ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions
ilCASAuth Class Reference

Class CASAuth. More...

+ Inheritance diagram for ilCASAuth:
+ Collaboration diagram for ilCASAuth:

Public Member Functions

 ilCASAuth ($a_params)
 Constructor public.
 checkCASAuth ()
 check cas autehntication
 forceCASAuth ()
 getCASUser ()
 login ()
 Checks if the current user is authenticated yet public.
 logout ()
 Register variable in a session telling that the user has logged in successfully.
- Public Member Functions inherited from Auth
 Auth ($storageDriver, $options= '', $loginFunction= '', $showLogin=true)
 Constructor.
applyAuthOptions (&$options)
 Set the Auth options.
 _loadStorage ()
 Load Storage Driver if not already loaded.
 assignData ()
 Assign data from login form to internal values.
 start ()
 Start new auth session.
 setExpire ($time, $add=false)
 Set the maximum expire time.
 setIdle ($time, $add=false)
 Set the maximum idle time.
 setSessionName ($name= 'session')
 Set name of the session to a customized value.
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary?
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary?
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object.
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login.
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login.
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout.
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session.
 getAuthData ($name=null)
 Get additional information that is stored in the session.
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully.
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks.
 checkAuth ()
 Checks if there is a session with valid auth information.
 getAuth ()
 Has the user been authenticated?
 updateIdle ()
 Update the idletime.
 getUsername ()
 Get the username.
 getStatus ()
 Get the current status.
 getPostUsernameField ()
 Gets the post varible used for the username.
 getPostPasswordField ()
 Gets the post varible used for the username.
 sessionValidThru ()
 Returns the time up to the session is valid.
 listUsers ()
 List all users that are currently available in the storage container.
 addUser ($username, $password, $additional= '')
 Add user to the storage container.
 removeUser ($username)
 Remove user from the storage container.
 changePassword ($username, $password)
 Change password for user in the storage container.
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system.
 _loadLogger ()
 Load Log object if not already loaded.
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source.
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled?
- Public Member Functions inherited from ilAuthBase
 supportRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
 getContainer ()
 Get container object.

Additional Inherited Members

- Static Public Member Functions inherited from Auth
_factory ($driver, $options= '')
 Return a storage driver based on $driver and $options.
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information.
- Data Fields inherited from Auth
 $expire = 0
 $expired = false
 $idle = 0
 $idled = false
 $storage = ''
 $loginFunction = ''
 $showLogin = true
 $allowLogin = true
 $status = ''
 $username = ''
 $password = ''
 $checkAuthCallback = ''
 $loginCallback = ''
 $loginFailedCallback = ''
 $logoutCallback = ''
 $_sessionName = '_authsession'
 $version = "@version@"
 $advancedsecurity = false
 $_postUsername = 'username'
 $_postPassword = 'password'
 $session
 $server
 $post
 $cookie
 $authdata
 $authChecks = 0
 $logger = null
 $enableLogging = false
 $regenerateSessionId = false
- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks...
 loginObserver ($a_username, $a_auth)
 Called after successful login.
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request.
 logoutObserver ($a_username, $a_auth)
 Called after logout.
- Protected Attributes inherited from ilAuthBase
 $sub_status = null

Detailed Description

Class CASAuth.

CAS Authentication class.

Definition at line 37 of file class.ilCASAuth.php.

Member Function Documentation

ilCASAuth::checkCASAuth ( )

check cas autehntication

can be called before forceAuthentication, but forceAuthentication must be called afterwards

Definition at line 72 of file class.ilCASAuth.php.

References $PHPCAS_CLIENT.

{
global $PHPCAS_CLIENT;
return $PHPCAS_CLIENT->isAuthenticated();
}
ilCASAuth::forceCASAuth ( )

Definition at line 79 of file class.ilCASAuth.php.

References phpCAS\forceAuthentication().

{
phpCAS::forceAuthentication();
}

+ Here is the call graph for this function:

ilCASAuth::getCASUser ( )

Definition at line 84 of file class.ilCASAuth.php.

References phpCAS\getUser().

{
return phpCAS::getUser();
}

+ Here is the call graph for this function:

ilCASAuth::ilCASAuth (   $a_params)

Constructor public.

Definition at line 43 of file class.ilCASAuth.php.

References Auth\Auth(), CAS_VERSION_2_0, phpCAS\client(), and phpCAS\setDebug().

{
if ($a_params["sessionName"] != "")
{
parent::Auth("", array("sessionName" => $a_params["sessionName"]));
}
else
{
parent::Auth("");
}
include_once("./Services/CAS/lib/CAS/CAS.php");
$this->server_version = CAS_VERSION_2_0;
$this->server_hostname = $a_params["server_hostname"];
$this->server_port = (int) $a_params["server_port"];
$this->server_uri = $a_params["server_uri"];
phpCAS::setDebug();
//echo "-".$_GET['ticket']."-"; exit;
phpCAS::client($this->server_version, $this->server_hostname,
$this->server_port, (string) $this->server_uri);
}

+ Here is the call graph for this function:

ilCASAuth::login ( )

Checks if the current user is authenticated yet public.

Returns
boolean true if user is authenticated Set the maximum idle time
Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void public Set the maximum expire time
Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void public Checks if there is a session with valid auth information.

private

Returns
boolean Whether or not the user is authenticated. Start new auth session

public

Returns
void Login function

private

Returns
void

Reimplemented from Auth.

Definition at line 213 of file class.ilCASAuth.php.

References $ilSetting, Auth\$username, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, phpCAS\getUser(), IL_PASSWD_MD5, logout(), and Auth\setAuth().

{
global $ilias, $rbacadmin, $ilSetting;
if (phpCAS::getUser() != "")
{
$username = phpCAS::getUser();
// Authorize this user
include_once('./Services/User/classes/class.ilObjUser.php');
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "")
{
$this->setAuth($local_user);
}
else
{
if (!$ilSetting->get("cas_create_users"))
{
$this->status = AUTH_CAS_NO_ILIAS_USER;
$this->logout();
return;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(6);
$userObj->create();
$userObj->setActive(1, 6);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
unset($userObj);
$this->setAuth($local_user);
}
}
else
{
// This should never occur unless CAS is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}

+ Here is the call graph for this function:

ilCASAuth::logout ( )

Register variable in a session telling that the user has logged in successfully.

public

Parameters
stringUsername
Returns
void Logout function

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

public

Returns
void

Reimplemented from Auth.

Definition at line 341 of file class.ilCASAuth.php.

Referenced by login().

{
parent::logout();
//PHPCAS::logout(); // CAS logout should be provided separately
// maybe on ILISA login screen
}

+ Here is the caller graph for this function:

The documentation for this class was generated from the following file: