ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilAuthProviderShibboleth.php
Go to the documentation of this file.
1 <?php
2 
3 /******************************************************************************
4  *
5  * This file is part of ILIAS, a powerful learning management system.
6  *
7  * ILIAS is licensed with the GPL-3.0, you should have received a copy
8  * of said license along with the source code.
9  *
10  * If this is not the case or you just want to try ILIAS, you'll find
11  * us at:
12  * https://www.ilias.de
13  * https://github.com/ILIAS-eLearning
14  *
15  *****************************************************************************/
20 class ilAuthProviderShibboleth extends ilAuthProvider
21 {
22  private ILIAS $ilias;
23  private ilSetting $settings;
24 
25  public function __construct(ilAuthCredentials $credentials)
26  {
27  global $DIC;
28  $this->ilias = $DIC['ilias'];
29  $this->settings = $DIC->settings();
30  parent::__construct($credentials);
31  }
32 
40  public function doAuthentication(ilAuthStatus $status): bool
41  {
42  $shib_server_data = shibServerData::getInstance();
43 
44  if ($shib_server_data->getLogin() !== '' && $shib_server_data->getLogin() !== '0') {
45  $shib_user = shibUser::buildInstance($shib_server_data);
46  // for backword compatibility of hook environment variables
47  $new_user = $shib_user->isNew(); // For shib_data_conv included Script
48  $settings = new ilShibbolethSettings();
49  $account_creation = $settings->getAccountCreation();
50  if (!$new_user) {
51  $shib_user->updateFields();
52  // Include custom code that can be used to further modify
53  // certain Shibboleth user attributes
54  if (
55  $this->ilias->getSetting('shib_data_conv') &&
56  $this->ilias->getSetting('shib_data_conv') !== '' &&
57  is_readable($this->ilias->getSetting('shib_data_conv'))
58  ) {
60  include($this->ilias->getSetting('shib_data_conv'));
61  }
62  $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shib_user);
63  $shib_user->update();
64  $shib_user = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shib_user);
65  ilShibbolethRoleAssignmentRules::updateAssignments($shib_user->getId(), $_SERVER);
66  } elseif (!($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_DISABLED)) {
67  $shib_user->createFields();
68  $shib_user->setPref('hits_per_page', $this->settings->get('hits_per_page'));
69 
70  // Modify user data before creating the user
71  // Include custom code that can be used to further modify
72  // certain Shibboleth user attributes
73  if (
74  $this->ilias->getSetting('shib_data_conv') &&
75  $this->ilias->getSetting('shib_data_conv', '') !== '' &&
76  is_readable($this->ilias->getSetting('shib_data_conv'))
77  ) {
79  include($this->ilias->getSetting('shib_data_conv'));
80  }
81  $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shib_user);
82  if ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
83  $shib_user->setActive(false);
84  }
85  $shib_user->create();
86  $shib_user->saveAsNew();
87  $shib_user->updateOwner();
88  $shib_user->writePrefs();
89  $shib_user = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shib_user);
90  ilShibbolethRoleAssignmentRules::doAssignments($shib_user->getId(), $_SERVER);
91  }
92 
93  if(!$new_user || $account_creation === ilShibbolethSettings::ACCOUNT_CREATION_ENABLED) {
94  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
95  $status->setAuthenticatedUserId(ilObjUser::_lookupId($shib_user->getLogin()));
96  } elseif ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
97  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
98  $status->setReason('err_inactive');
99  } else {
100  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
101  $status->setReason('err_disabled');
102  }
103 
104  } else {
105  $this->getLogger()->info('Shibboleth authentication failed.');
106  $this->handleAuthenticationFail($status, 'err_wrong_login');
107  return false;
108  }
109 
110  return true;
111  }
112 }
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:27
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
ilShibbolethRoleAssignmentRules\doAssignments
static doAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:89
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:27
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
$DIC
global $DIC
Definition: shib_login.php:25
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
ilShibbolethRoleAssignmentRules\updateAssignments
static updateAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:57
ilias
Class ilObjForumAdministration.
shibUser\buildInstance
static buildInstance(shibServerData $shibServerData)
Definition: class.shibUser.php:35
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
$new_user
$new_user
Definition: dummy_client.php:28
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilAuthProviderShibboleth
Shibboleth authentication provider.
Definition: class.ilAuthProviderShibboleth.php:20
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilShibbolethSettings
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethSettings.php:24
ilAuthProviderShibboleth\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderShibboleth.php:25