ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Style\Content\GUIService;
22 use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
23 
32 class ilObjAuthSettingsGUI extends ilObjectGUI
33 {
34  private ilLogger $logger;
35  private ILIAS\UI\Factory $ui;
36  private ILIAS\UI\Renderer $renderer;
37  private ILIAS\Http\Services $http;
38 
39  private ?ilPropertyFormGUI $form;
40  private GUIService $content_style_gui;
41 
42  public function __construct($a_data, $a_id, $a_call_by_reference, $a_prepare_output = true)
43  {
44  $this->type = "auth";
45  parent::__construct($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
46 
47  global $DIC;
48  $this->logger = $DIC->logger()->auth();
49 
50  $this->ui = $DIC->ui()->factory();
51  $this->renderer = $DIC->ui()->renderer();
52  $this->http = $DIC->http();
53 
54  $this->lng->loadLanguageModule('registration');
55  $this->lng->loadLanguageModule('auth');
56  $this->lng->loadLanguageModule('content');
57  $this->content_style_gui = $DIC->contentStyle()->gui();
58  }
59 
60  public function viewObject(): void
61  {
62  $this->authSettingsObject();
63  }
64 
68  public function authSettingsObject(): void
69  {
70  if (!$this->rbac_system->checkAccess("visible,read", $this->object->getRefId())) {
71  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
72  }
73 
74  $this->tabs_gui->setTabActive('authentication_settings');
75  $this->setSubTabs('authSettings');
76  $this->tabs_gui->setSubTabActive("auth_settings");
77 
78  $generalSettingsTpl = new ilTemplate('tpl.auth_general.html', true, true, 'components/ILIAS/Authentication');
79 
80  $generalSettingsTpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
81  $generalSettingsTpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
82 
83  $generalSettingsTpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
84  $generalSettingsTpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
85  $generalSettingsTpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
86  $generalSettingsTpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
87 
88  $generalSettingsTpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
89  $generalSettingsTpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
90  $generalSettingsTpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
91 
92  $generalSettingsTpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
93 
94  $generalSettingsTpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
95 
96  $generalSettingsTpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
97 
98  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
99  $auth_modes = ilAuthUtils::_getAllAuthModes();
100  $valid_modes = [
101  ilAuthUtils::AUTH_LOCAL,
102  ilAuthUtils::AUTH_LDAP,
103  ilAuthUtils::AUTH_SHIBBOLETH,
104  ilAuthUtils::AUTH_SAML,
105  ilAuthUtils::AUTH_CAS,
106  ilAuthUtils::AUTH_APACHE,
107  ilAuthUtils::AUTH_OPENID_CONNECT
108  ];
109  // icon handlers
110 
111  $icon_ok = $this->renderer->render(
112  $this->ui->symbol()->icon()->custom(ilUtil::getImagePath("standard/icon_ok.svg"), $this->lng->txt("enabled"))
113  );
114  $icon_not_ok = $this->renderer->render(
115  $this->ui->symbol()->icon()->custom(ilUtil::getImagePath("standard/icon_not_ok.svg"), $this->lng->txt("disabled"))
116  );
117 
118  $this->logger->debug(print_r($auth_modes, true));
119  foreach ($auth_modes as $mode => $mode_name) {
120  if (!in_array($mode, $valid_modes, true) && !ilLDAPServer::isAuthModeLDAP((string) $mode) && !ilSamlIdp::isAuthModeSaml((string) $mode)) {
121  continue;
122  }
123 
124  $generalSettingsTpl->setCurrentBlock('auth_mode');
125 
126  if (ilLDAPServer::isAuthModeLDAP((string) $mode)) {
127  $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::getServerIdByAuthMode($mode));
128  $generalSettingsTpl->setVariable("AUTH_NAME", $server->getName());
129  $generalSettingsTpl->setVariable('AUTH_ACTIVE', $server->isActive() ? $icon_ok : $icon_not_ok);
130  } elseif (ilSamlIdp::isAuthModeSaml((string) $mode)) {
131  $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($mode));
132  $generalSettingsTpl->setVariable('AUTH_NAME', $idp->getEntityId());
133  $generalSettingsTpl->setVariable('AUTH_ACTIVE', $idp->isActive() ? $icon_ok : $icon_not_ok);
134  } elseif ($mode === ilAuthUtils::AUTH_OPENID_CONNECT) {
135  $generalSettingsTpl->setVariable("AUTH_NAME", $this->lng->txt("auth_" . $mode_name));
136  $generalSettingsTpl->setVariable('AUTH_ACTIVE', ilOpenIdConnectSettings::getInstance()->getActive() ? $icon_ok : $icon_not_ok);
137  } else {
138  $generalSettingsTpl->setVariable("AUTH_NAME", $this->lng->txt("auth_" . $mode_name));
139  $generalSettingsTpl->setVariable('AUTH_ACTIVE', $this->ilias->getSetting($mode_name . '_active') || (int) $mode === ilAuthUtils::AUTH_LOCAL ? $icon_ok : $icon_not_ok);
140  }
141 
142  $auth_cnt_mode = $auth_cnt[$mode_name] ?? 0;
143  if ($this->settings->get('auth_mode') === (string) $mode) {
144  $generalSettingsTpl->setVariable("AUTH_CHECKED", "checked=\"checked\"");
145  $auth_cnt_default = $auth_cnt["default"] ?? 0;
146  $generalSettingsTpl->setVariable(
147  "AUTH_USER_NUM",
148  ((int) $auth_cnt_mode + $auth_cnt_default) . " (" . $this->lng->txt("auth_per_default") .
149  ": " . $auth_cnt_default . ")"
150  );
151  } else {
152  $generalSettingsTpl->setVariable(
153  "AUTH_USER_NUM",
154  (int) $auth_cnt_mode
155  );
156  }
157  $generalSettingsTpl->setVariable("AUTH_ID", $mode_name);
158  $generalSettingsTpl->setVariable("AUTH_VAL", $mode);
159  $generalSettingsTpl->parseCurrentBlock();
160  }
161 
162  $generalSettingsTpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
163 
164  if ($this->rbac_system->checkAccess("write", $this->object->getRefId())) {
165  $generalSettingsTpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
166  $generalSettingsTpl->setCurrentBlock('auth_mode_submit');
167  $generalSettingsTpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
168  $generalSettingsTpl->setVariable("CMD_SUBMIT", "setAuthMode");
169  $generalSettingsTpl->parseCurrentBlock();
170  }
171 
172  // auth mode determinitation
173  if ($this->initAuthModeDetermination()) {
174  $generalSettingsTpl->setVariable('TABLE_AUTH_DETERMINATION', $this->form->getHTML());
175  }
176 
177  // roles table
178  $generalSettingsTpl->setVariable(
179  "FORMACTION_ROLES",
180  $this->ctrl->getFormAction($this)
181  );
182  $generalSettingsTpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
183  $generalSettingsTpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
184  $generalSettingsTpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
185  if ($this->rbac_system->checkAccess("write", $this->object->getRefId())) {
186  $generalSettingsTpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
187  $generalSettingsTpl->setVariable('BTN_SUBMIT_ROLES', $this->lng->txt('save'));
188  }
189 
190  $reg_roles = ilObjRole::_lookupRegisterAllowed();
191 
192  // auth mode selection
193  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
194 
195  foreach ($reg_roles as $role) {
196  foreach ($active_auth_modes as $auth_name => $auth_key) {
197  // do not list auth modes with external login screen
198  // even not default, because it can easily be set to
199  // a non-working auth mode
200  if ($auth_name === "default" || $auth_name === "cas"
201  || $auth_name === 'saml'
202  || $auth_name === "shibboleth" || $auth_name === 'ldap'
203  || $auth_name === 'apache' || $auth_name === "ecs"
204  || $auth_name === "openid") {
205  continue;
206  }
207 
208  $generalSettingsTpl->setCurrentBlock("auth_mode_selection");
209 
210  if ($auth_name === 'default') {
211  $name = $this->lng->txt('auth_' . $auth_name) . " (" . $this->lng->txt('auth_' . ilAuthUtils::_getAuthModeName($auth_key)) . ")";
212  } elseif ($id = ilLDAPServer::getServerIdByAuthMode((string) $auth_key)) {
213  $server = ilLDAPServer::getInstanceByServerId($id);
214  $name = $server->getName();
215  } elseif ($id = ilSamlIdp::getIdpIdByAuthMode((string) $auth_key)) {
216  $idp = ilSamlIdp::getInstanceByIdpId($id);
217  $name = $idp->getEntityId();
218  } else {
219  $name = $this->lng->txt('auth_' . $auth_name);
220  }
221 
222  $generalSettingsTpl->setVariable("AUTH_MODE_NAME", $name);
223 
224  $generalSettingsTpl->setVariable("AUTH_MODE", $auth_name);
225 
226  if ($role['auth_mode'] === $auth_name) {
227  $generalSettingsTpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
228  }
229 
230  $generalSettingsTpl->parseCurrentBlock();
231  }
232 
233  $generalSettingsTpl->setCurrentBlock("roles");
234  $generalSettingsTpl->setVariable("ROLE", $role['title']);
235  // r_ is add to the role id only for the dictOf transformation used later to parse the input
236  $generalSettingsTpl->setVariable("ROLE_ID", "r_" . $role['id']);
237  $generalSettingsTpl->parseCurrentBlock();
238  }
239 
240  $default_auth_info = $this->ui_factory->messageBox()->info(
241  $this->lng->txt('auth_mode_default_change_info')
242  );
243 
244  $this->tpl->setContent($this->ui_renderer->render($default_auth_info) . $generalSettingsTpl->get());
245  }
246 
247 
253  public function loginInfoObject(): void
254  {
255  if (!$this->rbac_system->checkAccess("visible,read", $this->object->getRefId())) {
256  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
257  }
258 
259  $this->tabs_gui->setTabActive("authentication_settings");
260  $this->setSubTabs("authSettings");
261  $this->tabs_gui->setSubTabActive("auth_login_editor");
262 
263  $this->lng->loadLanguageModule("meta");
264 
265  $this->tpl->addBlockFile(
266  "ADM_CONTENT",
267  "adm_content",
268  "tpl.auth_login_messages.html",
269  "components/ILIAS/Authentication"
270  );
271  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
272  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
273  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
274  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
275  $this->tpl->setVariable('LOGIN_INFO', $this->form->getHTML());
276  }
277 
278 
279  public function cancelObject(): void
280  {
281  $this->ctrl->redirect($this, "authSettings");
282  }
283 
284  public function setAuthModeObject(): void
285  {
286  if (!$this->rbac_system->checkAccess("write", $this->object->getRefId())) {
287  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
288  }
289  $this->logger->debug('auth mode available:' . $this->request_wrapper->has("auth_mode"));
290 
291  if (!$this->http->wrapper()->post()->has("auth_mode")) {
292  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"), $this->ilias->error_obj->MESSAGE);
293  }
294  $new_auth_mode = $this->http->wrapper()->post()->retrieve("auth_mode", $this->refinery->to()->string());
295  $this->logger->debug('auth mode:' . $new_auth_mode);
296  $current_auth_mode = $this->settings->get('auth_mode', '');
297  if ($new_auth_mode === $current_auth_mode) {
298  $this->tpl->setOnScreenMessage('info', $this->lng->txt("auth_mode") . ": " . $this->getAuthModeTitle() . " " . $this->lng->txt("auth_mode_not_changed"), true);
299  $this->ctrl->redirect($this, 'authSettings');
300  }
301 
302  switch ((int) $new_auth_mode) {
303  case ilAuthUtils::AUTH_SAML:
304  break;
305 
306  case ilAuthUtils::AUTH_LDAP:
307 
308  /*
309  if ($this->object->checkAuthLDAP() !== true)
310  {
311  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
312  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP", "", false, false)));
313  }
314  */
315  break;
316 
317  // @fix changed from AUTH_SHIB > is not defined
318  case ilAuthUtils::AUTH_SHIBBOLETH:
319  if ($this->object->checkAuthSHIB() !== true) {
320  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("auth_shib_not_configured"), true);
321  ilUtil::redirect(
322  $this->getReturnLocation(
323  'authSettings',
324  $this->ctrl->getLinkTargetByClass(
325  ilAuthShibbolethSettingsGUI::class,
326  'settings',
327  '',
328  false,
329  false
330  )
331  )
332  );
333  }
334  break;
335 
336  case ilAuthUtils::AUTH_SCRIPT:
337  if ($this->object->checkAuthScript() !== true) {
338  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("auth_script_not_configured"), true);
339  ilUtil::redirect($this->getReturnLocation("authSettings", $this->ctrl->getLinkTarget($this, "editScript", "", false, false)));
340  }
341  break;
342  }
343 
344  $this->ilias->setSetting("auth_mode", $new_auth_mode);
345 
346  $this->tpl->setOnScreenMessage('success', $this->lng->txt("auth_default_mode_changed_to") . " " . $this->getAuthModeTitle(), true);
347  $this->ctrl->redirect($this, 'authSettings');
348  }
349 
350  private function buildSOAPForm(
351  string $submit_action
352  ): \ILIAS\UI\Component\Input\Container\Form\Form {
353  // compose role list
354  $role_list = $this->rbac_review->getRolesByFilter(2, $this->object->getId());
355  $roles = [];
356 
357  foreach ($role_list as $role) {
358  $roles[$role['obj_id']] = $role['title'];
359  }
360 
361  $active = $this->ui->input()->field()
362  ->checkbox($this->lng->txt("active"))
363  ->withValue((bool) $this->settings->get("soap_auth_active", ""));
364 
365  $server = $this->ui->input()->field()->text(
366  $this->lng->txt("server"),
367  $this->lng->txt("auth_soap_server_desc")
368  )->withRequired(true)
369  ->withMaxLength(256)
370  ->withValue($this->settings->get("soap_auth_server", ""));
371 
372  $port = $this->ui->input()->field()->numeric(
373  $this->lng->txt("port"),
374  $this->lng->txt("auth_soap_port_desc")
375  )->withAdditionalTransformation($this->refinery->int()->isGreaterThan(0))
376  ->withAdditionalTransformation(
377  $this->refinery->int()->isLessThan(65536)
378  )->withValue((int) $this->settings->get("soap_auth_port", "0"));
379 
380  $use_https = $this->ui->input()->field()->checkbox($this->lng->txt("auth_soap_use_https"))
381  ->withValue((bool) $this->settings->get("soap_auth_use_https", ""));
382 
383  $uri = $this->ui->input()->field()->text(
384  $this->lng->txt("uri"),
385  $this->lng->txt("auth_soap_uri_desc")
386  )->withMaxLength(256)
387  ->withValue($this->settings->get("soap_auth_uri", ""));
388 
389  $namespace = $this->ui->input()->field()->text(
390  $this->lng->txt("auth_soap_namespace"),
391  $this->lng->txt("auth_soap_namespace_desc")
392  )->withMaxLength(256)
393  ->withValue($this->settings->get("soap_auth_namespace", ""));
394 
395  $dotnet = $this->ui->input()->field()->checkbox($this->lng->txt("auth_soap_use_dotnet"))
396  ->withValue((bool) $this->settings->get("soap_auth_use_dotnet", ""));
397 
398  $createuser = $this->ui->input()->field()->checkbox(
399  $this->lng->txt("auth_create_users"),
400  $this->lng->txt("auth_soap_create_users_desc")
401  )->withValue((bool) $this->settings->get("soap_auth_create_users", ""));
402 
403  $sendmail = $this->ui->input()->field()->checkbox(
404  $this->lng->txt("user_send_new_account_mail"),
405  $this->lng->txt("auth_new_account_mail_desc")
406  )->withValue((bool) $this->settings->get("soap_auth_account_mail", ""));
407 
408  $defaultrole = $this->ui->input()->field()->select(
409  $this->lng->txt("auth_user_default_role"),
410  $roles,
411  $this->lng->txt("auth_soap_user_default_role_desc")
412  )->withValue($this->settings->get("soap_auth_user_default_role", "4"))
413  ->withAdditionalTransformation($this->refinery->int()->isGreaterThan(0));
414 
415  $allowlocal = $this->ui->input()->field()->checkbox(
416  $this->lng->txt("auth_allow_local"),
417  $this->lng->txt("auth_soap_allow_local_desc")
418  )->withValue((bool) $this->settings->get("soap_auth_user_default_role", ""));
419 
420  $form = $this->ui->input()->container()->form()->standard(
421  $submit_action,
422  [ "active" => $active,
423  "server" => $server,
424  "port" => $port,
425  "use_https" => $use_https,
426  "uri" => $uri,
427  "namespace" => $namespace,
428  "dotnet" => $dotnet,
429  "createuser" => $createuser,
430  "sendmail" => $sendmail,
431  "defaultrole" => $defaultrole,
432  "allowlocal" => $allowlocal
433  ]
434  );
435  return $form;
436  }
437 
438  private function buildSOAPTestForm(
439  string $submit_action
440  ): \ILIAS\UI\Component\Input\Container\Form\Form {
441  $ext_uid = $this->ui->input()->field()->text(
442  "ext_uid"
443  );
444  $soap_pw = $this->ui->input()->field()->text(
445  "soap_pw"
446  );
447  $new_user = $this->ui->input()->field()
448  ->checkbox("new_user");
449  $form = $this->ui->input()->container()->form()->standard(
450  $submit_action,
451  [ "ext_uid" => $ext_uid,
452  "soap_pw" => $soap_pw,
453  "new_user" => $new_user
454  ]
455  )->withSubmitLabel("Send");
456  return $form;
457  }
458 
459 
463  public function editSOAPObject(): void
464  {
465  if (!$this->rbac_system->checkAccess("read", $this->object->getRefId())) {
466  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
467  }
468 
469  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, "saveSOAP"));
470  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, "testSoapAuthConnection"));
471 
472  $this->tabs_gui->setTabActive('auth_soap');
473  $panel = $this->ui->panel()->standard("SOAP", [$soap_form, $test_form]);
474  $this->tpl->setContent($this->renderer->render($panel));
475  }
476 
477  public function testSoapAuthConnectionObject(): void
478  {
479  if (!$this->rbac_system->checkAccess("read", $this->object->getRefId())) {
480  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
481  }
482 
483 
484  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, "saveSOAP"));
485  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, "testSoapAuthConnection"));
486  $panel_content = [$soap_form, $test_form];
487  if ($this->request->getMethod() == "POST") {
488  $test_form = $test_form->withRequest($this->request);
489  $result = $test_form->getData();
490  if (!is_null($result)) {
491  $panel_content[] = $this->ui->legacy(
492  ilSOAPAuth::testConnection($result["ext_uid"], $result["soap_pw"], $result["new_user"])
493  );
494  }
495  }
496  $this->tabs_gui->setTabActive('auth_soap');
497  $panel = $this->ui->panel()->standard("SOAP", $panel_content);
498  $this->tpl->setContent($this->renderer->render($panel));
499  }
500 
504  public function saveSOAPObject(): void
505  {
506  if (!$this->rbac_system->checkAccess("write", $this->object->getRefId())) {
507  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
508  }
509 
510  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, "saveSOAP"));
511  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, "testSoapAuthConnection"));
512  if ($this->request->getMethod() === "POST") {
513  $soap_form = $soap_form->withRequest($this->request);
514  $result = $soap_form->getData();
515  if (!is_null($result)) {
516  $this->settings->set("soap_auth_active", (string) $result["active"]);
517  $this->settings->set("soap_auth_server", $result["server"]);
518  $this->settings->set("soap_auth_port", (string) $result["port"]);
519  $this->settings->set("soap_auth_use_https", (string) $result["use_https"]);
520  $this->settings->set("soap_auth_uri", $result["uri"]);
521  $this->settings->set("soap_auth_namespace", $result["namespace"]);
522  $this->settings->set("soap_auth_use_dotnet", (string) $result["dotnet"]);
523  $this->settings->set("soap_auth_create_users", (string) $result["createuser"]);
524  $this->settings->set("soap_auth_account_mail", (string) $result["sendmail"]);
525  $this->settings->set("soap_auth_user_default_role", (string) $result["defaultrole"]);
526  $this->settings->set("soap_auth_allow_local", (string) $result["allowlocal"]);
527 
528  $this->tpl->setOnScreenMessage('success', $this->lng->txt("auth_soap_settings_saved"), true);
529  $this->logger->info("data" . print_r($result, true));
530  $this->ctrl->redirect($this, 'editSOAP');
531  }
532  }
533 
534  $this->tabs_gui->setTabActive('auth_soap');
535  $panel = $this->ui->panel()->standard("SOAP", [$soap_form, $test_form]);
536  $this->tpl->setContent($this->renderer->render($panel));
537  }
538 
542  public function editScriptObject(): void
543  {
544  if (!$this->rbac_system->checkAccess("write", $this->object->getRefId())) {
545  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
546  }
547 
548  if ($_SESSION["error_post_vars"]) {
549  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
550  } else {
551  // set already saved data
552  $settings = $this->ilias->getAllSettings();
553 
554  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
555  }
556 
557  $this->tabs_gui->setTabActive('auth_script');
558 
559  $this->tpl->addBlockFile(
560  "ADM_CONTENT",
561  "adm_content",
562  "tpl.auth_script.html",
563  "components/ILIAS/Authentication"
564  );
565 
566  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
567  $this->tpl->setVariable("COLSPAN", 3);
568  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
569  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
570  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
571 
572  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
573  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
574  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
575  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
576  }
577 
581  public function saveScriptObject(): void
582  {
583  // validate required data
584  if (!$_POST["auth_script"]["name"]) {
585  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
586  }
587 
588  // validate script url
589  /*
590  if (( TODO ,$_POST["ldap"]["server"])) == false)
591  {
592  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
593  }*/
594 
595  // TODO: check connection to server
596 
597  // all ok. save settings and activate auth by external script
598  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
599  $this->ilias->setSetting("auth_mode", (string) ilAuthUtils::AUTH_SCRIPT);
600 
601  $this->tpl->setOnScreenMessage('success', $this->lng->txt("auth_mode_changed_to") . " " . $this->getAuthModeTitle(), true);
602  $this->ctrl->redirect($this, 'editScript');
603  }
604 
605 
611  public function getAuthModeTitle(): string
612  {
613  switch ($this->ilias->getSetting("auth_mode")) {
614  case ilAuthUtils::AUTH_LOCAL:
615  return $this->lng->txt("auth_local");
616  break;
617 
618  case ilAuthUtils::AUTH_LDAP:
619  return $this->lng->txt("auth_ldap");
620  break;
621 
622  case ilAuthUtils::AUTH_SHIBBOLETH:
623  return $this->lng->txt("auth_shib");
624  break;
625 
626  case ilAuthUtils::AUTH_SAML:
627  return $this->lng->txt("auth_saml");
628  break;
629 
630 
631  case ilAuthUtils::AUTH_SCRIPT:
632  return $this->lng->txt("auth_script");
633  break;
634 
635  case ilAuthUtils::AUTH_APACHE:
636  return $this->lng->txt("auth_apache");
637  break;
638 
639  default:
640  return $this->lng->txt("unknown");
641  break;
642  }
643  }
644 
645  public function updateAuthRolesObject(): void
646  {
647  if (!$this->rbac_system->checkAccess("write", $this->object->getRefId())) {
648  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
649  }
650  if (!$this->http->wrapper()->post()->has("Fobject")) {
651  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"), $this->ilias->error_obj->MESSAGE);
652  }
653  $f_object_unconverted = $this->http->wrapper()->post()->retrieve(
654  "Fobject",
655  $this->refinery->to()->dictOf($this->refinery->to()->string())
656  );
657  // remove the r_ from the role id. It is only added for the dictOf transformation
658  $f_object = [];
659  foreach ($f_object_unconverted as $role_id => $auth_mode) {
660  $f_object[substr($role_id, 2)] = $auth_mode;
661  }
662  ilObjRole::_updateAuthMode($f_object);
663 
664  $this->tpl->setOnScreenMessage('success', $this->lng->txt("auth_mode_roles_changed"), true);
665  $this->ctrl->redirect($this, 'authSettings');
666  }
667 
671  protected function initAuthModeDetermination(): bool
672  {
673  if (isset($this->form) && is_object($this->form)) {
674  return true;
675  }
676 
677  $this->form = new ilPropertyFormGUI();
678  $this->form->setFormAction($this->ctrl->getFormAction($this));
679  $this->form->setTableWidth('100%');
680  $this->form->setTitle($this->lng->txt('auth_auth_settings'));
681 
682  if ($this->access->checkAccess('write', '', $this->object->getRefId())) {
683  $this->form->addCommandButton('updateAuthModeDetermination', $this->lng->txt('save'));
684  }
685 
686  $det = ilAuthModeDetermination::_getInstance();
687  if ($det->getCountActiveAuthModes() <= 1) {
688  return false;
689  }
690 
691  $header = new ilFormSectionHeaderGUI();
692  $header->setTitle($this->lng->txt('auth_auth_mode_determination'));
693  $this->form->addItem($header);
694 
695  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'), 'kind');
696  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
697  $kind->setValue((string) $det->getKind());
698  $kind->setRequired(true);
699 
700  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'), "0");
701  $kind->addOption($option_user);
702 
703  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'), "1");
704 
705  $auth_sequenced = $det->getAuthModeSequence();
706  $counter = 1;
707  $text = "";
708  foreach ($auth_sequenced as $auth_mode) {
709  switch ($auth_mode) {
710  case ilLDAPServer::isAuthModeLDAP((string) $auth_mode):
711  $auth_id = ilLDAPServer::getServerIdByAuthMode($auth_mode);
712  $server = ilLDAPServer::getInstanceByServerId($auth_id);
713  $text = $server->getName();
714  break;
715  case ilAuthUtils::AUTH_LOCAL:
716  $text = $this->lng->txt('auth_local');
717  break;
718  case ilAuthUtils::AUTH_SOAP:
719  $text = $this->lng->txt('auth_soap');
720  break;
721  case ilAuthUtils::AUTH_APACHE:
722  $text = $this->lng->txt('auth_apache');
723  break;
724  default:
725  foreach (ilAuthUtils::getAuthPlugins() as $pl) {
726  $option = $pl->getMultipleAuthModeOptions($auth_mode);
727  $text = $option[$auth_mode]['txt'];
728  }
729  break;
730  }
731 
732  $pos = new ilTextInputGUI($text, 'position[m' . $auth_mode . ']');
733  $pos->setValue($counter++);
734  $pos->setSize(1);
735  $pos->setMaxLength(1);
736  $option_determination->addSubItem($pos);
737  }
738  $kind->addOption($option_determination);
739  $this->form->addItem($kind);
740  return true;
741  }
742 
746  public function updateAuthModeDeterminationObject(): void
747  {
748  if (!$this->rbac_system->checkAccess("write", $this->object->getRefId())) {
749  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
750  }
751 
752  if (!$this->http->wrapper()->post()->has("kind")) {
753  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"), $this->ilias->error_obj->MESSAGE);
754  }
755  $kind = $this->http->wrapper()->post()->retrieve("kind", $this->refinery->kindlyTo()->int());
756  if ($kind === ilAuthModeDetermination::TYPE_AUTOMATIC && !$this->http->wrapper()->post()->has("position")) {
757  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"), $this->ilias->error_obj->MESSAGE);
758  }
759 
760  $det = ilAuthModeDetermination::_getInstance();
761 
762  $det->setKind($kind);
763  if ($kind === ilAuthModeDetermination::TYPE_AUTOMATIC) {
764  $pos = $this->http->wrapper()->post()->retrieve(
765  "position",
766  $this->refinery->to()->dictOf($this->refinery->kindlyTo()->int())
767  );
768  $this->logger->debug('pos mode:' . print_r($pos, true));
769  asort($pos, SORT_NUMERIC);
770  $this->logger->debug('pos mode:' . print_r($pos, true));
771  $counter = 0;
772  $position = [];
773  foreach (array_keys($pos) as $auth_mode) {
774  $position[$counter++] = substr($auth_mode, 1);
775  }
776  $this->logger->debug('position mode:' . print_r($position, true));
777  $det->setAuthModeSequence($position);
778  }
779  $det->save();
780 
781  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
782  $this->ctrl->redirect($this, 'authSettings');
783  }
784 
788  public function executeCommand(): void
789  {
790  $next_class = $this->ctrl->getNextClass($this) ?? '';
791  $cmd = $this->ctrl->getCmd() ?? '';
792  $this->prepareOutput();
793 
794  if (!$this->rbac_system->checkAccess("visible,read", $this->object->getRefId())) {
795  $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
796  }
797 
798  switch ($next_class) {
799  case 'ilopenidconnectsettingsgui':
800 
801  $this->tabs_gui->activateTab('auth_oidconnect');
802 
803  $oid = new ilOpenIdConnectSettingsGUI($this->object->getRefId());
804  $this->ctrl->forwardCommand($oid);
805  break;
806 
807  case 'ilsamlsettingsgui':
808  $this->tabs_gui->setTabActive('auth_saml');
809 
810  $os = new ilSamlSettingsGUI($this->object->getRefId());
811  $this->ctrl->forwardCommand($os);
812  break;
813 
814  case 'ilregistrationsettingsgui':
815 
816  // Enable tabs
817  $this->tabs_gui->setTabActive('registration_settings');
818  $registration_gui = new ilRegistrationSettingsGUI();
819  $this->ctrl->forwardCommand($registration_gui);
820  break;
821 
822  case 'ilpermissiongui':
823 
824  // Enable tabs
825  $this->tabs_gui->setTabActive('perm_settings');
826 
827  $perm_gui = new ilPermissionGUI($this);
828  $this->ctrl->forwardCommand($perm_gui);
829  break;
830 
831  case 'illdapsettingsgui':
832 
833  // Enable Tabs
834  $this->tabs_gui->setTabActive('auth_ldap');
835 
836  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
837  $this->ctrl->forwardCommand($ldap_settings_gui);
838  break;
839 
840  case 'ilauthshibbolethsettingsgui':
841 
842  $this->tabs_gui->setTabActive('auth_shib');
843  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
844  $this->ctrl->forwardCommand($shib_settings_gui);
845  break;
846 
847  case 'ilcassettingsgui':
848 
849  $this->tabs_gui->setTabActive('auth_cas');
850  $cas_settings = new ilCASSettingsGUI($this->object->getRefId());
851  $this->ctrl->forwardCommand($cas_settings);
852  break;
853 
854  case strtolower(ilAuthPageEditorGUI::class):
855 
856  $this->setSubTabs('authSettings');
857  $this->tabs_gui->setTabActive('authentication_settings');
858  $this->tabs_gui->setSubTabActive('auth_login_editor');
859 
860  $lpe = new ilAuthPageEditorGUI($this->object->getRefId());
861  $this->ctrl->forwardCommand($lpe);
862  break;
863 
864  case strtolower(ilObjectContentStyleSettingsGUI::class):
865  $this->checkPermission('write');
866  $this->setTitleAndDescription();
867  $this->setSubTabs('authSettings');
868  $this->tabs_gui->activateTab('authentication_settings');
869  $this->tabs_gui->activateSubTab('style');
870  $settings_gui = $this->content_style_gui
871  ->objectSettingsGUIForRefId(
872  null,
873  $this->object->getRefId()
874  );
875  $this->ctrl->forwardCommand($settings_gui);
876  break;
877 
878  case strtolower(ilAuthLogoutBehaviourGUI::class):
879  $this->setSubTabs('authSettings');
880  $this->tabs_gui->setTabActive('authentication_settings');
881  $this->tabs_gui->setSubTabActive('logout_behaviour');
882 
883  $gui = new ilAuthLogoutBehaviourGUI();
884  $this->ctrl->forwardCommand($gui);
885  break;
886 
887  default:
888  if (!$cmd) {
889  $cmd = 'authSettings';
890  }
891  $cmd .= 'Object';
892  $this->$cmd();
893 
894  break;
895  }
896  }
897 
898  public function getAdminTabs(): void
899  {
900  $this->getTabs();
901  }
902 
906  protected function getTabs(): void
907  {
908  $this->ctrl->setParameter($this, "ref_id", $this->object->getRefId());
909 
910  if ($this->rbac_system->checkAccess("visible,read", $this->object->getRefId())) {
911  $this->tabs_gui->addTarget(
912  "authentication_settings",
913  $this->ctrl->getLinkTarget($this, "authSettings"),
914  "",
915  "",
916  ""
917  );
918 
919  $this->tabs_gui->addTarget(
920  'registration_settings',
921  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui', 'view')
922  );
923 
924  $this->tabs_gui->addTarget(
925  "auth_ldap",
926  $this->ctrl->getLinkTargetByClass('illdapsettingsgui', 'serverList'),
927  "",
928  "",
929  ""
930  );
931 
932 
933  #$this->tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
934  # "", "", "");
935 
936  $this->tabs_gui->addTarget('auth_shib', $this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui', 'settings'));
937 
938  $this->tabs_gui->addTarget(
939  'auth_cas',
940  $this->ctrl->getLinkTargetByClass('ilcassettingsgui', 'settings')
941  );
942 
943  $this->tabs_gui->addTarget(
944  "auth_soap",
945  $this->ctrl->getLinkTarget($this, "editSOAP"),
946  "",
947  "",
948  ""
949  );
950 
951  $this->tabs_gui->addTarget(
952  "apache_auth_settings",
953  $this->ctrl->getLinkTarget($this, 'apacheAuthSettings'),
954  "",
955  "",
956  ""
957  );
958 
959  $this->tabs_gui->addTarget(
960  'auth_saml',
961  $this->ctrl->getLinkTargetByClass('ilsamlsettingsgui', ilSamlSettingsGUI::DEFAULT_CMD),
962  '',
963  '',
964  ''
965  );
966 
967  $this->tabs_gui->addTab(
968  'auth_oidconnect',
969  $this->lng->txt('auth_oidconnect'),
970  $this->ctrl->getLinkTargetByClass('ilopenidconnectsettingsgui')
971  );
972  }
973 
974  if ($this->rbac_system->checkAccess('edit_permission', $this->object->getRefId())) {
975  $this->tabs_gui->addTarget(
976  "perm_settings",
977  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
978  array("perm","info","owner"),
979  'ilpermissiongui'
980  );
981  }
982  }
983 
984  public function setSubTabs(string $a_tab): void
985  {
986  $this->lng->loadLanguageModule('auth');
987 
988  if ($a_tab === 'authSettings' && $this->access->checkAccess('write', '', $this->object->getRefId())) {
989  $this->tabs_gui->addSubTabTarget(
990  'auth_settings',
991  $this->ctrl->getLinkTarget($this, 'authSettings'),
992  ''
993  );
994 
995  foreach (AuthPageEditorContext::cases() as $auth_ipe_context) {
996  $this->ctrl->setParameterByClass(
997  ilAuthPageEditorGUI::class,
998  ilAuthPageEditorGUI::CONTEXT_HTTP_PARAM,
999  $auth_ipe_context->value
1000  );
1001  $this->tabs_gui->addSubTabTarget(
1002  $auth_ipe_context->tabIdentifier(),
1003  $this->ctrl->getLinkTargetByClass(
1004  ilAuthPageEditorGUI::class,
1005  ilAuthPageEditorGUI::DEFAULT_COMMAND
1006  )
1007  );
1008  $this->ctrl->setParameterByClass(
1009  ilAuthPageEditorGUI::class,
1010  ilAuthPageEditorGUI::CONTEXT_HTTP_PARAM,
1011  null
1012  );
1013  }
1014 
1015  $this->tabs_gui->addSubTabTarget(
1016  'logout_behaviour',
1017  $this->ctrl->getLinkTargetByClass(ilAuthLogoutBehaviourGUI::class, ''),
1018  ''
1019  );
1020 
1021  $this->tabs_gui->addSubTab(
1022  'style',
1023  $this->lng->txt('cont_style'),
1024  $this->ctrl->getLinkTargetByClass(ilObjectContentStyleSettingsGUI::class)
1025  );
1026  }
1027  }
1028 
1029 
1030  public function apacheAuthSettingsObject(?ilPropertyFormGUI $form = null): void
1031  {
1032  $this->tabs_gui->setTabActive("apache_auth_settings");
1033 
1034  if (null === $form) {
1035  $form = $this->getApacheAuthSettingsForm();
1036 
1037  $settings = new ilSetting('apache_auth');
1038  $settingsMap = $settings->getAll();
1039 
1040  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1041  if (file_exists($path) && is_readable($path)) {
1042  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1043  }
1044 
1045  $form->setValuesByArray($settingsMap);
1046  }
1047  $this->tpl->setVariable('ADM_CONTENT', $form->getHtml());
1048  }
1049 
1050  public function saveApacheSettingsObject(): void
1051  {
1052  $form = $this->getApacheAuthSettingsForm();
1053  $form->setValuesByPost();
1054  if ($form->checkInput()) {
1055  $settings = new ilSetting('apache_auth');
1056  $fields = [
1057  'apache_auth_indicator_name', 'apache_auth_indicator_value',
1058  'apache_enable_auth', 'apache_enable_local', 'apache_local_autocreate',
1059  'apache_enable_ldap', 'apache_auth_username_config_type',
1060  'apache_auth_username_direct_mapping_fieldname',
1061  'apache_default_role', 'apache_auth_target_override_login_page',
1062  'apache_auth_enable_override_login_page',
1063  'apache_auth_authenticate_on_login_page',
1064  'apache_ldap_sid'
1065  ];
1066 
1067  foreach ($fields as $field) {
1068  $settings->set($field, (string) $form->getInput($field));
1069  }
1070 
1071  if ($form->getInput('apache_enable_auth')) {
1072  $this->ilias->setSetting('apache_active', '1');
1073  } else {
1074  $this->ilias->setSetting('apache_active', '0');
1075  global $DIC;
1076 
1077  $ilSetting = $DIC['ilSetting'];
1078  if ((int) $ilSetting->get("auth_mode", '0') === ilAuthUtils::AUTH_APACHE) {
1079  $ilSetting->set("auth_mode", (string) ilAuthUtils::AUTH_LOCAL);
1080  }
1081  }
1082 
1083  $allowedDomains = $this->validateApacheAuthAllowedDomains((string) $form->getInput('apache_auth_domains'));
1084  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1085 
1086  $this->tpl->setOnScreenMessage('success', $this->lng->txt('apache_settings_changed_success'), true);
1087  $this->ctrl->redirect($this, 'apacheAuthSettings');
1088  } else {
1089  $this->apacheAuthSettingsObject($form);
1090  }
1091  }
1092 
1093  public function getApacheAuthSettingsForm(): ilPropertyFormGUI
1094  {
1095  $form = new ilPropertyFormGUI();
1096  $form->setFormAction($this->ctrl->getFormAction($this));
1097  $form->setTitle($this->lng->txt('apache_settings'));
1098 
1099  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1100  $chb_enabled->setValue('1');
1101  $form->addItem($chb_enabled);
1102 
1103  $chb_local_create_account = new ilCheckboxInputGUI($this->lng->txt('apache_autocreate'), 'apache_local_autocreate');
1104  $chb_local_create_account->setValue('1');
1105  $chb_enabled->addSubitem($chb_local_create_account);
1106 
1107  $roles = $this->rbac_review->getGlobalRolesArray();
1108  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1109  $roleOptions = [];
1110  foreach ($roles as $role) {
1111  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1112  }
1113  $select->setOptions($roleOptions);
1114  $select->setValue(4);
1115 
1116  $chb_local_create_account->addSubitem($select);
1117 
1118  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1119  $chb_local->setValue('1');
1120  $form->addItem($chb_local);
1121 
1122  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1123  $chb_local->setValue('1');
1124 
1125  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1126 
1127  $this->lng->loadLanguageModule('auth');
1128 
1129  $servers = ilLDAPServer::getServerIds();
1130  if (count($servers)) {
1131  $ldap_server_select = new ilSelectInputGUI($this->lng->txt('auth_ldap_server_ds'), 'apache_ldap_sid');
1132  $options[0] = $this->lng->txt('select_one');
1133  foreach ($servers as $server_id) {
1134  $ldap_server = new ilLDAPServer($server_id);
1135  $options[$server_id] = $ldap_server->getName();
1136  }
1137  $ldap_server_select->setOptions($options);
1138  $ldap_server_select->setRequired(true);
1139 
1140  $ds = ilLDAPServer::getDataSource(ilAuthUtils::AUTH_APACHE);
1141  $ldap_server_select->setValue($ds);
1142 
1143  $chb_ldap->addSubItem($ldap_server_select);
1144  }
1145  $form->addItem($chb_ldap);
1146 
1147  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1148  $txt->setRequired(true);
1149  $form->addItem($txt);
1150 
1151  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1152  $txt->setRequired(true);
1153  $form->addItem($txt);
1154 
1155  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_enable_override_login'), 'apache_auth_enable_override_login_page');
1156  $chb->setValue('1');
1157  $form->addItem($chb);
1158 
1159  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_target_override_login'), 'apache_auth_target_override_login_page');
1160  $txt->setRequired(true);
1161  $chb->addSubItem($txt);
1162 
1163  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_authenticate_on_login_page'), 'apache_auth_authenticate_on_login_page');
1164  $chb->setValue('1');
1165  $form->addItem($chb);
1166 
1167  $sec = new ilFormSectionHeaderGUI();
1168  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1169  $form->addItem($sec);
1170 
1171  $rag = new ilRadioGroupInputGUI($this->lng->txt('apache_auth_username_config_type'), 'apache_auth_username_config_type');
1172  $form->addItem($rag);
1173 
1174  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), "1");
1175  $rag->addOption($rao);
1176 
1177  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_direct_mapping_fieldname'), 'apache_auth_username_direct_mapping_fieldname');
1178  //$txt->setRequired(true);
1179  $rao->addSubItem($txt);
1180 
1181  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), "2");
1182  $rao->setDisabled(true);
1183  $rag->addOption($rao);
1184 
1185  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), "3");
1186  $rag->addOption($rao);
1187 
1188  $sec = new ilFormSectionHeaderGUI();
1189  $sec->setTitle($this->lng->txt('apache_auth_security'));
1190  $form->addItem($sec);
1191 
1192  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1193  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1194 
1195  $form->addItem($txt);
1196 
1197  if ($this->access->checkAccess('write', '', $this->ref_id)) {
1198  $form->addCommandButton('saveApacheSettings', $this->lng->txt('save'));
1199  }
1200  $form->addCommandButton('cancel', $this->lng->txt('cancel'));
1201 
1202  return $form;
1203  }
1204 
1205  private function validateApacheAuthAllowedDomains(string $text): string
1206  {
1207  return implode("\n", preg_split("/[\r\n]+/", $text));
1208  }
1209 
1210  public function registrationSettingsObject(): void
1211  {
1212  $registration_gui = new ilRegistrationSettingsGUI();
1213  $this->ctrl->redirect($registration_gui);
1214  }
1215 }
$namespace
if($err=$client->getError()) $namespace
Definition: dummy_client.php:55
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45
ilObjAuthSettingsGUI\editScriptObject
editScriptObject()
Configure Custom settings.
Definition: class.ilObjAuthSettingsGUI.php:542
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:182
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:326
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:31
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilObjAuthSettingsGUI\getAuthModeTitle
getAuthModeTitle()
get the title of auth mode
Definition: class.ilObjAuthSettingsGUI.php:611
ilObjRole\_lookupRegisterAllowed
static _lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:217
ilRadioOption\setDisabled
setDisabled(bool $a_disabled)
Definition: class.ilRadioOption.php:74
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:301
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
ilSetting\set
set(string $a_key, string $a_val)
Definition: class.ilSetting.php:145
$ext_uid
$ext_uid
Definition: dummy_client.php:24
ILIAS\UI\Component
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilObjAuthSettingsGUI\loginInfoObject
loginInfoObject()
displays login information of all installed languages
Definition: class.ilObjAuthSettingsGUI.php:253
$_POST
$_POST['cmd']
Definition: lti.php:27
ILIAS\Style\Content\GUIService
Facade for consumer gui interface.
Definition: class.GUIService.php:31
ilSelectInputGUI\setOptions
setOptions(array $a_options)
Definition: class.ilSelectInputGUI.php:48
ilAuthUtils\_getActiveAuthModes
static _getActiveAuthModes()
Definition: class.ilAuthUtils.php:261
ilObjAuthSettingsGUI\buildSOAPTestForm
buildSOAPTestForm(string $submit_action)
Definition: class.ilObjAuthSettingsGUI.php:438
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:68
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:196
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:208
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilAuthLogoutBehaviourGUI
ilAuthLogoutBehaviourGUI: ilObjAuthSettingsGUI ilAuthLogoutBehaviourGUI: ilLoginPageGUI ...
Definition: class.ilAuthLogoutBehaviourGUI.php:34
$path
$path
Definition: ltiservices.php:30
ilObjAuthSettingsGUI\buildSOAPForm
buildSOAPForm(string $submit_action)
Definition: class.ilObjAuthSettingsGUI.php:350
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:402
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:664
ilObjAuthSettingsGUI\initAuthModeDetermination
initAuthModeDetermination()
init auth mode determinitation form
Definition: class.ilObjAuthSettingsGUI.php:671
ilObjAuthSettingsGUI\editSOAPObject
editSOAPObject()
Configure soap settings.
Definition: class.ilObjAuthSettingsGUI.php:463
ilObjAuthSettingsGUI\saveScriptObject
saveScriptObject()
validates all input data, save them to database if correct and active chosen auth mode ...
Definition: class.ilObjAuthSettingsGUI.php:581
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:57
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:831
ilObjAuthSettingsGUI\apacheAuthSettingsObject
apacheAuthSettingsObject(?ilPropertyFormGUI $form=null)
Definition: class.ilObjAuthSettingsGUI.php:1030
ilFormGUI\setFormAction
setFormAction(string $a_formaction)
Definition: class.ilFormGUI.php:36
$text
$text
Definition: xapiexit.php:21
ilObjUser\_getNumberOfUsersPerAuthMode
static _getNumberOfUsersPerAuthMode()
get number of users per auth mode
Definition: class.ilObjUser.php:2807
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:46
ilAuthPageEditorGUI
ilAuthPageEditorGUI: ilObjAuthSettingsGUI ilAuthPageEditorGUI: ilLoginPageGUI, ilLogoutPageGUI ...
Definition: class.ilAuthPageEditorGUI.php:29
$soap_pw
$soap_pw
Definition: dummy_client.php:26
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
$DIC
global $DIC
Definition: shib_login.php:25
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:67
ilRegistrationSettingsGUI
Class ilRegistrationSettingsGUI.
Definition: class.ilRegistrationSettingsGUI.php:28
ilias
Class ilObjForumAdministration.
ilPropertyFormGUI\setValuesByArray
setValuesByArray(array $a_values, bool $a_restrict_to_value_keys=false)
Definition: class.ilPropertyFormGUI.php:319
$txt
$txt
Definition: error.php:30
ilObjAuthSettingsGUI\authSettingsObject
authSettingsObject()
display settings menu
Definition: class.ilObjAuthSettingsGUI.php:68
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:59
ilPropertyFormGUI\addCommandButton
addCommandButton(string $a_cmd, string $a_text, string $a_id="")
Definition: class.ilPropertyFormGUI.php:466
ILIAS_DATA_DIR
const ILIAS_DATA_DIR
Definition: constants.php:44
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:938
$new_user
$new_user
Definition: dummy_client.php:28
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:139
ilSOAPAuth\testConnection
static testConnection(string $a_ext_uid, string $a_soap_pw, bool $a_new_user)
Definition: class.ilSOAPAuth.php:23
ilAuthUtils\_getAllAuthModes
static _getAllAuthModes()
Definition: class.ilAuthUtils.php:324
ilSamlSettingsGUI
Class ilSamlSettingsGUI.
Definition: class.ilSamlSettingsGUI.php:30
ilObjAuthSettingsGUI\updateAuthModeDeterminationObject
updateAuthModeDeterminationObject()
update auth mode determination
Definition: class.ilObjAuthSettingsGUI.php:746
$ilSetting
global $ilSetting
Definition: privfeed.php:32
ilObjRole\_updateAuthMode
static _updateAuthMode(array $a_roles)
Definition: class.ilObjRole.php:439
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjectGUI\getReturnLocation
getReturnLocation(string $cmd, string $default_location="")
Get return location for command (command is method name without "Object", e.g.
Definition: class.ilObjectGUI.php:1584
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:383
ilObjAuthSettingsGUI\__construct
__construct($a_data, $a_id, $a_call_by_reference, $a_prepare_output=true)
Definition: class.ilObjAuthSettingsGUI.php:42
ilObjAuthSettingsGUI\saveSOAPObject
saveSOAPObject()
validates all input data, save them to database if correct and active chosen auth mode ...
Definition: class.ilObjAuthSettingsGUI.php:504
$server
$server
Definition: shib_login.php:27
ilObjectGUI\$settings
ilSetting $settings
Definition: class.ilObjectGUI.php:65
ilObjectGUI\checkPermission
checkPermission(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1936