ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilAuthContainerCAS Class Reference

@classDescription CAS authentication More...

+ Inheritance diagram for ilAuthContainerCAS:
+ Collaboration diagram for ilAuthContainerCAS:

Public Member Functions

 __construct ()
 
 forceAuthentication ($username, $status, $auth)
 Force CAS authentication. More...
 
 loginObserver ($a_username, $a_auth)
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source. More...
 
 initCAS ()
 

Protected Attributes

 $server_version = null
 
 $server_hostname = null
 
 $server_port = null
 
 $server_uri = null
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

@classDescription CAS authentication

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 14 of file class.ilAuthContainerCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerCAS::__construct ( )

Definition at line 26 of file class.ilAuthContainerCAS.php.

27 {
28 parent::__construct();
29 $this->initCAS();
30 }

References initCAS().

+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerCAS::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)
Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Reimplemented from Auth_Container.

Definition at line 208 of file class.ilAuthContainerCAS.php.

209 {
210 global $PHPCAS_CLIENT,$ilLog;
211
212 $ilLog->write(__METHOD__.': Fetch Data called');
213 return $PHPCAS_CLIENT->isAuthenticated();
214 }
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176

References $ilLog, and $PHPCAS_CLIENT.

◆ forceAuthentication()

ilAuthContainerCAS::forceAuthentication (   $username,
  $status,
  $auth 
)

Force CAS authentication.

Returns
Parameters
object$username
object$status
object$auth

Definition at line 39 of file class.ilAuthContainerCAS.php.

40 {
42
43 if(!$PHPCAS_CLIENT->isAuthenticated())
44 {
45 $PHPCAS_CLIENT->forceAuthentication();
46 }
47 }

References $ilLog, and $PHPCAS_CLIENT.

◆ handleLDAPDataSource()

ilAuthContainerCAS::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 157 of file class.ilAuthContainerCAS.php.

158 {
159 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
162 );
163
164 $GLOBALS['ilLog']->write(__METHOD__.' Using ldap data source for user: '.$ext_account);
165
166 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
167 $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
168 $sync->setExternalAccount($ext_account);
169 $sync->setUserData(array());
170 #$sync->forceCreation($this->force_creation);
171 // TODO: Check this
172 $sync->forceCreation(true);
173
174 try {
175 $internal_account = $sync->sync();
176 }
177 catch(UnexpectedValueException $e) {
178 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
179 $a_auth->status = AUTH_WRONG_LOGIN;
180 $a_auth->logout();
181 return false;
182 }
184 // No syncronisation allowed => create Error
185 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
186 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
187 $a_auth->logout();
188 return false;
189 }
191 $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
192 $a_auth->logout();
193 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
194 }
195 $a_auth->setAuth($internal_account);
196 return true;
197 }
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
const AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS
Description of ilLDAPAccountMigrationRequiredException.
static getDataSource($a_auth_mode)
static getInstanceByServerId($a_server_id)
Get instance by server id.
Synchronization of user accounts used in auth container ldap, radius , cas,...
static redirect($a_script)
http redirect to other script
$server
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276

References $GLOBALS, $server, AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), and ilUtil\redirect().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initCAS()

ilAuthContainerCAS::initCAS ( )
protected

Definition at line 216 of file class.ilAuthContainerCAS.php.

217 {
218 global $ilSetting;
219
220 include_once("./Services/CAS/lib/CAS.php");
221
222 $this->server_version = CAS_VERSION_2_0;
223 $this->server_hostname = $ilSetting->get('cas_server');
224 $this->server_port = (int) $ilSetting->get('cas_port');
225 $this->server_uri = (string) $ilSetting->get('cas_uri');
226
229 $this->server_version,
230 $this->server_hostname,
231 $this->server_port,
232 $this->server_uri
233 );
235 }
setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1451
setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:465
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
const CAS_VERSION_2_0
Definition: CAS.php:81
global $ilSetting
Definition: privfeed.php:40

References $ilSetting, CAS_VERSION_2_0, phpCAS\client(), phpCAS\setDebug(), and phpCAS\setNoCasServerValidation().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerCAS::loginObserver (   $a_username,
  $a_auth 
)
See also
ilAuthContainerBase::loginObserver()

Reimplemented from ilAuthContainerBase.

Definition at line 52 of file class.ilAuthContainerCAS.php.

53 {
54 global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
55
56 $ilLog->write(__METHOD__.': Successful CAS login.');
57
58 // Radius with ldap as data source
59 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
61 {
62 return $this->handleLDAPDataSource($a_auth,$a_username);
63 }
64
65 include_once("./Services/CAS/lib/CAS.php");
66 if ($PHPCAS_CLIENT->getUser() != "")
67 {
68 $username = $PHPCAS_CLIENT->getUser();
69 $ilLog->write(__METHOD__.': Username: '.$username);
70
71 // Authorize this user
72 include_once('./Services/User/classes/class.ilObjUser.php');
73 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
74
75 if ($local_user != "")
76 {
77 $a_auth->setAuth($local_user);
78 }
79 else
80 {
81 if (!$ilSetting->get("cas_create_users"))
82 {
83 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
84 $a_auth->logout();
85 return false;
86 }
87
88 $userObj = new ilObjUser();
89
90 $local_user = ilAuthUtils::_generateLogin($username);
91
92 $newUser["firstname"] = $local_user;
93 $newUser["lastname"] = "";
94
95 $newUser["login"] = $local_user;
96
97 // set "plain md5" password (= no valid password)
98 $newUser["passwd"] = "";
99 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
100
101 //$newUser["gender"] = "m";
102 $newUser["auth_mode"] = "cas";
103 $newUser["ext_account"] = $username;
104 $newUser["profile_incomplete"] = 1;
105
106 // system data
107 $userObj->assignData($newUser);
108 $userObj->setTitle($userObj->getFullname());
109 $userObj->setDescription($userObj->getEmail());
110
111 // set user language to system language
112 $userObj->setLanguage($ilSetting->get("language"));
113
114 // Time limit
115 $userObj->setTimeLimitOwner(7);
116 $userObj->setTimeLimitUnlimited(1);
117 $userObj->setTimeLimitFrom(time());
118 $userObj->setTimeLimitUntil(time());
119
120 // Create user in DB
121 $userObj->setOwner(0);
122 $userObj->create();
123 $userObj->setActive(1);
124
125 $userObj->updateOwner();
126
127 //insert user data in table user_data
128 $userObj->saveAsNew();
129
130 // setup user preferences
131 $userObj->writePrefs();
132
133 // to do: test this
134 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
135 unset($userObj);
136
137 $a_auth->setAuth($local_user);
138 return true;
139 }
140 }
141 else
142 {
143 $ilLog->write(__METHOD__.': Login failed.');
144
145 // This should never occur unless CAS is not configured properly
146 $a_auth->status = AUTH_WRONG_LOGIN;
147 return false;
148 }
149 return false;
150 }
const IL_PASSWD_CRYPTED
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user

References $ilLog, $ilSetting, $PHPCAS_CLIENT, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, handleLDAPDataSource(), IL_PASSWD_CRYPTED, and ilLDAPServer\isDataSourceActive().

+ Here is the call graph for this function:

Field Documentation

◆ $server_hostname

ilAuthContainerCAS::$server_hostname = null
protected

Definition at line 19 of file class.ilAuthContainerCAS.php.

◆ $server_port

ilAuthContainerCAS::$server_port = null
protected

Definition at line 20 of file class.ilAuthContainerCAS.php.

◆ $server_uri

ilAuthContainerCAS::$server_uri = null
protected

Definition at line 21 of file class.ilAuthContainerCAS.php.

◆ $server_version

ilAuthContainerCAS::$server_version = null
protected

Definition at line 18 of file class.ilAuthContainerCAS.php.


The documentation for this class was generated from the following file: