ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthContainerCAS Class Reference

CAS authentication More...

+ Inheritance diagram for ilAuthContainerCAS:
+ Collaboration diagram for ilAuthContainerCAS:

Public Member Functions

 __construct ()
 forceAuthentication ($username, $status, $auth)
 Force CAS authentication.
 loginObserver ($a_username, $a_auth)
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor.
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password.
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication.
 getCryptType ()
 Returns the crypt current crypt type of the container.
 listUsers ()
 List all users that are available from the storage container.
 getUser ($username)
 Returns a user assoc array.
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container.
 removeUser ($username)
 Remove user from the storage container.
 changePassword ($username, $password)
 Change password for user in the storage container.
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log.
- Public Member Functions inherited from ilAuthContainerBase
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests.
 logoutObserver ($a_username, $a_auth)
 Called after logout.
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form.

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source.
 initCAS ()

Protected Attributes

 $server_version = null
 $server_hostname = null
 $server_port = null
 $server_uri = null

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container.
 $_auth_obj = null
 The Auth object this container is attached to.

Detailed Description

CAS authentication

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 14 of file class.ilAuthContainerCAS.php.

Constructor & Destructor Documentation

ilAuthContainerCAS::__construct ( )

Definition at line 26 of file class.ilAuthContainerCAS.php.

References initCAS().

{
parent::__construct();
$this->initCAS();
}

+ Here is the call graph for this function:

Member Function Documentation

ilAuthContainerCAS::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)
Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Reimplemented from Auth_Container.

Definition at line 208 of file class.ilAuthContainerCAS.php.

References $ilLog, and $PHPCAS_CLIENT.

{
global $PHPCAS_CLIENT,$ilLog;
$ilLog->write(__METHOD__.': Fetch Data called');
return $PHPCAS_CLIENT->isAuthenticated();
}
ilAuthContainerCAS::forceAuthentication (   $username,
  $status,
  $auth 
)

Force CAS authentication.

Returns
Parameters
object$username
object$status
object$auth

Definition at line 39 of file class.ilAuthContainerCAS.php.

References $ilLog, and $PHPCAS_CLIENT.

{
global $PHPCAS_CLIENT,$ilLog;
if(!$PHPCAS_CLIENT->isAuthenticated())
{
$PHPCAS_CLIENT->forceAuthentication();
}
}
ilAuthContainerCAS::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 157 of file class.ilAuthContainerCAS.php.

References $GLOBALS, $server, AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilUtil\redirect(), and ilLDAPUserSynchronisation\setExternalAccount().

Referenced by loginObserver().

{
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
$server = ilLDAPServer::getInstanceByServerId(
ilLDAPServer::getDataSource(AUTH_CAS)
);
$GLOBALS['ilLog']->write(__METHOD__.' Using ldap data source for user: '.$ext_account);
include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
$sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
$sync->setExternalAccount($ext_account);
$sync->setUserData(array());
#$sync->forceCreation($this->force_creation);
// TODO: Check this
$sync->forceCreation(true);
try {
$internal_account = $sync->sync();
}
catch(UnexpectedValueException $e) {
$GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
$a_auth->status = AUTH_WRONG_LOGIN;
$a_auth->logout();
return false;
}
catch(ilLDAPSynchronisationForbiddenException $e) {
// No syncronisation allowed => create Error
$GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
catch(ilLDAPAccountMigrationRequiredException $e) {
$GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
$a_auth->logout();
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
$a_auth->setAuth($internal_account);
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerCAS::initCAS ( )
protected

Definition at line 216 of file class.ilAuthContainerCAS.php.

References $ilSetting, CAS_VERSION_2_0, phpCAS\client(), phpCAS\setDebug(), and phpCAS\setNoCasServerValidation().

Referenced by __construct().

{
global $ilSetting;
include_once("./Services/CAS/lib/CAS.php");
$this->server_version = CAS_VERSION_2_0;
$this->server_hostname = $ilSetting->get('cas_server');
$this->server_port = (int) $ilSetting->get('cas_port');
$this->server_uri = (string) $ilSetting->get('cas_uri');
phpCAS::setDebug();
phpCAS::client(
$this->server_version,
$this->server_hostname,
$this->server_port,
$this->server_uri
);
phpCAS::setNoCasServerValidation();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerCAS::loginObserver (   $a_username,
  $a_auth 
)
See Also
ilAuthContainerBase::loginObserver()

Reimplemented from ilAuthContainerBase.

Definition at line 52 of file class.ilAuthContainerCAS.php.

References $ilLog, $ilSetting, $PHPCAS_CLIENT, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, handleLDAPDataSource(), IL_PASSWD_MD5, and ilLDAPServer\isDataSourceActive().

{
global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
$ilLog->write(__METHOD__.': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if(ilLDAPServer::isDataSourceActive(AUTH_CAS))
{
return $this->handleLDAPDataSource($a_auth,$a_username);
}
include_once("./Services/CAS/lib/CAS.php");
if ($PHPCAS_CLIENT->getUser() != "")
{
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__.': Username: '.$username);
// Authorize this user
include_once('./Services/User/classes/class.ilObjUser.php');
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "")
{
$a_auth->setAuth($local_user);
}
else
{
if (!$ilSetting->get("cas_create_users"))
{
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
}
else
{
$ilLog->write(__METHOD__.': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}

+ Here is the call graph for this function:

Field Documentation

ilAuthContainerCAS::$server_hostname = null
protected

Definition at line 19 of file class.ilAuthContainerCAS.php.

ilAuthContainerCAS::$server_port = null
protected

Definition at line 20 of file class.ilAuthContainerCAS.php.

ilAuthContainerCAS::$server_uri = null
protected

Definition at line 21 of file class.ilAuthContainerCAS.php.

ilAuthContainerCAS::$server_version = null
protected

Definition at line 18 of file class.ilAuthContainerCAS.php.

The documentation for this class was generated from the following file: