625 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
630 if ($ilSetting->get(
"radius_active")) $modes[
'radius'] =
AUTH_RADIUS;
631 if ($ilSetting->get(
"shib_active")) $modes[
'shibboleth'] =
AUTH_SHIBBOLETH;
632 if ($ilSetting->get(
"script_active")) $modes[
'script'] =
AUTH_SCRIPT;
633 if ($ilSetting->get(
"cas_active")) $modes[
'cas'] =
AUTH_CAS;
634 if ($ilSetting->get(
"soap_auth_active")) $modes[
'soap'] =
AUTH_SOAP;
636 include_once(
'./Services/WebServices/ECS/classes/class.ilECSSettings.php');
671 $r = $ilDB->query(
"SELECT login FROM usr_data WHERE login = ".
672 $ilDB->quote($c_login));
673 if ($r->numRows() > 0)
676 $c_login = $a_login.$postfix;
689 include_once(
'Services/Radius/classes/class.ilRadiusSettings.php');
692 if($rad_settings->isActive())
696 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
705 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
713 $options[
AUTH_LDAP][
'txt'] = $ldap_server->getName();
715 include_once(
'Services/Radius/classes/class.ilRadiusSettings.php');
717 if($rad_settings->isActive())
719 $options[
AUTH_RADIUS][
'txt'] = $rad_settings->getName();
735 $default = $ilSetting->get(
'default_auth_mode',$default);
736 $default = (int) $_REQUEST[
'auth_mode'] ? (
int) $_REQUEST[
'auth_mode'] : $default;
738 $options[$default][
'checked'] =
true;
739 return $options ? $options : array();
755 if($ilSetting->get(
"cas_active"))
759 if($ilSetting->get(
"soap_auth_active"))
763 if($ilSetting->get(
"shib_active"))
767 if($ilSetting->get(
'radius_active'))
771 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');