ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static initSession ()
 Initialize session. More...
 
static handleForcedAuthentication ()
 
static _initAuth ()
 initialises $ilAuth More...
 
static _getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key)
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 63 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 807 of file class.ilAuthUtils.php.

808 {
809 // begin-patch ldap_multiple
810 // cast to int
811 switch((int) $a_auth_mode)
812 {
813 case AUTH_LDAP:
814 case AUTH_RADIUS:
815 case AUTH_ECS:
816 return false;
817 default:
818 return true;
819 }
820 }
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9

References AUTH_ECS, AUTH_LDAP, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 611 of file class.ilAuthUtils.php.

612 {
613 global $ilDB;
614
615 // Check if username already exists
616 $found = false;
617 $postfix = 0;
618 $c_login = $a_login;
619 while(!$found)
620 {
621 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
622 $ilDB->quote($c_login));
623 if ($r->numRows() > 0)
624 {
625 $postfix++;
626 $c_login = $a_login.$postfix;
627 }
628 else
629 {
630 $found = true;
631 }
632 }
633
634 return $c_login;
635 }
$r
$r
Definition: example_031.php:79
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderApache\createNewAccount(), ilAuthContainerECS\createUser(), ilAuthProviderECS\createUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 533 of file class.ilAuthUtils.php.

534 {
535 global $ilias,$ilSetting;
536
537 $modes = array(
538 'default' => $ilSetting->get("auth_mode"),
539 'local' => AUTH_LOCAL
540 );
541 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
542 // begin-patch ldap_multiple
543 foreach(ilLDAPServer::_getActiveServerList() as $sid)
544 {
545 $modes['ldap_'.$sid] = (AUTH_LDAP.'_'.$sid);
546 }
547 // end-patch ldap_multiple
548 if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
549 if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
550 if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
551 if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
552 if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
553 if ($ilSetting->get("apache_active")) $modes['apache'] = AUTH_APACHE;
554
555 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
556 if(ilECSServerSettings::getInstance()->activeServerExists())
557 {
558 $modes['ecs'] = AUTH_ECS;
559 }
560
561 // begin-path auth_plugin
562 foreach(self::getAuthPlugins() as $pl)
563 {
564 foreach($pl->getAuthIds() as $auth_id)
565 {
566 if($pl->isAuthActive($auth_id))
567 {
568 $modes[$pl->getAuthName($auth_id)] = $auth_id;
569 }
570 }
571 }
572 // end-path auth_plugin
573 return $modes;
574 }
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:105
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), and ilSoapAdministration\getNIC().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 576 of file class.ilAuthUtils.php.

577 {
578 $modes = array(
579 AUTH_LOCAL,
580 AUTH_LDAP,
581 AUTH_SHIBBOLETH,
582 AUTH_CAS,
583 AUTH_SOAP,
584 AUTH_RADIUS,
585 AUTH_ECS,
586 AUTH_OPENID,
587 AUTH_APACHE
588 );
589 $ret = array();
590 foreach($modes as $mode)
591 {
592 // multi ldap implementation
593 if($mode == AUTH_LDAP)
594 {
595 foreach(ilLDAPServer::_getServerList() as $ldap_id)
596 {
597 $id = AUTH_LDAP . '_' . $ldap_id;
598 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
599 }
600 continue;
601 }
602 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
603 }
604 return $ret;
605 }
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:484
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:200
$ret
$ret
Definition: parser.php:6

References $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 419 of file class.ilAuthUtils.php.

420 {
421 global $ilDB, $ilSetting;
422
423 $db =& $ilDB;
424
425 if ($a_db_handler != '')
426 {
427 $db =& $a_db_handler;
428 }
429
430 // begin-patch ldap_multiple
431 if(strpos($a_auth_mode, '_') !== FALSE)
432 {
433 $auth_arr = explode('_',$a_auth_mode);
434 $auth_switch = $auth_arr[0];
435 }
436 else
437 {
438 $auth_switch = $a_auth_mode;
439 }
440 switch ($auth_switch)
441 {
442 case "local":
443 return AUTH_LOCAL;
444 break;
445
446 case "ldap":
447 // begin-patch ldap_multiple
448 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
449 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
450 // end-patch ldap_multiple
451
452 case "radius":
453 return AUTH_RADIUS;
454 break;
455
456 case "script":
457 return AUTH_SCRIPT;
458 break;
459
460 case "shibboleth":
461 return AUTH_SHIBBOLETH;
462 break;
463
464 case "cas":
465 return AUTH_CAS;
466 break;
467
468 case "soap":
469 return AUTH_SOAP;
470 break;
471
472 case 'ecs':
473 return AUTH_ECS;
474
475 case 'apache':
476 return AUTH_APACHE;
477
478 default:
479 return $ilSetting->get("auth_mode");
480 break;
481 }
482 }
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:416

References $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilLDAPServer\getKeyByAuthMode().

Referenced by _getAuthModeOfUser(), ilPasswordInputGUI\checkInput(), ilObjUser\getAuthMode(), ilAuthContainerMDB2\loginObserver(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 484 of file class.ilAuthUtils.php.

485 {
486 global $ilias;
487
488 // begin-patch ldap_multiple
489 switch ((int) $a_auth_key)
490 {
491 case AUTH_LOCAL:
492 return "local";
493 break;
494
495 case AUTH_LDAP:
496 // begin-patch ldap_multiple
497 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
498 return ilLDAPServer::getAuthModeByKey($a_auth_key);
499 // end-patch ldap_multiple
500
501 case AUTH_RADIUS:
502 return "radius";
503 break;
504
505 case AUTH_CAS:
506 return "cas";
507 break;
508
509 case AUTH_SCRIPT:
510 return "script";
511 break;
512
513 case AUTH_SHIBBOLETH:
514 return "shibboleth";
515 break;
516
517 case AUTH_SOAP:
518 return "soap";
519 break;
520
521 case AUTH_ECS:
522 return 'ecs';
523
524 case AUTH_APACHE:
525 return 'apache';
526
527 default:
528 return "default";
529 break;
530 }
531 }
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:401

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, and ilLDAPServer\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeOfUser()

static ilAuthUtils::_getAuthModeOfUser (   $a_username,
  $a_password,
  $a_db_handler = '' 
)
static

Definition at line 369 of file class.ilAuthUtils.php.

370 {
371 global $ilDB;
372
373 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
374 {
375 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
376 return AUTH_ECS;
377 }
378 if(isset($_POST['auth_mode']))
379 {
380 // begin-patch ldap_multiple
381 return $_POST['auth_mode'];
382 // end-patch ldap_multiple
383 }
384
385 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
386 $det = ilAuthModeDetermination::_getInstance();
387
388 if(!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1)
389 {
390 ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
391 return AUTH_MULTIPLE;
392 }
393
394
395 $db =& $ilDB;
396
397 if ($a_db_handler != '')
398 {
399 $db =& $a_db_handler;
400 }
401
402 // Is it really necessary to check the auth mode with password ?
403 // Changed: smeyer
404 $q = "SELECT auth_mode FROM usr_data WHERE ".
405 "login = ".$ilDB->quote($a_username);
406 //"passwd = ".$ilDB->quote(md5($a_password))."";
407
408
409 $r = $db->query($q);
410 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
411//echo "+".$row->auth_mode."+";
412
413
414 $auth_mode = self::_getAuthMode($row->auth_mode,$db);
415
416 return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
417 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:23
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:21
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:95
ilAuthUtils\_getAuthMode
static _getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:419
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82

References $_GET, $_POST, $ilDB, $r, $row, _getAuthMode(), ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, ilAuthFactory\CONTEXT_ECS, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and ilAuthFactory\setContext().

Referenced by _initAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 674 of file class.ilAuthUtils.php.

675 {
676 global $ilSetting;
677
678 // in the moment only ldap is activated as additional authentication method
679 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
680
681 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
682
683
684 // begin-patch ldap_multiple
685 foreach(ilLDAPServer::_getActiveServerList() as $sid)
686 {
687 $server = ilLDAPServer::getInstanceByServerId($sid);
688 $options[AUTH_LDAP.'_'.$sid]['txt'] = $server->getName();
689 }
690 // end-patch ldap_multiple
691
692 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
693 $rad_settings = ilRadiusSettings::_getInstance();
694 if($rad_settings->isActive())
695 {
696 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
697 }
698
699 if ($ilSetting->get('apache_active'))
700 {
701 global $lng;
702 $apache_settings = new ilSetting('apache_auth');
703 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
704 $options[AUTH_APACHE]['hide_in_ui'] = true;
705 }
706
707 if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
708 {
709 $default = AUTH_LDAP;
710 }
711 elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
712 {
713 $default = AUTH_RADIUS;
714 }
715 else
716 {
717 $default = AUTH_LOCAL;
718 }
719
720 $default = $ilSetting->get('default_auth_mode',$default);
721 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
722
723
724 // begin-patch auth_plugin
725 $pls = ilAuthUtils::getAuthPlugins();
726 foreach($pls as $pl)
727 {
728 $auths = $pl->getAuthIds();
729 foreach($auths as $auth_id)
730 {
731 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
732 if($pl_auth_option)
733 {
734 $options = $options + $pl_auth_option;
735 }
736 }
737 }
738 // end-patch auth_plugins
739
740 if(array_key_exists($default, $options))
741 {
742 $options[$default]['checked'] = true;
743 }
744
745 return $options ? $options : array();
746 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:970
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$server
$server
Definition: dummy_client.php:12
$lng
global $lng
Definition: privfeed.php:17
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137

References $ilSetting, $lng, $options, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 637 of file class.ilAuthUtils.php.

638 {
639 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
640
641 $rad_settings = ilRadiusSettings::_getInstance();
642 if($rad_settings->isActive())
643 {
644 return true;
645 }
646 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
647
648 if (count(ilLDAPServer::_getActiveServerList()))
649 return true;
650
651 global $ilSetting;
652
653 if ($ilSetting->get('apache_active')) {
654 return true;
655 }
656
657 // begin-patch auth_plugin
658 foreach(ilAuthUtils::getAuthPlugins() as $pl)
659 {
660 foreach($pl->getAuthIds() as $auth_id)
661 {
662 if($pl->getMultipleAuthModeOptions($auth_id))
663 {
664 return true;
665 }
666 }
667 }
668 // end-patch auth_plugin
669
670
671 return false;
672 }

References $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), ilStartUpGUI\initStandardLoginForm(), and ilStartUpGUI\migrateAccount2().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _initAuth()

static ilAuthUtils::_initAuth ( )
static

initialises $ilAuth

Definition at line 122 of file class.ilAuthUtils.php.

123 {
124 global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
125
126 $user_auth_mode = false;
127 $ilBench->start('Auth','initAuth');
128
129
130 // get default auth mode
131 //$default_auth_mode = $this->getSetting("auth_mode");
132 define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
133
134 // determine authentication method if no session is found and username & password is posted
135 // does this if statement make any sense? we enter this block nearly everytime.
136
137 if(
138 empty($_SESSION) ||
139 (!isset($_SESSION['_authsession']['registered']) ||
140 $_SESSION['_authsession']['registered'] !== true))
141 {
142 ilLoggerFactory::getLogger('auth')->debug('User is not remembered');
143
144 // no sesssion found
145 if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status']))
146 {
147 $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
148 ilLoggerFactory::getLogger('auth')->debug('Authmode is '. $user_auth_mode);
149
150 if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
151 {
152 $user_auth_mode = AUTH_LOCAL;
153 }
154 if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
155 {
156 $user_auth_mode = AUTH_LOCAL;
157 }
158 if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
159 {
160 $user_auth_mode = AUTH_LOCAL;
161 }
162 }
163 else if ($_POST['auth_mode'] == AUTH_APACHE)
164 {
165 $user_auth_mode = AUTH_APACHE;
166 }
167 }
168
169 // to do: other solution?
170 if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
171 {
172 $user_auth_mode = AUTH_LOCAL;
173 }
174
175 if($ilSetting->get("cas_active") && $_GET['forceCASLogin'])
176 {
177 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
178 $user_auth_mode = AUTH_CAS;
179 }
180
181 if($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE)
182 {
183 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
184 $user_auth_mode = AUTH_APACHE;
185 }
186
187 // begin-patch auth
188 $user_auth_mode = AUTH_SESSION;
189
190
191 // BEGIN WebDAV: Share session between browser and WebDAV client.
192 // The realm is needed to support a common session between Auth_HTTP and Auth.
193 // It also helps us to distinguish between parallel sessions run on different clients.
194 // Common session only works if we use a common session name starting with "_authhttp".
195 // We must use the "_authttp" prefix, because it is hardcoded in the session name of
196 // class Auth_HTTP.
197 // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
198 // it interfers with the session mechanism of the other Auth modules. If we would
199 // keep this switched on, then users could steal each others session, which would cause
200 // a major security breach.
201 // Note: The realm and sessionName used here, must be the same as in
202 // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
203 // in to ILIAS.
204 $realm = CLIENT_ID;
205 //$this->writelog('ilias.php realm='.$realm);
206 // END WebDAV: Share session between browser and WebDAV client.
207
208//var_dump($_SESSION);
209//echo "1-".$ilSetting->get("soap_auth_active")."-";
210 // if soap authentication activated and soap credentials given
211 if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
212 && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
213 {
214
215 define('AUTH_CURRENT',AUTH_SOAP);
216 }
217 // if Shibboleth is active and the user is authenticated
218 // we set auth_mode to Shibboleth
219 else if ( $ilSetting->get("shib_active")
220 && $_SERVER[$ilSetting->get("shib_login")])
221 {
222 define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
223 }
224 else
225 {
226 define ("AUTH_CURRENT", $user_auth_mode);
227 }
228//var_dump($_SESSION);
229
230 // Determine the authentication method to use
231 if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
232 // Since WebDAV clients create the login form by
233 // themselves, we can not provide buttons on the form for
234 // choosing an authentication method.
235 // If the user is already logged in, we continue using
236 // the current authentication method. If the user is
237 // not logged in yet, we use the "multiple authentication"
238 // method using a predefined sequence of authentication methods.
239 $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
240 }
241 else
242 {
243 $authmode = AUTH_CURRENT;
244 }
245//var_dump($authmode);
246 // if no auth mode selected AND default mode is AUTH_APACHE then use it...
247 if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE)
248 $authmode = AUTH_APACHE;
249
250 // begin-patch ldap_multiple
251 // we cast to int => AUTH_LDAP_1 matches AUTH_LDAP
252 switch ((int) $authmode)
253 {
254 case AUTH_LDAP:
255
256 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
257 $sid = ilLDAPServer::getServerIdByAuthMode($authmode);
258 include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
259 $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP($sid));
260 break;
261
262 case AUTH_RADIUS:
263
264 include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
265 $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
266 break;
267
268 case AUTH_SHIBBOLETH:
269 include_once './Services/AuthShibboleth/classes/class.ilShibboleth.php';
270 $ilAuth = new ShibAuth(array(),true);
271 break;
272
273 case AUTH_CAS:
274
275 include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
276 $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
277 break;
278
279 case AUTH_SOAP:
280
281 include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
282 $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
283 break;
284
285 case AUTH_MULTIPLE:
286
287 include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
288 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
289 break;
290
291 case AUTH_ECS:
292 include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
293 $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
294 break;
295
296
297 case AUTH_INACTIVE:
298 require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
299 $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
300 break;
301
302 case AUTH_APACHE:
303 include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
304 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
305 $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
306 break;
307
308 // begin-patch auth_plugin
309 case AUTH_LOCAL:
310 global $ilDB;
311 if($ilDB instanceof ilDBPdo) {
312 require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
313 $ilAuth = new ilPDOAuthentication(ilAuthFactory::getContextOptions(ilAuthFactory::getContext()));
314 } else {
315 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
316 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
317 }
318 break;
319
320 case AUTH_SESSION:
321
322
323 default:
324 // check for plugin
325 if($authmode)
326 {
327 foreach(self::getAuthPlugins() as $pl)
328 {
329 $container = $pl->getContainer($authmode);
330 if($container instanceof Auth_Container)
331 {
332 ilLoggerFactory::getLogger('auth')->info('Using plugin authentication with auth mode ' . $authmode);
333 $ilAuth = ilAuthFactory::factory($container);
334 break 2;
335 }
336 }
337 }
338 #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
339 // default for logged in users
340 if($ilDB instanceof ilDBPdo) {
341 require_once 'Services/Authentication/classes/PDO/class.ilPDOAuthentication.php';
342 $ilAuth = new ilPDOAuthentication();
343 } else {
344 include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
345 $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
346 }
347 break;
348 // end-patch auth_plugin
349 }
350
351 // Due to a bug in Pear Auth_HTTP, we can't use idle time
352 // with WebDAV clients. If we used it, users could never log
353 // back into ILIAS once their session idled out. :(
354 if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP')
355 {
356 $ilAuth->setIdle(ilSession::getIdleValue(), false);
357 }
358 $ilAuth->setExpire(0);
359
360 ini_set("session.cookie_lifetime", "0");
361//echo "-".get_class($ilAuth)."-";
362
363 ilSessionControl::checkExpiredSession();
364
365 $ilBench->stop('Auth','initAuth');
366 ilLoggerFactory::getLogger('auth')->debug('Using auth implementation: ' . get_class($ilAuth));
367 }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
Auth_Container
AUTH_SESSION
const AUTH_SESSION
Definition: class.ilAuthUtils.php:25
AUTH_MODE_INACTIVE
const AUTH_MODE_INACTIVE
Definition: class.ilAuthUtils.php:37
ilAuthContainerApache
Authentication against ILIAS database.
Definition: class.ilAuthContainerApache.php:13
ilAuthContainerCAS
@classDescription CAS authentication
Definition: class.ilAuthContainerCAS.php:15
ilAuthContainerECS
Custom PEAR Auth Container for ECS auth checks.
Definition: class.ilAuthContainerECS.php:35
ilAuthContainerLDAP
Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.
Definition: class.ilAuthContainerLDAP.php:37
ilAuthContainerMDB2
Authentication against ILIAS database.
Definition: class.ilAuthContainerMDB2.php:36
ilAuthContainerRadius
@classDescription Overwritten Pear class AuthContainerRadius This class is overwritten to support to ...
Definition: class.ilAuthContainerRadius.php:38
ilAuthContainerSOAP
@classDescription Authentication against external SOAP server
Definition: class.ilAuthContainerSOAP.php:36
ilAuthFactory\factory
static factory(ilAuthContainerBase $deco)
The factory.
Definition: class.ilAuthFactory.php:130
ilAuthFactory\getContextOptions
static getContextOptions()
Get options for a specific context.
Definition: class.ilAuthFactory.php:116
ilAuthUtils\_getAuthModeOfUser
static _getAuthModeOfUser($a_username, $a_password, $a_db_handler='')
Definition: class.ilAuthUtils.php:369
ilDBPdo
Class pdoDB.
Definition: class.ilDBPdo.php:18
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:387
ilSessionControl\checkExpiredSession
static checkExpiredSession()
checks for possibly expired session should be called from ilAuthUtils::__initAuth() so it's called be...
Definition: class.ilSessionControl.php:85
ilSession\getIdleValue
static getIdleValue($fixedMode=false)
Returns the idle time in seconds.
Definition: class.ilSession.php:342
$ilBench
global $ilBench
Definition: ilias.php:18
defined
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
WebDAV_Authentication
const WebDAV_Authentication
Definition: webdav.php:30

References $_GET, $_POST, $_SERVER, $_SESSION, $ilBench, $ilDB, $ilSetting, _getAuthModeOfUser(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_INACTIVE, AUTH_LDAP, AUTH_LOCAL, AUTH_MODE_INACTIVE, AUTH_MULTIPLE, AUTH_RADIUS, AUTH_SESSION, AUTH_SHIBBOLETH, AUTH_SOAP, ilSessionControl\checkExpiredSession(), ilAuthFactory\CONTEXT_APACHE, ilAuthFactory\CONTEXT_CAS, defined, ilAuthFactory\factory(), ilAuthFactory\getContext(), ilAuthFactory\getContextOptions(), ilSession\getIdleValue(), ilLoggerFactory\getLogger(), ilLDAPServer\getServerIdByAuthMode(), ilAuthFactory\setContext(), and WebDAV_Authentication.

+ Here is the call graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 757 of file class.ilAuthUtils.php.

758 {
759 global $ilSetting;
760
761 if($ilSetting->get("cas_active"))
762 {
763 return true;
764 }
765 if($ilSetting->get("soap_auth_active"))
766 {
767 return true;
768 }
769 if($ilSetting->get("shib_active"))
770 {
771 return true;
772 }
773 if($ilSetting->get('radius_active'))
774 {
775 return true;
776 }
777 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
778 if(count(ilLDAPServer::_getActiveServerList()))
779 {
780 return true;
781 }
782
783 // begin-path auth_plugin
784 foreach(self::getAuthPlugins() as $pl)
785 {
786 foreach($pl->getAuthIds() as $auth_id)
787 {
788 if($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id))
789 {
790 return true;
791 }
792 }
793 }
794 // end-path auth_plugin
795
796 return false;
797 }

References $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 830 of file class.ilAuthUtils.php.

831 {
832 switch($a_auth_mode)
833 {
834 case AUTH_LOCAL:
835 case AUTH_APACHE:
836 return false;
837 default:
838 return true;
839 }
840 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key)
static
Parameters
string$a_authmode

Definition at line 995 of file class.ilAuthUtils.php.

996 {
997 global $lng;
998
999 switch((int) $a_auth_key)
1000 {
1001 case AUTH_LDAP:
1002 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
1003 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
1004 $server = ilLDAPServer::getInstanceByServerId($sid);
1005 return $server->getName();
1006
1007 default:
1008 return $lng->txt('auth_'.self::_getAuthModeName($a_auth_key));
1009 }
1010 }

References $lng, $server, AUTH_LDAP, ilLDAPServer\getInstanceByServerId(), and ilLDAPServer\getServerIdByAuthMode().

+ Here is the call graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 970 of file class.ilAuthUtils.php.

971 {
972 $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
973 IL_COMP_SERVICE,
974 'Authentication',
975 'authhk'
976 );
977 $pl_objs = array();
978 foreach($pls as $pl)
979 {
980 $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
981 IL_COMP_SERVICE,
982 'Authentication',
983 'authhk',
984 $pl
985 );
986 }
987 return $pl_objs;
988 }
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthContainerMultiple\fetchData(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 78 of file class.ilAuthUtils.php.

79 {
80 if(isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']))
81 {
82 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
83 $credentials = new ilAuthFrontendCredentials();
84 $credentials->setUsername($_GET['ecs_login']);
85 $credentials->setAuthMode(AUTH_ECS);
86
87 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
88 $provider_factory = new ilAuthProviderFactory();
89 $providers = $provider_factory->getProviders($credentials);
90
91 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
92 $status = ilAuthStatus::getInstance();
93
94 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
95 $frontend_factory = new ilAuthFrontendFactory();
96 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
97 $frontend = $frontend_factory->getFrontend(
98 $GLOBALS['DIC']['ilAuthSession'],
99 $status,
100 $credentials,
101 $providers
102 );
103
104 $frontend->authenticate();
105
106 switch($status->getStatus())
107 {
108 case ilAuthStatus::STATUS_AUTHENTICATED:
109 return;
110
111 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
112 ilInitialisation::goToPublicSection();
113 return;
114 }
115 }
116 }
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:631

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initSession()

static ilAuthUtils::initSession ( )
static

Initialize session.

Definition at line 73 of file class.ilAuthUtils.php.

74 {
75
76 }

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 862 of file class.ilAuthUtils.php.

863 {
864 global $ilSetting;
865
866 switch((int) $a_authmode)
867 {
868 // always enabled
869 case AUTH_LOCAL:
870 case AUTH_APACHE:
871 return true;
872
873 // No local passwords for these auth modes
874 case AUTH_LDAP:
875 case AUTH_RADIUS:
876 case AUTH_ECS:
877 case AUTH_SCRIPT:
878 return false;
879
880 case AUTH_SHIBBOLETH:
881 return $ilSetting->get("shib_auth_allow_local");
882 case AUTH_SOAP:
883 return $ilSetting->get("soap_auth_allow_local");
884 case AUTH_CAS:
885 return $ilSetting->get("cas_allow_local");
886
887 }
888 return false;
889 }

References $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 898 of file class.ilAuthUtils.php.

899 {
900 global $ilSetting;
901
902 if (self::isPasswordModificationHidden()) {
903 return false;
904 }
905
906 // begin-patch ldap_multiple
907 // cast to int
908 switch((int) $a_authmode)
909 {
910 // No local passwords for these auth modes
911 case AUTH_LDAP:
912 case AUTH_RADIUS:
913 case AUTH_ECS:
914 case AUTH_SCRIPT:
915 return false;
916
917 // Always for and local
918 case AUTH_LOCAL:
919 case AUTH_APACHE:
920 return true;
921
922 // Read setting:
923 case AUTH_SHIBBOLETH:
924 return $ilSetting->get("shib_auth_allow_local");
925 case AUTH_SOAP:
926 return $ilSetting->get("soap_auth_allow_local");
927 case AUTH_CAS:
928 return $ilSetting->get("cas_allow_local");
929 }
930 }

References $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, and AUTH_SOAP.

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), ilAuthContainerMDB2\loginObserver(), and supportsLocalPasswordValidation().

+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 937 of file class.ilAuthUtils.php.

938 {
939 // begin-patch ldap_multiple
940 // cast to int
941 switch((int) $a_authmode)
942 {
943 case AUTH_LDAP:
944 case AUTH_LOCAL:
945 case AUTH_RADIUS:
946 return ilAuthUtils::LOCAL_PWV_FULL;
947
948 case AUTH_SHIBBOLETH:
949 case AUTH_SOAP:
950 case AUTH_CAS:
951 if(!ilAuthUtils::isPasswordModificationEnabled($a_authmode))
952 {
953 return ilAuthUtils::LOCAL_PWV_NO;
954 }
955 return ilAuthUtils::LOCAL_PWV_USER;
956
957 case AUTH_ECS:
958 case AUTH_SCRIPT:
959 case AUTH_APACHE:
960 default:
961 return ilAuthUtils::LOCAL_PWV_USER;
962 }
963 }
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:898

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 65 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 66 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 67 of file class.ilAuthUtils.php.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: