50 $this->tabs_gui = $ilTabs;
52 $this->lng->loadLanguageModule(
'shib');
55 $this->ref_id = $a_auth_ref_id;
67 $next_class = $this->ctrl->getNextClass($this);
68 $cmd = $this->ctrl->getCmd();
69 if (! $ilAccess->checkAccess(
'read',
'', $this->ref_id)) {
70 $ilErr->raiseError($this->lng->txt(
'msg_no_perm_read'), $ilErr->WARNING);
72 if (! $ilAccess->checkAccess(
'write',
'', $this->ref_id) &&
$cmd !=
"settings") {
74 $ilCtrl->redirect($this,
"settings");
77 switch ($next_class) {
92 $this->tabs_gui->setSubTabActive(
'shib_settings');
94 $settings = $this->ilias->getAllSettings();
96 $role_list = $rbacreview->getRolesByFilter(2);
98 if (! isset($settings[
"shib_user_default_role"])) {
99 $settings[
"shib_user_default_role"] = 4;
101 if (! isset($settings[
"shib_idp_list"]) || $settings[
"shib_idp_list"] ==
'') {
102 $settings[
"shib_idp_list"] =
"urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
104 if (! isset($settings[
"shib_login_button"]) || $settings[
"shib_login_button"] ==
'') {
105 $settings[
"shib_login_button"] =
"templates/default/images/shib_login_button.png";
107 if (! isset($settings[
"shib_hos_type"]) || $settings[
"shib_hos_type"] ==
'') {
108 $settings[
"shib_hos_type"] =
'internal_wayf';
110 foreach ($role_list as
$data) {
111 $role[$data[
"obj_id"]] = $data[
"title"];
114 $shib_settings = array(
131 'shib_matriculation',
134 include_once(
"./Services/Form/classes/class.ilPropertyFormGUI.php");
136 $propertys->setTitle($this->lng->txt(
"shib"));
137 $propertys->setFormAction($this->ctrl->getFormAction($this,
"save"));
138 $propertys->addCommandButton(
"save", $this->lng->txt(
"save"));
139 $propertys->addCommandButton(
"settings", $this->lng->txt(
"cancel"));
142 $enable->setTitle($this->lng->txt(
"shib_active"));
143 $read_me_link =
"./Services/AuthShibboleth/README.SHIBBOLETH.txt";
144 $info =
"<a href='" . $read_me_link .
"' target='_blank'>" . $this->lng->txt(
"auth_shib_instructions") .
"</a>";
145 $enable->setInfo($info);
146 $enable->setPostVar(
"shib[active]");
147 $enable->setChecked($settings[
"shib_active"]);
150 $local->setTitle($this->lng->txt(
"auth_allow_local"));
151 $local->setPostVar(
"shib[auth_allow_local]");
152 $local->setChecked($settings[
'shib_auth_allow_local']);
155 $defaultrole->setTitle($this->lng->txt(
"shib_user_default_role"));
156 $defaultrole->setPostVar(
"shib[user_default_role]");
157 $defaultrole->setOptions($role);
158 $defaultrole->setRequired(
true);
159 $defaultrole->setValue($settings[
"shib_user_default_role"]);
162 $name->setTitle($this->lng->txt(
"shib_federation_name"));
163 $name->setPostVar(
"shib[federation_name]");
165 $name->setMaxLength(50);
166 $name->setRequired(
true);
167 $name->setValue(stripslashes($settings[
"shib_federation_name"]));
169 include_once(
"./Services/Form/classes/class.ilRadioGroupInputGUI.php");
170 include_once(
"./Services/Form/classes/class.ilRadioOption.php");
172 $organize->setTitle($this->lng->txt(
"shib_login_type"));
173 $organize->setPostVar(
"shib[hos_type]");
174 $organize->setRequired(
true);
175 $organize->setValue($settings[
"shib_hos_type"]);
178 $internalwayf->setTitle($this->lng->txt(
"shib_login_internal_wayf"));
179 $internalwayf->setValue(
"internal_wayf");
182 $idplist->setInfo($this->lng->txt(
"shib_idp_list"));
183 $idplist->setPostVar(
"shib[idp_list]");
184 $idplist->setRows(3);
185 $idplist->setCols(50);
186 $idplist->setValue($settings[
"shib_idp_list"]);
189 $externalwayf->setTitle($this->lng->txt(
"shib_login_external_wayf"));
190 $externalwayf->setValue(
"external_wayf");
193 $loginbutton->setInfo($this->lng->txt(
"shib_login_button"));
194 $loginbutton->setPostVar(
"shib[login_button]");
195 $loginbutton->setSize(50);
196 $loginbutton->setMaxLength(255);
197 $loginbutton->setValue($settings[
"shib_login_button"]);
200 $embeddedwayf->setTitle($this->lng->txt(
"shib_login_embedded_wayf"));
201 $embeddedwayf->setInfo($this->lng->txt(
"shib_login_embedded_wayf_description"));
202 $embeddedwayf->setValue(
"embedded_wayf");
205 $logininstruction->setTitle($this->lng->txt(
"auth_login_instructions"));
206 $logininstruction->setPostVar(
"shib[login_instructions]");
207 $logininstruction->setRows(3);
208 $logininstruction->setCols(50);
209 $logininstruction->setValue(stripslashes($settings[
"shib_login_instructions"]));
212 $dataconv->setTitle($this->lng->txt(
"shib_data_conv"));
213 $dataconv->setPostVar(
"shib[data_conv]");
214 $dataconv->setSize(80);
215 $dataconv->setMaxLength(512);
216 $dataconv->setValue($settings[
"shib_data_conv"]);
219 foreach ($shib_settings as $setting) {
220 $field = ereg_replace(
'shib_',
'', $setting);
222 $textinput->setTitle($this->lng->txt($setting));
223 $textinput->setPostVar(
"shib[" . $field .
"]");
224 $textinput->setValue($settings[$setting]);
225 $textinput->setSize(40);
226 $textinput->setMaxLength(50);
228 $checkinput->setOptionTitle($this->lng->txt(
"shib_update"));
229 $checkinput->setPostVar(
"shib[update_" . $field .
"]");
230 $checkinput->setChecked($settings[
"shib_update_" . $field]);
231 if ($setting ==
'shib_login' || $setting ==
'shib_title' || $setting ==
'shib_firstname'
232 || $setting ==
'shib_lastname'
233 || $setting ==
'shib_email'
235 $textinput->setRequired(
true);
237 $fields[$setting] = array(
"text" => $textinput,
"check" => $checkinput );
239 $propertys->addItem($enable);
240 $propertys->addItem($local);
241 $propertys->addItem($defaultrole);
242 $propertys->addItem($name);
243 $internalwayf->addSubItem($idplist);
244 $organize->addOption($internalwayf);
245 $externalwayf->addSubItem($loginbutton);
246 $organize->addOption($externalwayf);
247 $organize->addOption($embeddedwayf);
248 $propertys->addItem($organize);
249 $propertys->addItem($logininstruction);
250 $propertys->addItem($dataconv);
251 foreach ($shib_settings as $setting) {
252 $propertys->addItem($fields[$setting][
"text"]);
253 if ($setting !=
"shib_login") {
254 $propertys->addItem($fields[$setting][
"check"]);
257 $this->tpl->setContent($propertys->getHTML());
264 if (!
$_POST[
"shib"][
"login"]
265 or !
$_POST[
"shib"][
"hos_type"]
266 or !
$_POST[
"shib"][
"firstname"]
267 or !
$_POST[
"shib"][
"lastname"]
268 or !
$_POST[
"shib"][
"email"]
269 or !
$_POST[
"shib"][
"user_default_role"]
270 or !
$_POST[
"shib"][
"federation_name"]
272 $this->ilias->raiseError($this->lng->txt(
"fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
275 if (
$_POST[
"shib"][
"data_conv"]
276 and
$_POST[
"shib"][
"data_conv"] !=
''
277 and ! is_readable(
$_POST[
"shib"][
"data_conv"])
279 $this->ilias->raiseError($this->lng->txt(
"shib_data_conv_warning"), $this->ilias->error_obj->MESSAGE);
282 $shib_settings = array(
301 foreach ($shib_settings as $setting) {
302 $field = ereg_replace(
'shib_',
'', $setting);
303 if (
$_POST[
"shib"][
"update_" . $field] !=
"1") {
304 $_POST[
"shib"][
"update_" . $field] =
"0";
306 $this->ilias->setSetting($setting, trim(
$_POST[
"shib"][$field]));
307 $this->ilias->setSetting(
"shib_update_" . $field,
$_POST[
"shib"][
"update_" . $field]);
309 if (
$_POST[
"shib"][
"active"] !=
"1") {
310 $this->ilias->setSetting(
"shib_active",
"0");
312 $this->ilias->setSetting(
"shib_active",
"1");
314 $this->ilias->setSetting(
"shib_user_default_role",
$_POST[
"shib"][
"user_default_role"]);
315 $this->ilias->setSetting(
"shib_hos_type",
$_POST[
"shib"][
"hos_type"]);
316 $this->ilias->setSetting(
"shib_federation_name",
$_POST[
"shib"][
"federation_name"]);
317 $this->ilias->setSetting(
"shib_idp_list",
$_POST[
"shib"][
"idp_list"]);
318 $this->ilias->setSetting(
"shib_login_instructions",
$_POST[
"shib"][
"login_instructions"]);
319 $this->ilias->setSetting(
"shib_login_button",
$_POST[
"shib"][
"login_button"]);
320 $this->ilias->setSetting(
"shib_data_conv",
$_POST[
"shib"][
"data_conv"]);
321 $this->ilias->setSetting(
"shib_auth_allow_local", (
$_POST[
'shib'][
'auth_allow_local'] ==
'1') ?
'1' :
'0');
323 $this->ctrl->redirect($this,
'settings');
328 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
330 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.shib_role_assignment.html',
'Services/AuthShibboleth');
331 $this->tpl->setVariable(
'NEW_RULE_TABLE', $this->form->getHTML());
333 $this->tpl->setVariable(
'RULE_TABLE', $html);
341 include_once(
'./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
345 include_once(
'./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
347 $rules_table->setTitle($this->lng->txt(
'shib_rules_tables'));
348 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
349 $rules_table->addMultiCommand(
"confirmDeleteRules", $this->lng->txt(
"delete"));
350 $rules_table->setSelectAllCheckbox(
"rule_id");
352 return $rules_table->getHTML();
365 if (! is_array(
$_POST[
'rule_ids'])) {
371 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
372 include_once(
"Services/Utilities/classes/class.ilConfirmationGUI.php");
375 $c_gui->setFormAction($this->ctrl->getFormAction($this,
"deleteRules"));
376 $c_gui->setHeaderText($this->lng->txt(
"shib_confirm_del_role_ass"));
377 $c_gui->setCancel($this->lng->txt(
"cancel"),
"roleAssignment");
378 $c_gui->setConfirm($this->lng->txt(
"confirm"),
"deleteRules");
380 include_once(
'Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
381 foreach (
$_POST[
"rule_ids"] as $rule_id) {
385 $info .= $rule->conditionToString();
387 $c_gui->addItem(
'rule_ids[]', $rule_id, $info);
389 $this->tpl->setContent($c_gui->getHTML());
400 if (! is_array(
$_POST[
'rule_ids'])) {
406 include_once(
'Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
407 foreach (
$_POST[
"rule_ids"] as $rule_id) {
419 include_once(
'./Services/Form/classes/class.ilPropertyFormGUI.php');
421 $this->form->setFormAction($this->ctrl->getFormAction($this,
'cancel'));
422 $this->form->setTitle($this->lng->txt(
'shib_role_ass_table'));
423 if ($a_mode ==
'default') {
424 $this->form->setTitle($this->lng->txt(
'shib_role_ass_table'));
425 $this->form->addCommandButton(
'addRoleAssignmentRule', $this->lng->txt(
'shib_new_rule'));
426 $this->form->addCommandButton(
'settings', $this->lng->txt(
'cancel'));
428 $this->form->setTitle($this->lng->txt(
'shib_update_role_ass_table'));
429 $this->form->addCommandButton(
'updateRoleAssignmentRule', $this->lng->txt(
'save'));
430 $this->form->addCommandButton(
'roleAssignment', $this->lng->txt(
'cancel'));
435 $global =
new ilRadioOption($this->lng->txt(
'shib_global_role'), 0);
436 $role->addOption($global);
439 $global->addSubItem($role_select);
440 $local =
new ilRadioOption($this->lng->txt(
'shib_local_role'), 1);
441 $role->addOption($local);
442 include_once
'./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
444 $role_search->setSize(40);
445 $local->addSubItem($role_search);
446 include_once
'./Services/AccessControl/classes/class.ilRoleAutoComplete.php';
447 $role->setInfo($this->lng->txt(
'shib_role_name_info'));
448 $this->form->addItem($role);
451 $update->
setValue($this->lng->txt(
'shib_check_role_assignment'));
453 $add->setOptionTitle($this->lng->txt(
'shib_add_missing'));
455 $update->addSubItem($add);
457 $remove->setOptionTitle($this->lng->txt(
'shib_remove_deprecated'));
458 $remove->setValue(1);
459 $update->addSubItem($remove);
460 $this->form->addItem($update);
464 $kind->setRequired(
true);
465 $attr =
new ilRadioOption($this->lng->txt(
'shib_attribute'), 1);
466 $attr->
setInfo($this->lng->txt(
'shib_attr_info'));
467 $name =
new ilTextInputGUI($this->lng->txt(
'shib_attribute_name'),
'attr_name');
469 $attr->addSubItem($name);
470 $value =
new ilTextInputGUI($this->lng->txt(
'shib_attribute_value'),
'attr_value');
472 $attr->addSubItem($value);
473 $kind->addOption($attr);
476 $pl->
setInfo($this->lng->txt(
'shib_plugin_info'));
477 $pl->setDisabled(! $pl_active);
481 $id->setMaxLength(3);
482 $id->setMaxValue(999);
484 $pl->addSubItem($id);
485 $kind->addOption($pl);
486 $this->form->addItem($kind);
494 include_once(
"./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
501 if (! $ilAccess->checkAccess(
'write',
'', $this->ref_id)) {
508 if (! $this->form->checkInput() or ($err = $this->
checkInput())) {
512 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
513 $this->form->setValuesByPost();
514 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.shib_role_assignment.html',
'Services/AuthShibboleth');
515 $this->tpl->setVariable(
'NEW_RULE_TABLE', $this->form->getHTML());
517 $this->tpl->setVariable(
'RULE_TABLE', $html);
538 $this->ctrl->setParameter($this,
'rule_id', (
int)
$_GET[
'rule_id']);
539 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
542 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.shib_role_assignment.html',
'Services/AuthShibboleth');
543 $this->tpl->setVariable(
'NEW_RULE_TABLE', $this->form->getHTML());
551 if (! $ilAccess->checkAccess(
'write',
'', $this->ref_id)) {
558 if (! $this->form->checkInput() or ($err = $this->
checkInput((
int)
$_REQUEST[
'rule_id']))) {
562 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
563 $this->form->setValuesByPost();
564 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.shib_role_assignment.html',
'Services/AuthShibboleth');
565 $this->tpl->setVariable(
'NEW_RULE_TABLE', $this->form->getHTML());
570 $this->rule->update();
579 include_once(
'./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
581 if ($this->form->getInput(
'role_name') == 0) {
582 $this->rule->setRoleId($this->form->getInput(
'role_id'));
583 } elseif ($this->form->getInput(
'role_search')) {
585 include_once
'./Services/Search/classes/class.ilQueryParser.php';
586 $parser =
new ilQueryParser($this->form->getInput(
'role_search'));
591 include_once
'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
593 $object_search->setFilter(array(
'role' ));
594 $res = $object_search->performSearch();
595 $entries =
$res->getEntries();
596 if (count($entries) == 1) {
597 $role = current($entries);
598 $this->rule->setRoleId($role[
'obj_id']);
599 } elseif (count($entries) > 1) {
600 $this->rule->setRoleId(- 1);
603 $this->rule->setName($this->form->getInput(
'attr_name'));
604 $this->rule->setValue($this->form->getInput(
'attr_value'));
605 $this->rule->enableAddOnUpdate($this->form->getInput(
'add_missing'));
606 $this->rule->enableRemoveOnUpdate($this->form->getInput(
'remove_deprecated'));
607 $this->rule->enablePlugin($this->form->getInput(
'kind') == 2);
608 $this->rule->setPluginId($this->form->getInput(
'plugin_id'));
616 include_once
'./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
618 $role = $rule->getRoleId();
619 if ($rbacreview->isGlobalRole($role)) {
620 $values[
'role_name'] = 0;
621 $values[
'role_id'] = $role;
623 $values[
'role_name'] = 1;
626 $values[
'add_missing'] = (int)$rule->isAddOnUpdateEnabled();
627 $values[
'remove_deprecated'] = (int)$rule->isRemoveOnUpdateEnabled();
628 $values[
'attr_name'] = $rule->getName();
629 $values[
'attr_value'] = $rule->getValue();
630 if (! $rule->isPluginActive()) {
634 $values[
'plugin_id'] = $rule->getPluginId();
636 $this->form->setValuesByArray($values);
643 return $this->rule->validate();
648 if ($this->rule->getRoleId() > 0) {
652 $_SESSION[
'shib_role_ass'][
'search'] = $this->form->getInput(
'role_search');
653 $_SESSION[
'shib_role_ass'][
'add_on_update'] = $this->rule->isAddOnUpdateEnabled();
654 $_SESSION[
'shib_role_ass'][
'remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
655 $_SESSION[
'shib_role_ass'][
'name'] = $this->rule->getName();
656 $_SESSION[
'shib_role_ass'][
'value'] = $this->rule->getValue();
657 $_SESSION[
'shib_role_ass'][
'plugin'] = $this->rule->isPluginActive();
658 $_SESSION[
'shib_role_ass'][
'plugin_id'] = $this->rule->getPluginId();
659 $this->ctrl->redirect($this,
'chooseRole');
664 $this->tabs_gui->setSubTabActive(
'shib_role_assignment');
665 include_once
'./Services/Search/classes/class.ilQueryParser.php';
667 $parser->setMinWordLength(1,
true);
670 include_once
'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
672 $object_search->setFilter(array(
'role' ));
673 $res = $object_search->performSearch();
674 $entries =
$res->getEntries();
675 include_once
'./Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
677 $table->setTitle($this->lng->txt(
'shib_role_selection'));
678 $table->addMultiCommand(
'saveRoleSelection', $this->lng->txt(
'shib_choose_role'));
679 $table->addCommandButton(
'roleAssignment', $this->lng->txt(
'cancel'));
680 $table->parse($entries);
681 $this->tpl->setContent($table->getHTML());
689 $rule->setRoleId((
int)
$_POST[
'role_id']);
690 $rule->setName(
$_SESSION[
'shib_role_ass'][
'name']);
691 $rule->setValue(
$_SESSION[
'shib_role_ass'][
'value']);
692 $rule->enablePlugin(
$_SESSION[
'shib_role_ass'][
'plugin']);
693 $rule->setPluginId(
$_SESSION[
'shib_role_ass'][
'plugin_id']);
694 $rule->enableAddOnUpdate(
$_SESSION[
'shib_role_ass'][
'add_on_update']);
695 $rule->enableRemoveOnUpdate(
$_SESSION[
'shib_role_ass'][
'remove_on_update']);
696 if ($rule->getRuleId()) {
713 global $ilPluginAdmin;
715 return count($ilPluginAdmin->getActivePluginsForSlot(
IL_COMP_SERVICE,
'AuthShibboleth',
'shibhk'));
720 global $rbacreview, $ilObjDataCache;
721 $global_roles =
ilUtil::_sortIds($rbacreview->getGlobalRoles(),
'object_data',
'title',
'obj_id');
722 $select[0] = $this->lng->txt(
'links_select_one');
723 foreach ($global_roles as $role_id) {
733 include_once
'./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
738 $this->tabs_gui->addSubTabTarget(
'shib_settings', $this->ctrl->getLinkTarget($this,
'settings'));
739 $this->tabs_gui->addSubTabTarget(
'shib_role_assignment', $this->ctrl->getLinkTarget($this,
'roleAssignment'));