7 define (
"AUTH_LOCAL",1);
8 define (
"AUTH_LDAP",2);
9 define (
"AUTH_RADIUS",3);
10 define (
"AUTH_SCRIPT",4);
11 define (
"AUTH_SHIBBOLETH",5);
12 define (
"AUTH_CAS",6);
13 define (
"AUTH_SOAP",7);
15 define (
"AUTH_HTTP",8);
17 define (
"AUTH_ECS",9);
18 define(
'AUTH_OPENID',10);
20 define (
"AUTH_APACHE",11);
22 define (
"AUTH_INACTIVE",18);
24 define(
'AUTH_MULTIPLE',20);
26 define(
'AUTH_SOAP_NO_ILIAS_USER', -100);
27 define(
'AUTH_LDAP_NO_ILIAS_USER',-200);
28 define(
'AUTH_RADIUS_NO_ILIAS_USER',-300);
29 define(
'AUTH_OPENID_NO_ILIAS_USER',-400);
34 define(
'AUTH_APACHE_FAILED', -500);
37 define(
'AUTH_MODE_INACTIVE',-1000);
41 define(
'AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
42 define(
'AUTH_CAS_NO_ILIAS_USER', -90);
45 define(
'AUTH_USER_WRONG_IP', -600);
46 define(
'AUTH_USER_INACTIVE', -601);
47 define(
'AUTH_USER_TIME_LIMIT_EXCEEDED', -602);
48 define(
'AUTH_USER_SIMULTANEOUS_LOGIN', -603);
49 define(
'AUTH_CAPTCHA_INVALID', -604);
50 define(
'AUTH_USER_INACTIVE_LOGIN_ATTEMPTS', -605);
53 include_once
'./Services/Authentication/classes/class.ilAuthFactory.php';
54 require_once(
'Services/Authentication/classes/class.ilSessionControl.php');
78 $user_auth_mode =
false;
79 $ilBench->start(
'Auth',
'initAuth');
84 define (
"AUTH_DEFAULT", $ilSetting->get(
"auth_mode") ? $ilSetting->get(
"auth_mode") :
AUTH_LOCAL);
90 (!isset(
$_SESSION[
'_authsession'][
'registered']) ||
91 $_SESSION[
'_authsession'][
'registered'] !==
true))
94 if (isset(
$_POST[
'username']) and
$_POST[
'username'] !=
'' and
$_POST[
'password'] !=
'' or isset(
$_GET[
'ecs_hash']) or isset(
$_GET[
'ecs_hash_url']) or isset(
$_POST[
'oid_username']) or isset(
$_GET[
'oid_check_status']))
99 if ($user_auth_mode ==
AUTH_CAS && $ilSetting->get(
"cas_allow_local"))
103 if ($user_auth_mode ==
AUTH_SOAP && $ilSetting->get(
"soap_auth_allow_local"))
107 if ($user_auth_mode ==
AUTH_SHIBBOLETH && $ilSetting->get(
"shib_auth_allow_local"))
119 if (!$ilSetting->get(
"soap_auth_active") && $user_auth_mode ==
AUTH_SOAP)
124 if($ilSetting->get(
"cas_active") &&
$_GET[
'forceCASLogin'])
130 if($ilSetting->get(
"apache_active") && $user_auth_mode ==
AUTH_APACHE)
156 if (($ilSetting->get(
"soap_auth_active") && !empty(
$_GET[
"ext_uid"])
164 else if ( $ilSetting->get(
"shib_active")
165 &&
$_SERVER[$ilSetting->get(
"shib_login")])
171 define (
"AUTH_CURRENT", $user_auth_mode);
188 $authmode = AUTH_CURRENT;
192 if ($authmode == null && AUTH_DEFAULT ==
AUTH_APACHE)
197 switch ((
int) $authmode)
201 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
203 include_once
'./Services/LDAP/classes/class.ilAuthContainerLDAP.php';
209 include_once
'./Services/Radius/classes/class.ilAuthContainerRadius.php';
215 $auth_params = array();
216 $auth_params[
'sessionName'] =
"_authhttp".md5($realm);
217 $ilAuth =
new ShibAuth($auth_params,
true);
222 include_once
'./Services/CAS/classes/class.ilAuthContainerCAS.php';
228 include_once
'./Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
234 include_once
'./Services/Authentication/classes/class.ilAuthContainerMultiple.php';
239 include_once
'./Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
245 include_once
'./Services/OpenId/classes/class.ilAuthContainerOpenId.php';
250 require_once(
'./Services/Authentication/classes/class.ilAuthInactive.php');
255 include_once
'./Services/AuthApache/classes/class.ilAuthContainerApache.php';
263 include_once
'./Services/Database/classes/class.ilAuthContainerMDB2.php';
271 foreach(self::getAuthPlugins() as $pl)
273 $container = $pl->getContainer($authmode);
282 #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication'); 284 include_once
'./Services/Database/classes/class.ilAuthContainerMDB2.php';
297 $ilAuth->setExpire(0);
299 ini_set(
"session.cookie_lifetime",
"0");
305 $ilBench->stop(
'Auth',
'initAuth');
312 if(isset(
$_GET[
'ecs_hash']) or isset(
$_GET[
'ecs_hash_url']))
317 if(isset(
$_POST[
'auth_mode']))
320 return $_POST[
'auth_mode'];
323 if(isset(
$_POST[
'oid_username']) or
$_GET[
'oid_check_status'])
329 include_once(
'./Services/Authentication/classes/class.ilAuthModeDetermination.php');
332 if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
341 if ($a_db_handler !=
'')
343 $db =& $a_db_handler;
348 $q =
"SELECT auth_mode FROM usr_data WHERE ".
349 "login = ".$ilDB->quote($a_username);
358 $auth_mode = self::_getAuthMode(
$row->auth_mode,$db);
360 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode :
AUTH_INACTIVE;
369 if ($a_db_handler !=
'')
371 $db =& $a_db_handler;
375 if(strpos($a_auth_mode,
'_') !== FALSE)
377 $auth_arr = explode(
'_',$a_auth_mode);
378 $auth_switch = $auth_arr[0];
382 $auth_switch = $a_auth_mode;
384 switch ($auth_switch)
392 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
426 return $ilSetting->get(
"auth_mode");
436 switch ((
int) $a_auth_key)
444 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
488 'default' => $ilSetting->get(
"auth_mode"),
491 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
495 $modes[
'ldap_'.$sid] = (
AUTH_LDAP.
'_'.$sid);
498 if ($ilSetting->get(
"radius_active")) $modes[
'radius'] =
AUTH_RADIUS;
499 if ($ilSetting->get(
"shib_active")) $modes[
'shibboleth'] =
AUTH_SHIBBOLETH;
500 if ($ilSetting->get(
"script_active")) $modes[
'script'] =
AUTH_SCRIPT;
501 if ($ilSetting->get(
"cas_active")) $modes[
'cas'] =
AUTH_CAS;
502 if ($ilSetting->get(
"soap_auth_active")) $modes[
'soap'] =
AUTH_SOAP;
503 if ($ilSetting->get(
"apache_active")) $modes[
'apache'] =
AUTH_APACHE;
505 include_once
'./Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
511 include_once
'./Services/OpenId/classes/class.ilOpenIdSettings.php';
518 foreach(self::getAuthPlugins() as $pl)
520 foreach($pl->getAuthIds() as $auth_id)
522 if($pl->isAuthActive($auth_id))
524 $modes[$pl->getAuthName($auth_id)] = $auth_id;
546 foreach($modes as $mode)
577 $r = $ilDB->query(
"SELECT login FROM usr_data WHERE login = ".
578 $ilDB->quote($c_login));
579 if (
$r->numRows() > 0)
582 $c_login = $a_login.$postfix;
595 include_once(
'Services/Radius/classes/class.ilRadiusSettings.php');
598 if($rad_settings->isActive())
602 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
609 if ($ilSetting->get(
'apache_active')) {
616 foreach($pl->getAuthIds() as $auth_id)
618 if($pl->getMultipleAuthModeOptions($auth_id))
635 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
648 include_once(
'Services/Radius/classes/class.ilRadiusSettings.php');
650 if($rad_settings->isActive())
655 if ($ilSetting->get(
'apache_active'))
658 $apache_settings =
new ilSetting(
'apache_auth');
676 $default = $ilSetting->get(
'default_auth_mode',$default);
684 $auths = $pl->getAuthIds();
685 foreach($auths as $auth_id)
687 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
696 if(array_key_exists($default,
$options))
698 $options[$default][
'checked'] =
true;
717 if($ilSetting->get(
"cas_active"))
721 if($ilSetting->get(
"soap_auth_active"))
725 if($ilSetting->get(
"shib_active"))
729 if($ilSetting->get(
'radius_active'))
733 include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
738 include_once
'./Services/OpenId/classes/class.ilOpenIdSettings.php';
745 foreach(self::getAuthPlugins() as $pl)
747 foreach($pl->getAuthIds() as $auth_id)
749 if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
772 switch((
int) $a_auth_mode)
807 public static function isPasswordModificationHidden()
812 if ($ilSetting->get(
'usr_settings_hide_password') || $ilSetting->get(
'usr_settings_disable_password')) {
828 if (self::isPasswordModificationHidden()) {
834 switch((
int) $a_authmode)
851 return $ilSetting->get(
"shib_auth_allow_local");
853 return $ilSetting->get(
"soap_auth_allow_local");
855 return $ilSetting->get(
"cas_allow_local");
868 switch((
int) $a_authmode)
900 $pls =
$GLOBALS[
'ilPluginAdmin']->getActivePluginsForSlot(
908 $pl_objs[] =
$GLOBALS[
'ilPluginAdmin']->getPluginObject(
927 switch((
int) $a_auth_key)
930 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
936 return $lng->txt(
'auth_'.self::_getAuthModeName($a_auth_key));
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
static getInstance()
Get singleton instance.
static _hasMultipleAuthenticationMethods()
static _getServerList()
Get list of all configured servers.
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups...
static getInstance()
Get singleton instance.
static getAuthModeByKey($a_auth_key)
get auth mode by key
static supportsLocalPasswordValidation($a_authmode)
Check if local password validation is supported.
static _getActiveServerList()
Get active server list.
Authentication against ILIAS database.
static _needsExternalAccountByAuthMode($a_auth_mode)
Check if chosen auth mode needs an external account entry.
static _getAuthModeName($a_auth_key)
static getInstanceByServerId($a_server_id)
Get instance by server id.
const DB_FETCHMODE_OBJECT
_getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
static _allowPasswordModificationByAuthMode($a_auth_mode)
Allow password modification.
static utility functions used to manage authentication modes
static getAuthPlugins()
Get active enabled auth plugins.
if(!is_array($argv)) $options
static _getMultipleAuthModeOptions($lng)
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
static _getInstance()
singleton get instance
static setContext($a_context)
set context
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
_getAuthMode($a_auth_mode, $a_db_handler='')
static _isExternalAccountEnabled()
Check if an external account name is required.
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
_initAuth()
initialises $ilAuth
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
const WebDAV_Authentication
static _getInstance()
Get instance.
static getAuthModeTranslation($a_auth_key)
Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius aut...
Authentication against ILIAS database.
static factory(ilAuthContainerBase $deco)
The factory.
static getLogger($a_component_id)
Get component logger.
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Authentication against external SOAP server
Custom PEAR Auth Container for ECS auth checks.
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Pear auth container for openid