ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static initSession ()
 Initialize session. More...
 
static handleForcedAuthentication ()
 
static _initAuth ()
 initialises $ilAuth More...
 
static _getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key)
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 63 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

public

Parameters
intauth_mode

Definition at line 807 of file class.ilAuthUtils.php.

References AUTH_ECS, AUTH_LDAP, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

808  {
809  // begin-patch ldap_multiple
810  // cast to int
811  switch((int) $a_auth_mode)
812  {
813  case AUTH_LDAP:
814  case AUTH_RADIUS:
815  case AUTH_ECS:
816  return false;
817  default:
818  return true;
819  }
820  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 611 of file class.ilAuthUtils.php.

References $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderApache\createNewAccount(), ilAuthProviderECS\createUser(), ilAuthContainerECS\createUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), and ilLDAPAttributeToUser\usersToXML().

612  {
613  global $ilDB;
614 
615  // Check if username already exists
616  $found = false;
617  $postfix = 0;
618  $c_login = $a_login;
619  while(!$found)
620  {
621  $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
622  $ilDB->quote($c_login));
623  if ($r->numRows() > 0)
624  {
625  $postfix++;
626  $c_login = $a_login.$postfix;
627  }
628  else
629  {
630  $found = true;
631  }
632  }
633 
634  return $c_login;
635  }
$r
$r
Definition: example_031.php:79
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 533 of file class.ilAuthUtils.php.

References $ilSetting, ilLDAPServer\_getActiveServerList(), array, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilObjUserGUI\getValues().

534  {
535  global $ilias,$ilSetting;
536 
537  $modes = array(
538  'default' => $ilSetting->get("auth_mode"),
539  'local' => AUTH_LOCAL
540  );
541  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
542  // begin-patch ldap_multiple
543  foreach(ilLDAPServer::_getActiveServerList() as $sid)
544  {
545  $modes['ldap_'.$sid] = (AUTH_LDAP.'_'.$sid);
546  }
547  // end-patch ldap_multiple
548  if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
549  if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
550  if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
551  if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
552  if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
553  if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
554 
555  include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
556  if(ilECSServerSettings::getInstance()->activeServerExists())
557  {
558  $modes['ecs'] = AUTH_ECS;
559  }
560 
561  // begin-path auth_plugin
562  foreach(self::getAuthPlugins() as $pl)
563  {
564  foreach($pl->getAuthIds() as $auth_id)
565  {
566  if($pl->isAuthActive($auth_id))
567  {
568  $modes[$pl->getAuthName($auth_id)] = $auth_id;
569  }
570  }
571  }
572  // end-path auth_plugin
573  return $modes;
574  }
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
$ilSetting
global $ilSetting
Definition: privfeed.php:17
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 576 of file class.ilAuthUtils.php.

References $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), array, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

577  {
578  $modes = array(
579  AUTH_LOCAL,
580  AUTH_LDAP,
581  AUTH_SHIBBOLETH,
582  AUTH_CAS,
583  AUTH_SOAP,
584  AUTH_RADIUS,
585  AUTH_ECS,
586  AUTH_OPENID,
587  AUTH_APACHE
588  );
589  $ret = array();
590  foreach($modes as $mode)
591  {
592  // multi ldap implementation
593  if($mode == AUTH_LDAP)
594  {
595  foreach(ilLDAPServer::_getServerList() as $ldap_id)
596  {
597  $id = AUTH_LDAP . '_' . $ldap_id;
598  $ret[$id] = ilAuthUtils::_getAuthModeName($id);
599  }
600  continue;
601  }
602  $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
603  }
604  return $ret;
605  }
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:200
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:484
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
$ret
$ret
Definition: parser.php:6
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 419 of file class.ilAuthUtils.php.

References $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilLDAPServer\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilObjUser\getAuthMode(), ilAuthContainerMDB2\loginObserver(), and ilObjUserGUI\updateObject().

420  {
421  global $ilDB, $ilSetting;
422 
423  $db =& $ilDB;
424 
425  if ($a_db_handler != '')
426  {
427  $db =& $a_db_handler;
428  }
429 
430  // begin-patch ldap_multiple
431  if(strpos($a_auth_mode, '_') !== FALSE)
432  {
433  $auth_arr = explode('_',$a_auth_mode);
434  $auth_switch = $auth_arr[0];
435  }
436  else
437  {
438  $auth_switch = $a_auth_mode;
439  }
440  switch ($auth_switch)
441  {
442  case "local":
443  return AUTH_LOCAL;
444  break;
445 
446  case "ldap":
447  // begin-patch ldap_multiple
448  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
449  return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
450  // end-patch ldap_multiple
451 
452  case "radius":
453  return AUTH_RADIUS;
454  break;
455 
456  case "script":
457  return AUTH_SCRIPT;
458  break;
459 
460  case "shibboleth":
461  return AUTH_SHIBBOLETH;
462  break;
463 
464  case "cas":
465  return AUTH_CAS;
466  break;
467 
468  case "soap":
469  return AUTH_SOAP;
470  break;
471 
472  case 'ecs':
473  return AUTH_ECS;
474 
475  case 'apache':
476  return AUTH_APACHE;
477 
478  default:
479  return $ilSetting->get("auth_mode");
480  break;
481  }
482  }
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:416
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 484 of file class.ilAuthUtils.php.

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilLDAPServer\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilObjUserGUI\getValues(), ilUserImportParser\importEndTag(), and ilUserImportParser\verifyEndTag().

485  {
486  global $ilias;
487 
488  // begin-patch ldap_multiple
489  switch ((int) $a_auth_key)
490  {
491  case AUTH_LOCAL:
492  return "local";
493  break;
494 
495  case AUTH_LDAP:
496  // begin-patch ldap_multiple
497  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
498  return ilLDAPServer::getAuthModeByKey($a_auth_key);
499  // end-patch ldap_multiple
500 
501  case AUTH_RADIUS:
502  return "radius";
503  break;
504 
505  case AUTH_CAS:
506  return "cas";
507  break;
508 
509  case AUTH_SCRIPT:
510  return "script";
511  break;
512 
513  case AUTH_SHIBBOLETH:
514  return "shibboleth";
515  break;
516 
517  case AUTH_SOAP:
518  return "soap";
519  break;
520 
521  case AUTH_ECS:
522  return 'ecs';
523 
524  case AUTH_APACHE:
525  return 'apache';
526 
527  default:
528  return "default";
529  break;
530  }
531  }
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:401
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeOfUser()

static ilAuthUtils::_getAuthModeOfUser (   $a_username,
  $a_password,
  $a_db_handler = '' 
)
static

Definition at line 369 of file class.ilAuthUtils.php.

References $_GET, $_POST, $ilDB, $r, $row, ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, ilAuthFactory\CONTEXT_ECS, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and ilAuthFactory\setContext().

Referenced by _initAuth().

370  {
371  global $ilDB;
372 
373  if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
374  {
375  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
376  return AUTH_ECS;
377  }
378  if(isset($_POST['auth_mode']))
379  {
380  // begin-patch ldap_multiple
381  return $_POST['auth_mode'];
382  // end-patch ldap_multiple
383  }
384 
385  include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
386  $det = ilAuthModeDetermination::_getInstance();
387 
388  if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
389  {
390  ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
391  return AUTH_MULTIPLE;
392  }
393 
394 
395  $db =& $ilDB;
396 
397  if ($a_db_handler != '')
398  {
399  $db =& $a_db_handler;
400  }
401 
402  // Is it really necessary to check the auth mode with password ?
403  // Changed: smeyer
404  $q = "SELECT auth_mode FROM usr_data WHERE ".
405  "login = ".$ilDB->quote($a_username);
406  //"passwd = ".$ilDB->quote(md5($a_password))."";
407 
408 
409  $r = $db->query($q);
410  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
411 //echo "+".$row->auth_mode."+";
412 
413 
414  $auth_mode = self::_getAuthMode($row->auth_mode,$db);
415 
416  return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
417  }
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:21
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:23
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$r
$r
Definition: example_031.php:79
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:95
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 674 of file class.ilAuthUtils.php.

References $ilSetting, $lng, $options, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), array, AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

675  {
676  global $ilSetting;
677 
678  // in the moment only ldap is activated as additional authentication method
679  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
680 
681  $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
682 
683 
684  // begin-patch ldap_multiple
685  foreach(ilLDAPServer::_getActiveServerList() as $sid)
686  {
687  $server = ilLDAPServer::getInstanceByServerId($sid);
688  $options[AUTH_LDAP.'_'.$sid]['txt'] = $server->getName();
689  }
690  // end-patch ldap_multiple
691 
692  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
693  $rad_settings = ilRadiusSettings::_getInstance();
694  if($rad_settings->isActive())
695  {
696  $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
697  }
698 
699  if ($ilSetting->get('apache_active'))
700  {
701  global $lng;
702  $apache_settings = new ilSetting('apache_auth');
703  $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
704  $options[AUTH_APACHE]['hide_in_ui'] = true;
705  }
706 
707  if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
708  {
709  $default = AUTH_LDAP;
710  }
711  elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
712  {
713  $default = AUTH_RADIUS;
714  }
715  else
716  {
717  $default = AUTH_LOCAL;
718  }
719 
720  $default = $ilSetting->get('default_auth_mode',$default);
721  $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
722 
723 
724  // begin-patch auth_plugin
725  $pls = ilAuthUtils::getAuthPlugins();
726  foreach($pls as $pl)
727  {
728  $auths = $pl->getAuthIds();
729  foreach($auths as $auth_id)
730  {
731  $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
732  if($pl_auth_option)
733  {
734  $options = $options + $pl_auth_option;
735  }
736  }
737  }
738  // end-patch auth_plugins
739 
740  if(array_key_exists($default, $options))
741  {
742  $options[$default]['checked'] = true;
743  }
744 
745  return $options ? $options : array();
746  }
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:32
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:970
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: dummy_client.php:12
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$lng
global $lng
Definition: privfeed.php:17
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 637 of file class.ilAuthUtils.php.

References $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), ilStartUpGUI\initStandardLoginForm(), and ilStartUpGUI\migrateAccount2().

638  {
639  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
640 
641  $rad_settings = ilRadiusSettings::_getInstance();
642  if($rad_settings->isActive())
643  {
644  return true;
645  }
646  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
647 
648  if (count(ilLDAPServer::_getActiveServerList()))
649  return true;
650 
651  global $ilSetting;
652 
653  if ($ilSetting->get('apache_active')) {
654  return true;
655  }
656 
657  // begin-patch auth_plugin
658  foreach(ilAuthUtils::getAuthPlugins() as $pl)
659  {
660  foreach($pl->getAuthIds() as $auth_id)
661  {
662  if($pl->getMultipleAuthModeOptions($auth_id))
663  {
664  return true;
665  }
666  }
667  }
668  // end-patch auth_plugin
669 
670 
671  return false;
672  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:970
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
$ilSetting
global $ilSetting
Definition: privfeed.php:17
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _initAuth()

static ilAuthUtils::_initAuth ( )
static

initialises $ilAuth

Definition at line 122 of file class.ilAuthUtils.php.

References $_GET, $_POST, $_SERVER, $_SESSION, $ilBench, $ilDB, $ilSetting, _getAuthModeOfUser(), array, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_INACTIVE, AUTH_LDAP, AUTH_LOCAL, AUTH_MODE_INACTIVE, AUTH_MULTIPLE, AUTH_RADIUS, AUTH_SESSION, AUTH_SHIBBOLETH, AUTH_SOAP, ilSessionControl\checkExpiredSession(), ilAuthFactory\CONTEXT_APACHE, ilAuthFactory\CONTEXT_CAS, defined, ilAuthFactory\factory(), ilAuthFactory\getContext(), ilAuthFactory\getContextOptions(), ilSession\getIdleValue(), ilLoggerFactory\getLogger(), ilLDAPServer\getServerIdByAuthMode(), ilAuthFactory\setContext(), and WebDAV_Authentication.

123  {
124  global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
125 
126  $user_auth_mode = false;
127  $ilBench->start('Auth','initAuth');
128 
129 
130  // get default auth mode
131  //$default_auth_mode = $this->getSetting("auth_mode");
132  define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
133 
134  // determine authentication method if no session is found and username & password is posted
135  // does this if statement make any sense? we enter this block nearly everytime.
136 
137  if(
138  empty($_SESSION) ||
139  (!isset($_SESSION['_authsession']['registered']) ||
140  $_SESSION['_authsession']['registered'] !== true))
141  {
142  ilLoggerFactory::getLogger('auth')->debug('User is not remembered');
143 
144  // no sesssion found
145  if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
146  {
147  $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
148  ilLoggerFactory::getLogger('auth')->debug('Authmode is '. $user_auth_mode);
149 
150  if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
151  {
152  $user_auth_mode = AUTH_LOCAL;
153  }
154  if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
155  {
156  $user_auth_mode = AUTH_LOCAL;
157  }
158  if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
159  {
160  $user_auth_mode = AUTH_LOCAL;
161  }
162  }
163  else if ($_POST['auth_mode'] == AUTH_APACHE)
164  {
165  $user_auth_mode = AUTH_APACHE;
166  }
167  }
168 
169  // to do: other solution?
170  if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
171  {
172  $user_auth_mode = AUTH_LOCAL;
173  }
174 
175  if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
176  {
177  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
178  $user_auth_mode = AUTH_CAS;
179  }
180 
181  if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
182  {
183  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
184  $user_auth_mode = AUTH_APACHE;
185  }
186 
187  // begin-patch auth
188  $user_auth_mode = AUTH_SESSION;
189 
190 
191  // BEGIN WebDAV: Share session between browser and WebDAV client.
192  // The realm is needed to support a common session between Auth_HTTP and Auth.
193  // It also helps us to distinguish between parallel sessions run on different clients.
194  // Common session only works if we use a common session name starting with "_authhttp".
195  // We must use the "_authttp" prefix, because it is hardcoded in the session name of
196  // class Auth_HTTP.
197  // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
198  // it interfers with the session mechanism of the other Auth modules. If we would
199  // keep this switched on, then users could steal each others session, which would cause
200  // a major security breach.
201  // Note: The realm and sessionName used here, must be the same as in
202  // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
203  // in to ILIAS.
204  $realm = CLIENT_ID;
205  //$this->writelog('ilias.php realm='.$realm);
206  // END WebDAV: Share session between browser and WebDAV client.
207 
208 //var_dump($_SESSION);
209 //echo "1-".$ilSetting->get("soap_auth_active")."-";
210  // if soap authentication activated and soap credentials given
211  if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
212  && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
213  {
214 
215  define('AUTH_CURRENT',AUTH_SOAP);
216  }
217  // if Shibboleth is active and the user is authenticated
218  // we set auth_mode to Shibboleth
219  else if ( $ilSetting->get("shib_active")
220  && $_SERVER[$ilSetting->get("shib_login")])
221  {
222  define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
223  }
224  else
225  {
226  define ("AUTH_CURRENT", $user_auth_mode);
227  }
228 //var_dump($_SESSION);
229 
230  // Determine the authentication method to use
231  if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
232  // Since WebDAV clients create the login form by
233  // themselves, we can not provide buttons on the form for
234  // choosing an authentication method.
235  // If the user is already logged in, we continue using
236  // the current authentication method. If the user is
237  // not logged in yet, we use the "multiple authentication"
238  // method using a predefined sequence of authentication methods.
239  $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
240  }
241  else
242  {
243  $authmode = AUTH_CURRENT;
244  }
245 //var_dump($authmode);
246  // if no auth mode selected AND default mode is AUTH_APACHE then use it...
247  if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
248  $authmode = AUTH_APACHE;
249 
250  // begin-patch ldap_multiple
251  // we cast to int => AUTH_LDAP_1 matches AUTH_LDAP
252  switch ((int) $authmode)
253  {
254  case AUTH_LDAP:
255 
256  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
257  $sid = ilLDAPServer::getServerIdByAuthMode($authmode);
258  include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
259  $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP($sid));
260  break;
261 
262  case AUTH_RADIUS:
263 
264  include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
265  $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
266  break;
267 
268  case AUTH_SHIBBOLETH:
269  include_once './Services/AuthShibboleth/classes/class.ilShibboleth.php';
270  $ilAuth = new ShibAuth(array(),true);
271  break;
272 
273  case AUTH_CAS:
274 
275  include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
276  $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
277  break;
278 
279  case AUTH_SOAP:
280 
281  include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
282  $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
283  break;
284 
285  case AUTH_MULTIPLE:
286 
287  include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
288  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
289  break;
290 
291  case AUTH_ECS:
292  include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
293  $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
294  break;
295 
296 
297  case AUTH_INACTIVE:
298  require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
299  $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
300  break;
301 
302  case AUTH_APACHE:
303  include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
304  ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
305  $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
306  break;
307 
308  // begin-patch auth_plugin
309  case AUTH_LOCAL:
310  global $ilDB;
311  if($ilDB instanceof ilDBPdo) {
312  require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
313  $ilAuth = new ilPDOAuthentication(ilAuthFactory::getContextOptions(ilAuthFactory::getContext()));
314  } else {
315  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
316  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
317  }
318  break;
319 
320  case AUTH_SESSION:
321 
322 
323  default:
324  // check for plugin
325  if($authmode)
326  {
327  foreach(self::getAuthPlugins() as $pl)
328  {
329  $container = $pl->getContainer($authmode);
330  if($container instanceof Auth_Container)
331  {
332  ilLoggerFactory::getLogger('auth')->info('Using plugin authentication with auth mode ' . $authmode);
333  $ilAuth = ilAuthFactory::factory($container);
334  break 2;
335  }
336  }
337  }
338  #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
339  // default for logged in users
340  if($ilDB instanceof ilDBPdo) {
341  require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
342  $ilAuth = new ilPDOAuthentication();
343  } else {
344  include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
345  $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
346  }
347  break;
348  // end-patch auth_plugin
349  }
350 
351  // Due to a bug in Pear Auth_HTTP, we can't use idle time
352  // with WebDAV clients. If we used it, users could never log
353  // back into ILIAS once their session idled out. :(
354  if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
355  {
356  $ilAuth->setIdle(ilSession::getIdleValue(), false);
357  }
358  $ilAuth->setExpire(0);
359 
360  ini_set("session.cookie_lifetime", "0");
361 //echo "-".get_class($ilAuth)."-";
362 
363  ilSessionControl::checkExpiredSession();
364 
365  $ilBench->stop('Auth','initAuth');
366  ilLoggerFactory::getLogger('auth')->debug('Using auth implementation: ' . get_class($ilAuth));
367  }
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:21
Auth_Container
ilAuthFactory\getContextOptions
static getContextOptions()
Get options for a specific context.
Definition: class.ilAuthFactory.php:116
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:23
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups...
Definition: class.ilAuthContainerLDAP.php:36
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:35
ilDBPdo
Class pdoDB.
Definition: class.ilDBPdo.php:18
AUTH_SESSION
const AUTH_SESSION
Definition: class.ilAuthUtils.php:25
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:95
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
Definition: class.ilSessionControl.php:85
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:342
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilAuthUtils\_getAuthModeOfUser
static _getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:369
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilAuthContainerRadius
Overwritten Pear class AuthContainerRadius This class is overwritten to support to perform Radius aut...
Definition: class.ilAuthContainerRadius.php:37
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:12
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:130
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
defined
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27
ilAuthContainerSOAP
Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:35
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:34
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

public

Parameters

Definition at line 757 of file class.ilAuthUtils.php.

References $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilObjUserGUI\getValues(), and ilObjUserGUI\saveObject().

758  {
759  global $ilSetting;
760 
761  if($ilSetting->get("cas_active"))
762  {
763  return true;
764  }
765  if($ilSetting->get("soap_auth_active"))
766  {
767  return true;
768  }
769  if($ilSetting->get("shib_active"))
770  {
771  return true;
772  }
773  if($ilSetting->get('radius_active'))
774  {
775  return true;
776  }
777  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
778  if(count(ilLDAPServer::_getActiveServerList()))
779  {
780  return true;
781  }
782 
783  // begin-path auth_plugin
784  foreach(self::getAuthPlugins() as $pl)
785  {
786  foreach($pl->getAuthIds() as $auth_id)
787  {
788  if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
789  {
790  return true;
791  }
792  }
793  }
794  // end-path auth_plugin
795 
796  return false;
797  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
$ilSetting
global $ilSetting
Definition: privfeed.php:17
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

public

Parameters
intauth_mode

Definition at line 830 of file class.ilAuthUtils.php.

References $ilSetting, AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

831  {
832  switch($a_auth_mode)
833  {
834  case AUTH_LOCAL:
835  case AUTH_APACHE:
836  return false;
837  default:
838  return true;
839  }
840  }
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key)
static
Parameters
string$a_authmode

Definition at line 995 of file class.ilAuthUtils.php.

References $lng, $server, AUTH_LDAP, ilLDAPServer\getInstanceByServerId(), and ilLDAPServer\getServerIdByAuthMode().

Referenced by ilObjUserGUI\getValues().

996  {
997  global $lng;
998 
999  switch((int) $a_auth_key)
1000  {
1001  case AUTH_LDAP:
1002  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
1003  $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
1004  $server = ilLDAPServer::getInstanceByServerId($sid);
1005  return $server->getName();
1006 
1007  default:
1008  return $lng->txt('auth_'.self::_getAuthModeName($a_auth_key));
1009  }
1010  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
$server
$server
Definition: dummy_client.php:12
$lng
global $lng
Definition: privfeed.php:17
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 970 of file class.ilAuthUtils.php.

References $GLOBALS, array, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthContainerMultiple\fetchData(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

971  {
972  $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
973  IL_COMP_SERVICE,
974  'Authentication',
975  'authhk'
976  );
977  $pl_objs = array();
978  foreach($pls as $pl)
979  {
980  $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
981  IL_COMP_SERVICE,
982  'Authentication',
983  'authhk',
984  $pl
985  );
986  }
987  return $pl_objs;
988  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 78 of file class.ilAuthUtils.php.

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

79  {
80  if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
81  {
82  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
83  $credentials = new ilAuthFrontendCredentials();
84  $credentials->setUsername($_GET['ecs_login']);
85  $credentials->setAuthMode(AUTH_ECS);
86 
87  include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
88  $provider_factory = new ilAuthProviderFactory();
89  $providers = $provider_factory->getProviders($credentials);
90 
91  include_once './Services/Authentication/classes/class.ilAuthStatus.php';
92  $status = ilAuthStatus::getInstance();
93 
94  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
95  $frontend_factory = new ilAuthFrontendFactory();
96  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
97  $frontend = $frontend_factory->getFrontend(
98  $GLOBALS['DIC']['ilAuthSession'],
99  $status,
100  $credentials,
101  $providers
102  );
103 
104  $frontend->authenticate();
105 
106  switch($status->getStatus())
107  {
108  case ilAuthStatus::STATUS_AUTHENTICATED:
109  return;
110 
111  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
112  ilInitialisation::goToPublicSection();
113  return;
114  }
115  }
116  }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:11
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:631
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initSession()

static ilAuthUtils::initSession ( )
static

Initialize session.

Definition at line 73 of file class.ilAuthUtils.php.

74  {
75 
76  }

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 862 of file class.ilAuthUtils.php.

References $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

863  {
864  global $ilSetting;
865 
866  switch((int) $a_authmode)
867  {
868  // always enabled
869  case AUTH_LOCAL:
870  case AUTH_APACHE:
871  return true;
872 
873  // No local passwords for these auth modes
874  case AUTH_LDAP:
875  case AUTH_RADIUS:
876  case AUTH_ECS:
877  case AUTH_SCRIPT:
878  return false;
879 
880  case AUTH_SHIBBOLETH:
881  return $ilSetting->get("shib_auth_allow_local");
882  case AUTH_SOAP:
883  return $ilSetting->get("soap_auth_allow_local");
884  case AUTH_CAS:
885  return $ilSetting->get("cas_allow_local");
886 
887  }
888  return false;
889  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
$ilSetting
global $ilSetting
Definition: privfeed.php:17
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 898 of file class.ilAuthUtils.php.

References $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), ilAuthContainerMDB2\loginObserver(), and supportsLocalPasswordValidation().

899  {
900  global $ilSetting;
901 
902  if (self::isPasswordModificationHidden()) {
903  return false;
904  }
905 
906  // begin-patch ldap_multiple
907  // cast to int
908  switch((int) $a_authmode)
909  {
910  // No local passwords for these auth modes
911  case AUTH_LDAP:
912  case AUTH_RADIUS:
913  case AUTH_ECS:
914  case AUTH_SCRIPT:
915  return false;
916 
917  // Always for and local
918  case AUTH_LOCAL:
919  case AUTH_APACHE:
920  return true;
921 
922  // Read setting:
923  case AUTH_SHIBBOLETH:
924  return $ilSetting->get("shib_auth_allow_local");
925  case AUTH_SOAP:
926  return $ilSetting->get("soap_auth_allow_local");
927  case AUTH_CAS:
928  return $ilSetting->get("cas_allow_local");
929  }
930  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
$ilSetting
global $ilSetting
Definition: privfeed.php:17
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 937 of file class.ilAuthUtils.php.

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired().

938  {
939  // begin-patch ldap_multiple
940  // cast to int
941  switch((int) $a_authmode)
942  {
943  case AUTH_LDAP:
944  case AUTH_LOCAL:
945  case AUTH_RADIUS:
946  return ilAuthUtils::LOCAL_PWV_FULL;
947 
948  case AUTH_SHIBBOLETH:
949  case AUTH_SOAP:
950  case AUTH_CAS:
951  if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
952  {
953  return ilAuthUtils::LOCAL_PWV_NO;
954  }
955  return ilAuthUtils::LOCAL_PWV_USER;
956 
957  case AUTH_ECS:
958  case AUTH_SCRIPT:
959  case AUTH_APACHE:
960  default:
961  return ilAuthUtils::LOCAL_PWV_USER;
962  }
963  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:898
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 65 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 66 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 67 of file class.ilAuthUtils.php.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: