Shibboleth authentication provider. More...

Inheritance diagram for ilAuthProviderShibboleth:

Collaboration diagram for ilAuthProviderShibboleth:

Public Member Functions
	__construct (ilAuthCredentials $credentials)

	doAuthentication (ilAuthStatus $status)

Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...

	getLogger ()
	Get logger. More...

	getCredentials ()

Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

Private Attributes
ILIAS	$ilias

ilSetting	$settings

Additional Inherited Members
Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
	Handle failed authentication. More...

Detailed Description

Shibboleth authentication provider.

Definition at line 20 of file class.ilAuthProviderShibboleth.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderShibboleth::__construct ( ilAuthCredentials $credentials )

Definition at line 25 of file class.ilAuthProviderShibboleth.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\settings().

     {
         global $DIC;
         $this->ilias = $DIC['ilias'];
         $this->settings = $DIC->settings();
         parent::__construct($credentials);
     }

Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderShibboleth::doAuthentication ( ilAuthStatus $status )

Exceptions

ilObjectNotFoundException
ilSystemStyleException
ilPasswordException
ilObjectTypeMismatchException
ilUserException

Definition at line 40 of file class.ilAuthProviderShibboleth.php.

References $_SERVER, $new_user, ilObjUser\_lookupId(), ilShibbolethSettings\ACCOUNT_CREATION_DISABLED, ilShibbolethSettings\ACCOUNT_CREATION_ENABLED, ilShibbolethSettings\ACCOUNT_CREATION_WITH_APPROVAL, shibUser\buildInstance(), ilShibbolethRoleAssignmentRules\doAssignments(), ilShibbolethPluginWrapper\getInstance(), shibServerData\getInstance(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setReason(), ilAuthStatus\setStatus(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATED, ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilShibbolethRoleAssignmentRules\updateAssignments().

                                                           : bool
     {
         $shib_server_data = shibServerData::getInstance();
 
         if ($shib_server_data->getLogin() !== '' && $shib_server_data->getLogin() !== '0') {
             $shib_user = shibUser::buildInstance($shib_server_data);
             // for backword compatibility of hook environment variables
             $new_user = $shib_user->isNew(); // For shib_data_conv included Script
             $settings = new ilShibbolethSettings();
             $account_creation = $settings->getAccountCreation();
             if (!$new_user) {
                 $shib_user->updateFields();
                 // Include custom code that can be used to further modify
                 // certain Shibboleth user attributes
                 if (
                     $this->ilias->getSetting('shib_data_conv') &&
                     $this->ilias->getSetting('shib_data_conv') !== '' &&
                     is_readable($this->ilias->getSetting('shib_data_conv'))
                 ) {
                     include($this->ilias->getSetting('shib_data_conv'));
                 }
                 $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shib_user);
                 $shib_user->update();
                 $shib_user = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shib_user);
                 ilShibbolethRoleAssignmentRules::updateAssignments($shib_user->getId(), $_SERVER);
             } elseif (!($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_DISABLED)) {
                 $shib_user->createFields();
                 $shib_user->setPref('hits_per_page', $this->settings->get('hits_per_page'));
 
                 // Modify user data before creating the user
                 // Include custom code that can be used to further modify
                 // certain Shibboleth user attributes
                 if (
                     $this->ilias->getSetting('shib_data_conv') &&
                     $this->ilias->getSetting('shib_data_conv', '') !== '' &&
                     is_readable($this->ilias->getSetting('shib_data_conv'))
                 ) {
                     include($this->ilias->getSetting('shib_data_conv'));
                 }
                 $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shib_user);
                 if ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
                     $shib_user->setActive(false);
                 }
                 $shib_user->create();
                 $shib_user->saveAsNew();
                 $shib_user->updateOwner();
                 $shib_user->writePrefs();
                 $shib_user = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shib_user);
                 ilShibbolethRoleAssignmentRules::doAssignments($shib_user->getId(), $_SERVER);
             }
 
             if(!$new_user || $account_creation === ilShibbolethSettings::ACCOUNT_CREATION_ENABLED) {
                 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
                 $status->setAuthenticatedUserId(ilObjUser::_lookupId($shib_user->getLogin()));
             } elseif ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
                 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
                 $status->setReason('err_inactive');
             } else {
                 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
                 $status->setReason('err_disabled');
             }
 
         } else {
             $this->getLogger()->info('Shibboleth authentication failed.');
             $this->handleAuthenticationFail($status, 'err_wrong_login');
             return false;
         }
 
         return true;
     }

Here is the call graph for this function:

Field Documentation

◆ $ilias

ILIAS ilAuthProviderShibboleth::$ilias

private

Definition at line 22 of file class.ilAuthProviderShibboleth.php.

◆ $settings

ilSetting ilAuthProviderShibboleth::$settings

private

Definition at line 23 of file class.ilAuthProviderShibboleth.php.

The documentation for this class was generated from the following file:

components/ILIAS/AuthShibboleth/classes/class.ilAuthProviderShibboleth.php

Public Member Functions

Private Attributes

Additional Inherited Members