Class Shibboleth. More...
Public Member Functions | |
| ShibAuth ($authParams, $updateUserData=false) | |
| Constructor public. | |
| getAuth () | |
| Checks if the current user is authenticated yet public. | |
| setIdle ($time, $add=false) | |
| Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. | |
| setExpire ($time, $add=false) | |
| Set the maximum expire time. | |
| checkAuth () | |
| Checks if there is a session with valid auth information. | |
| start () | |
| Start new auth session. | |
| login () | |
| Login function. | |
| setAuth ($username) | |
| Register variable in a session telling that the user has logged in successfully. | |
| logout () | |
| Logout function. | |
| getUsername () | |
| Get the username. | |
| getStatus () | |
| Get the current status. | |
| & | _importGlobalVariable ($variable) |
| Import variables from special namespaces. | |
| generateLogin () | |
| Automatically generates the username of a Shibboleth user or returns the user's already existing username. | |
| checkMapping ($login) | |
| Checks whether a specific username is already used by a user. | |
Data Fields | |
| $username | |
| $_sessionName = '_authsession' | |
| $status = '' | |
| $expire = 0 | |
| $idle = 0 | |
| $idled = false | |
Detailed Description
Class Shibboleth.
This class provides basic functionality for Shibboleth authentication It basically implements the functions of the class PEAR::AUTH which are used in other Ilias authentication methods
Definition at line 38 of file class.ilShibboleth.php.
Member Function Documentation
| & ShibAuth::_importGlobalVariable | ( | $ | variable | ) |
Import variables from special namespaces.
private
- Parameters:
-
string Type of variable (server, session, post)
- Returns:
- array
Definition at line 489 of file class.ilShibboleth.php.
References $_COOKIE, $_GET, $_POST, $_SESSION, and $GLOBALS.
Referenced by checkAuth(), getAuth(), getUsername(), logout(), and setAuth().
{
$var = null;
switch (strtolower($variable)) {
case 'server' :
if (isset($_SERVER)) {
$var = &$_SERVER;
} else {
$var = &$GLOBALS['HTTP_SERVER_VARS'];
}
break;
case 'session' :
if (isset($_SESSION)) {
$var = &$_SESSION;
} else {
$var = &$GLOBALS['HTTP_SESSION_VARS'];
}
break;
case 'post' :
if (isset($_POST)) {
$var = &$_POST;
} else {
$var = &$GLOBALS['HTTP_POST_VARS'];
}
break;
case 'cookie' :
if (isset($_COOKIE)) {
$var = &$_COOKIE;
} else {
$var = &$GLOBALS['HTTP_COOKIE_VARS'];
}
break;
case 'get' :
if (isset($_GET)) {
$var = &$_GET;
} else {
$var = &$GLOBALS['HTTP_GET_VARS'];
}
break;
default:
break;
}
return $var;
}
Here is the caller graph for this function:
| ShibAuth::checkAuth | ( | ) |
Checks if there is a session with valid auth information.
private
- Returns:
- boolean Whether or not the user is authenticated.
Definition at line 165 of file class.ilShibboleth.php.
References _importGlobalVariable(), and logout().
Referenced by start().
{
$session = &$this->_importGlobalVariable('session');
if (isset($session[$this->_sessionName])) {
// Check if authentication session is expired
if ($this->expire > 0 &&
isset($session[$this->_sessionName]['timestamp']) &&
($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
$this->logout();
$this->expired = true;
$this->status = AUTH_EXPIRED;
return false;
}
// Check if maximum idle time is reached
if ($this->idle > 0 &&
isset($session[$this->_sessionName]['idle']) &&
($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
$this->logout();
$this->idled = true;
$this->status = AUTH_IDLED;
return false;
}
if (isset($session[$this->_sessionName]['registered']) &&
isset($session[$this->_sessionName]['username']) &&
$session[$this->_sessionName]['registered'] == true &&
$session[$this->_sessionName]['username'] != '') {
Auth::updateIdle();
return true;
}
}
return false;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::checkMapping | ( | $ | login | ) |
Checks whether a specific username is already used by a user.
private
- Parameters:
-
bool True if a username is already taken
- Returns:
- array
Definition at line 601 of file class.ilShibboleth.php.
References $ilias.
Referenced by generateLogin().
{
global $ilias;
// Check if username already exists
$r = $ilias->db->query("SELECT passwd FROM usr_data WHERE login='".$login."'");
//query has got a result
if ($r->numRows() > 0)
{
return true;
}
else
{
return false;
}
}
Here is the caller graph for this function:
| ShibAuth::generateLogin | ( | ) |
Automatically generates the username of a Shibboleth user or returns the user's already existing username.
private
- Parameters:
-
string Type of variable. This must be the unique ID of a Shibboleth user string The user's lastname string The user's firstname
- Returns:
- array
Definition at line 553 of file class.ilShibboleth.php.
References $data, $ilias, and checkMapping().
Referenced by login().
{
global $ilias;
$shibID = $_SERVER[$ilias->getSetting('shib_login')];
$lastname = $_SERVER[$ilias->getSetting('shib_lastname')];
$firstname = $_SERVER[$ilias->getSetting('shib_firstname')];
// We use the passwd field as mapping attribute for Shibboleth users
// because they don't need a password
$r = $ilias->db->query("SELECT login FROM usr_data WHERE passwd='".$shibID."'");
//query has got a result
if ($r->numRows() > 0)
{
$data = $r->fetchRow();
return $data[0];
}
// Generate new username
// This can be overruled by the data conversion API but you have
// to do it yourself in that case
$prefix = $firstname." ".$lastname;
if (!$this->checkMapping($prefix))
{
return $prefix;
}
// Add a number as prefix if the username already is taken
$number = 2;
$prefix .= " ";
while ($this->checkMapping($prefix.$number))
{
$number++;
}
return $prefix.$number;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::getAuth | ( | ) |
Checks if the current user is authenticated yet public.
- Returns:
- boolean true if user is authenticated
Definition at line 111 of file class.ilShibboleth.php.
References _importGlobalVariable().
{
$session = &$this->_importGlobalVariable('session');
if (!empty($session) &&
(isset($session[$this->_sessionName]['registered']) &&
$session[$this->_sessionName]['registered'] === true))
{
return true;
} else {
return false;
}
}
Here is the call graph for this function:
| ShibAuth::getStatus | ( | ) |
Get the current status.
public
- Returns:
- string
Definition at line 476 of file class.ilShibboleth.php.
References $status.
{
return $status;
}
| ShibAuth::getUsername | ( | ) |
Get the username.
public
- Returns:
- string
Definition at line 461 of file class.ilShibboleth.php.
References _importGlobalVariable().
{
$session = &$this->_importGlobalVariable('session');
if (!isset($session[$this->_sessionName]['username'])) {
return '';
}
return $session[$this->_sessionName]['username'];
}
Here is the call graph for this function:
| ShibAuth::login | ( | ) |
Login function.
private
- Returns:
- void
Definition at line 229 of file class.ilShibboleth.php.
References $ilias, $rbacadmin, $username, generateLogin(), loginExists(), and setAuth().
{
global $ilias, $rbacadmin;
if (!empty($_SERVER[$ilias->getSetting('shib_login')]))
{
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!loginExists($username))
{
$newUser["firstname"] = $_SERVER[$ilias->getSetting('shib_firstname')];
$newUser["lastname"] = $_SERVER[$ilias->getSetting('shib_lastname')];
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = rand();
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
if (
$ilias->getSetting('shib_update_gender')
&& ($_SERVER[$ilias->getSetting('shib_gender')] == 'm'
|| $_SERVER[$ilias->getSetting('shib_gender')] =='f')
)
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $_SERVER[$ilias->getSetting('shib_phone_office')];
$newUser["phone_home"] = $_SERVER[$ilias->getSetting('shib_phone_home')];
$newUser["phone_mobile"] = $_SERVER[$ilias->getSetting('shib_phone_mobile')];
$newUser["fax"] = $_SERVER[$ilias->getSetting('shib_fax')];
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $_SERVER[$ilias->getSetting('shib_email')];
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ( $ilias->getSetting('shib_data_conv')
&& $ilias->getSetting('shib_data_conv') != ''
&& is_readable($ilias->getSetting('shib_data_conv'))
)
{
include($ilias->getSetting('shib_data_conv'));
}
// Create use in DB
$userObj->create();
$userObj->setActive(1, 6);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// setup user preferences
$userObj->writePrefs();
//set role entries
$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
// Save mapping
// We save this mapping directly to prevent this value getting hashed
// That way local users cannot login using the Shibboleth unique login ID as password
$ilias->db->query("UPDATE usr_data SET passwd='".$_SERVER[$ilias->getSetting('shib_login')]."' WHERE login='".$username."'");
unset($userObj);
}
else
{
// Update user account
$userObj->checkUserId();
$userObj->read();
if (
$ilias->getSetting('shib_update_gender')
&& ($_SERVER[$ilias->getSetting('shib_gender')] == 'm'
|| $_SERVER[$ilias->getSetting('shib_gender')] =='f')
)
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
if ($ilias->getSetting('shib_update_title'))
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
$userObj->setFirstname($_SERVER[$ilias->getSetting('shib_firstname')]);
$userObj->setLastname($_SERVER[$ilias->getSetting('shib_lastname')]);
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution'))
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
if ($ilias->getSetting('shib_update_department'))
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
if ($ilias->getSetting('shib_update_street'))
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
if ($ilias->getSetting('shib_update_city'))
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
if ($ilias->getSetting('shib_update_zipcode'))
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
if ($ilias->getSetting('shib_update_country'))
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
if ($ilias->getSetting('shib_update_phone_office'))
$userObj->setPhoneOffice($_SERVER[$ilias->getSetting('shib_phone_office')]);
if ($ilias->getSetting('shib_update_phone_home'))
$userObj->setPhoneHome($_SERVER[$ilias->getSetting('shib_phone_home')]);
if ($ilias->getSetting('shib_update_phone_mobile'))
$userObj->setPhoneMobile($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
if ($ilias->getSetting('shib_update_fax'))
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
if ($ilias->getSetting('shib_update_matriculation'))
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
if ($ilias->getSetting('shib_update_email'))
$userObj->setEmail($_SERVER[$ilias->getSetting('shib_email')]);
if ($ilias->getSetting('shib_update_hobby'))
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
if ($ilias->getSetting('shib_update_language'))
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ( $ilias->getSetting('shib_data_conv')
&& $ilias->getSetting('shib_data_conv') != ''
&& is_readable($ilias->getSetting('shib_data_conv'))
)
{
include($ilias->getSetting('shib_data_conv'));
}
$userObj->update();
}
}
else
{
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
Here is the call graph for this function:
| ShibAuth::logout | ( | ) |
Logout function.
This function clears any auth tokens in the currently active session and executes the logout callback function, if any
public
- Returns:
- void
Definition at line 440 of file class.ilShibboleth.php.
References $_SESSION, and _importGlobalVariable().
Referenced by checkAuth().
{
$session = &$this->_importGlobalVariable('session');
$this->username = '';
$session[$this->_sessionName] = array();
if (isset($_SESSION)) {
unset($session[$this->_sessionName]);
} else {
session_unregister($this->_sessionName);
}
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::setAuth | ( | $ | username | ) |
Register variable in a session telling that the user has logged in successfully.
public
- Parameters:
-
string Username
- Returns:
- void
Definition at line 409 of file class.ilShibboleth.php.
References $_SESSION, $username, and _importGlobalVariable().
Referenced by login().
{
$session = &Auth::_importGlobalVariable('session');
if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
session_register($this->_sessionName);
}
if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
$session[$this->_sessionName] = array();
}
if(!isset($session[$this->_sessionName]['data'])){
$session[$this->_sessionName]['data'] = array();
}
$session[$this->_sessionName]['registered'] = true;
$session[$this->_sessionName]['username'] = $username;
$session[$this->_sessionName]['timestamp'] = time();
$session[$this->_sessionName]['idle'] = time();
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ShibAuth::setExpire | ( | $ | time, | |
| $ | add = false | |||
| ) |
Set the maximum expire time.
public
- Parameters:
-
integer time in seconds bool add time to current expire time or not
- Returns:
- void
Definition at line 150 of file class.ilShibboleth.php.
References $add.
{
if ($add) {
$this->expire += $time;
} else {
$this->expire = $time;
}
}
| ShibAuth::setIdle | ( | $ | time, | |
| $ | add = false | |||
| ) |
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
- Parameters:
-
integer obj_id of role (role_id) integer ref_id of role folder (ref_id)
- Returns:
- boolean true on success
Definition at line 132 of file class.ilShibboleth.php.
References $add.
{
if ($add) {
$this->idle += $time;
} else {
$this->idle = $time;
}
}
| ShibAuth::ShibAuth | ( | $ | authParams, | |
| $ | updateUserData = false | |||
| ) |
Constructor public.
Definition at line 95 of file class.ilShibboleth.php.
{
$this->updateUserData = $updateUserData;
if (!empty($authParams['sessionName'])) {
$this->_sessionName = $authParams['sessionName'];
unset($authParams['sessionName']);
}
}
| ShibAuth::start | ( | ) |
Start new auth session.
public
- Returns:
- void
Definition at line 214 of file class.ilShibboleth.php.
References checkAuth().
{
@session_start();
if (!$this->checkAuth()) {
//$this->login();
}
}
Here is the call graph for this function:
Field Documentation
| ShibAuth::$_sessionName = '_authsession' |
Definition at line 52 of file class.ilShibboleth.php.
| ShibAuth::$expire = 0 |
Definition at line 69 of file class.ilShibboleth.php.
| ShibAuth::$idle = 0 |
Definition at line 81 of file class.ilShibboleth.php.
| ShibAuth::$idled = false |
Definition at line 89 of file class.ilShibboleth.php.
| ShibAuth::$status = '' |
Definition at line 59 of file class.ilShibboleth.php.
Referenced by getStatus().
| ShibAuth::$username |
Definition at line 45 of file class.ilShibboleth.php.
The documentation for this class was generated from the following file:
- classes/class.ilShibboleth.php
