ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthContainerCAS.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once 'Auth/Container.php';
5 
6 
14 class ilAuthContainerCAS extends Auth_Container
15 {
16 
17 
18  protected $server_version = null;
19  protected $server_hostname = null;
20  protected $server_port = null;
21  protected $server_uri = null;
22 
23 
26  public function __construct()
27  {
28  parent::__construct();
29  $this->initCAS();
30  }
31 
39  public function forceAuthentication($username,$status,$auth)
40  {
41  global $PHPCAS_CLIENT,$ilLog;
42 
43  if(!$PHPCAS_CLIENT->isAuthenticated())
44  {
45  $PHPCAS_CLIENT->forceAuthentication();
46  }
47  }
48 
52  public function loginObserver($a_username, $a_auth)
53  {
54  global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
55 
56  $ilLog->write(__METHOD__.': Successful CAS login.');
57 
58  // Radius with ldap as data source
59  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
60  if(ilLDAPServer::isDataSourceActive(AUTH_CAS))
61  {
62  return $this->handleLDAPDataSource($a_auth,$a_username);
63  }
64 
65  include_once("./Services/CAS/lib/CAS.php");
66  if ($PHPCAS_CLIENT->getUser() != "")
67  {
68  $username = $PHPCAS_CLIENT->getUser();
69  $ilLog->write(__METHOD__.': Username: '.$username);
70 
71  // Authorize this user
72  include_once('./Services/User/classes/class.ilObjUser.php');
73  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
74 
75  if ($local_user != "")
76  {
77  $a_auth->setAuth($local_user);
78  }
79  else
80  {
81  if (!$ilSetting->get("cas_create_users"))
82  {
83  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
84  $a_auth->logout();
85  return false;
86  }
87 
88  $userObj = new ilObjUser();
89 
90  $local_user = ilAuthUtils::_generateLogin($username);
91 
92  $newUser["firstname"] = $local_user;
93  $newUser["lastname"] = "";
94 
95  $newUser["login"] = $local_user;
96 
97  // set "plain md5" password (= no valid password)
98  $newUser["passwd"] = "";
99  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
100 
101  //$newUser["gender"] = "m";
102  $newUser["auth_mode"] = "cas";
103  $newUser["ext_account"] = $username;
104  $newUser["profile_incomplete"] = 1;
105 
106  // system data
107  $userObj->assignData($newUser);
108  $userObj->setTitle($userObj->getFullname());
109  $userObj->setDescription($userObj->getEmail());
110 
111  // set user language to system language
112  $userObj->setLanguage($ilSetting->get("language"));
113 
114  // Time limit
115  $userObj->setTimeLimitOwner(7);
116  $userObj->setTimeLimitUnlimited(1);
117  $userObj->setTimeLimitFrom(time());
118  $userObj->setTimeLimitUntil(time());
119 
120  // Create user in DB
121  $userObj->setOwner(0);
122  $userObj->create();
123  $userObj->setActive(1);
124 
125  $userObj->updateOwner();
126 
127  //insert user data in table user_data
128  $userObj->saveAsNew();
129 
130  // setup user preferences
131  $userObj->writePrefs();
132 
133  // to do: test this
134  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
135  unset($userObj);
136 
137  $a_auth->setAuth($local_user);
138  return true;
139  }
140  }
141  else
142  {
143  $ilLog->write(__METHOD__.': Login failed.');
144 
145  // This should never occur unless CAS is not configured properly
146  $a_auth->status = AUTH_WRONG_LOGIN;
147  return false;
148  }
149  return false;
150  }
151 
157  protected function handleLDAPDataSource($a_auth,$ext_account)
158  {
159  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
160  $server = ilLDAPServer::getInstanceByServerId(
161  ilLDAPServer::getDataSource(AUTH_CAS)
162  );
163 
164  $GLOBALS['ilLog']->write(__METHOD__.' Using ldap data source for user: '.$ext_account);
165 
166  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
167  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
168  $sync->setExternalAccount($ext_account);
169  $sync->setUserData(array());
170  #$sync->forceCreation($this->force_creation);
171  // TODO: Check this
172  $sync->forceCreation(true);
173 
174  try {
175  $internal_account = $sync->sync();
176  }
177  catch(UnexpectedValueException $e) {
178  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
179  $a_auth->status = AUTH_WRONG_LOGIN;
180  $a_auth->logout();
181  return false;
182  }
183  catch(ilLDAPSynchronisationForbiddenException $e) {
184  // No syncronisation allowed => create Error
185  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
186  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
187  $a_auth->logout();
188  return false;
189  }
190  catch(ilLDAPAccountMigrationRequiredException $e) {
191  $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
192  $a_auth->logout();
193  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
194  }
195  $a_auth->setAuth($internal_account);
196  return true;
197  }
198 
199 
200 
208  public function fetchData($a_username,$a_password,$isChallengeResponse = false)
209  {
210  global $PHPCAS_CLIENT,$ilLog;
211 
212  $ilLog->write(__METHOD__.': Fetch Data called');
213  return $PHPCAS_CLIENT->isAuthenticated();
214  }
215 
216  protected function initCAS()
217  {
218  global $ilSetting;
219 
220  include_once("./Services/CAS/lib/CAS.php");
221 
222  $this->server_version = CAS_VERSION_2_0;
223  $this->server_hostname = $ilSetting->get('cas_server');
224  $this->server_port = (int) $ilSetting->get('cas_port');
225  $this->server_uri = (string) $ilSetting->get('cas_uri');
226 
227  phpCAS::setDebug();
228  phpCAS::client(
229  $this->server_version,
230  $this->server_hostname,
231  $this->server_port,
232  $this->server_uri
233  );
234  phpCAS::setNoCasServerValidation();
235  }
236 
237 }
238 ?>
Auth_Container
Definition: Container.php:39
ilAuthContainerCAS\forceAuthentication
forceAuthentication($username, $status, $auth)
Force CAS authentication.
Definition: class.ilAuthContainerCAS.php:39
phpCAS\setNoCasServerValidation
setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1451
ilAuthContainerCAS\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerCAS.php:157
phpCAS\client
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
$auth
$auth
Definition: inc.check_pear.php:55
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
ilAuthContainerCAS\fetchData
fetchData($a_username, $a_password, $isChallengeResponse=false)
Definition: class.ilAuthContainerCAS.php:208
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
phpCAS\setDebug
setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:465
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:299
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:567
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:314
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:81
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$server
$server
Definition: dummy_client.php:12
$ilSetting
global $ilSetting
Definition: privfeed.php:40
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3635
ilAuthContainerCAS\loginObserver
loginObserver($a_username, $a_auth)
Definition: class.ilAuthContainerCAS.php:52