ILIAS  release_4-4 Revision
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthContainerCAS Class Reference

CAS authentication More...

+ Inheritance diagram for ilAuthContainerCAS:
+ Collaboration diagram for ilAuthContainerCAS:

Public Member Functions

 __construct ()
 
 forceAuthentication ($username, $status, $auth)
 Force CAS authentication. More...
 
 loginObserver ($a_username, $a_auth)
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source. More...
 
 initCAS ()
 

Protected Attributes

 $server_version = null
 
 $server_hostname = null
 
 $server_port = null
 
 $server_uri = null
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

CAS authentication

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 14 of file class.ilAuthContainerCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerCAS::__construct ( )

Definition at line 26 of file class.ilAuthContainerCAS.php.

References initCAS().

27  {
28  parent::__construct();
29  $this->initCAS();
30  }
+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerCAS::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)
Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Definition at line 208 of file class.ilAuthContainerCAS.php.

References $ilLog, and $PHPCAS_CLIENT.

209  {
210  global $PHPCAS_CLIENT,$ilLog;
211 
212  $ilLog->write(__METHOD__.': Fetch Data called');
213  return $PHPCAS_CLIENT->isAuthenticated();
214  }
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
$ilLog
$ilLog
Definition: inc.setup_header.php:126

◆ forceAuthentication()

ilAuthContainerCAS::forceAuthentication (   $username,
  $status,
  $auth 
)

Force CAS authentication.

Returns
Parameters
object$username
object$status
object$auth

Definition at line 39 of file class.ilAuthContainerCAS.php.

References $ilLog, and $PHPCAS_CLIENT.

40  {
41  global $PHPCAS_CLIENT,$ilLog;
42 
43  if(!$PHPCAS_CLIENT->isAuthenticated())
44  {
45  $PHPCAS_CLIENT->forceAuthentication();
46  }
47  }
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
$ilLog
$ilLog
Definition: inc.setup_header.php:126

◆ handleLDAPDataSource()

ilAuthContainerCAS::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 157 of file class.ilAuthContainerCAS.php.

References $GLOBALS, $server, AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilUtil\redirect(), and ilLDAPUserSynchronisation\setExternalAccount().

Referenced by loginObserver().

158  {
159  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
160  $server = ilLDAPServer::getInstanceByServerId(
161  ilLDAPServer::getDataSource(AUTH_CAS)
162  );
163 
164  $GLOBALS['ilLog']->write(__METHOD__.' Using ldap data source for user: '.$ext_account);
165 
166  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
167  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
168  $sync->setExternalAccount($ext_account);
169  $sync->setUserData(array());
170  #$sync->forceCreation($this->force_creation);
171  // TODO: Check this
172  $sync->forceCreation(true);
173 
174  try {
175  $internal_account = $sync->sync();
176  }
177  catch(UnexpectedValueException $e) {
178  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
179  $a_auth->status = AUTH_WRONG_LOGIN;
180  $a_auth->logout();
181  return false;
182  }
183  catch(ilLDAPSynchronisationForbiddenException $e) {
184  // No syncronisation allowed => create Error
185  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
186  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
187  $a_auth->logout();
188  return false;
189  }
190  catch(ilLDAPAccountMigrationRequiredException $e) {
191  $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
192  $a_auth->logout();
193  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
194  }
195  $a_auth->setAuth($internal_account);
196  return true;
197  }
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:60
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Definition: class.ilLDAPServer.php:53
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:266
$server
$server
Definition: dummy_client.php:12
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3609
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initCAS()

ilAuthContainerCAS::initCAS ( )
protected

Definition at line 216 of file class.ilAuthContainerCAS.php.

References $ilSetting, CAS_VERSION_2_0, phpCAS\client(), phpCAS\setDebug(), and phpCAS\setNoCasServerValidation().

Referenced by __construct().

217  {
218  global $ilSetting;
219 
220  include_once("./Services/CAS/lib/CAS.php");
221 
222  $this->server_version = CAS_VERSION_2_0;
223  $this->server_hostname = $ilSetting->get('cas_server');
224  $this->server_port = (int) $ilSetting->get('cas_port');
225  $this->server_uri = (string) $ilSetting->get('cas_uri');
226 
227  phpCAS::setDebug();
228  phpCAS::client(
229  $this->server_version,
230  $this->server_hostname,
231  $this->server_port,
232  $this->server_uri
233  );
234  phpCAS::setNoCasServerValidation();
235  }
phpCAS\setNoCasServerValidation
setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1451
phpCAS\client
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
phpCAS\setDebug
setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:465
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:81
$ilSetting
global $ilSetting
Definition: privfeed.php:40
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerCAS::loginObserver (   $a_username,
  $a_auth 
)
See also
ilAuthContainerBase::loginObserver()

Definition at line 52 of file class.ilAuthContainerCAS.php.

References $ilLog, $ilSetting, $PHPCAS_CLIENT, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, handleLDAPDataSource(), IL_PASSWD_MD5, and ilLDAPServer\isDataSourceActive().

53  {
54  global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
55 
56  $ilLog->write(__METHOD__.': Successful CAS login.');
57 
58  // Radius with ldap as data source
59  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
60  if(ilLDAPServer::isDataSourceActive(AUTH_CAS))
61  {
62  return $this->handleLDAPDataSource($a_auth,$a_username);
63  }
64 
65  include_once("./Services/CAS/lib/CAS.php");
66  if ($PHPCAS_CLIENT->getUser() != "")
67  {
68  $username = $PHPCAS_CLIENT->getUser();
69  $ilLog->write(__METHOD__.': Username: '.$username);
70 
71  // Authorize this user
72  include_once('./Services/User/classes/class.ilObjUser.php');
73  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
74 
75  if ($local_user != "")
76  {
77  $a_auth->setAuth($local_user);
78  }
79  else
80  {
81  if (!$ilSetting->get("cas_create_users"))
82  {
83  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
84  $a_auth->logout();
85  return false;
86  }
87 
88  $userObj = new ilObjUser();
89 
90  $local_user = ilAuthUtils::_generateLogin($username);
91 
92  $newUser["firstname"] = $local_user;
93  $newUser["lastname"] = "";
94 
95  $newUser["login"] = $local_user;
96 
97  // set "plain md5" password (= no valid password)
98  $newUser["passwd"] = "";
99  $newUser["passwd_type"] = IL_PASSWD_MD5;
100 
101  //$newUser["gender"] = "m";
102  $newUser["auth_mode"] = "cas";
103  $newUser["ext_account"] = $username;
104  $newUser["profile_incomplete"] = 1;
105 
106  // system data
107  $userObj->assignData($newUser);
108  $userObj->setTitle($userObj->getFullname());
109  $userObj->setDescription($userObj->getEmail());
110 
111  // set user language to system language
112  $userObj->setLanguage($ilSetting->get("language"));
113 
114  // Time limit
115  $userObj->setTimeLimitOwner(7);
116  $userObj->setTimeLimitUnlimited(1);
117  $userObj->setTimeLimitFrom(time());
118  $userObj->setTimeLimitUntil(time());
119 
120  // Create user in DB
121  $userObj->setOwner(0);
122  $userObj->create();
123  $userObj->setActive(1);
124 
125  $userObj->updateOwner();
126 
127  //insert user data in table user_data
128  $userObj->saveAsNew();
129 
130  // setup user preferences
131  $userObj->writePrefs();
132 
133  // to do: test this
134  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
135  unset($userObj);
136 
137  $a_auth->setAuth($local_user);
138  return true;
139  }
140  }
141  else
142  {
143  $ilLog->write(__METHOD__.': Login failed.');
144 
145  // This should never occur unless CAS is not configured properly
146  $a_auth->status = AUTH_WRONG_LOGIN;
147  return false;
148  }
149  return false;
150  }
ilAuthContainerCAS\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerCAS.php:157
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:251
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:525
$ilLog
$ilLog
Definition: inc.setup_header.php:126
IL_PASSWD_MD5
const IL_PASSWD_MD5
Definition: class.ilObjUser.php:5
$ilSetting
global $ilSetting
Definition: privfeed.php:40
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3803
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
+ Here is the call graph for this function:

Field Documentation

◆ $server_hostname

ilAuthContainerCAS::$server_hostname = null
protected

Definition at line 19 of file class.ilAuthContainerCAS.php.

◆ $server_port

ilAuthContainerCAS::$server_port = null
protected

Definition at line 20 of file class.ilAuthContainerCAS.php.

◆ $server_uri

ilAuthContainerCAS::$server_uri = null
protected

Definition at line 21 of file class.ilAuthContainerCAS.php.

◆ $server_version

ilAuthContainerCAS::$server_version = null
protected

Definition at line 18 of file class.ilAuthContainerCAS.php.

The documentation for this class was generated from the following file: