ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthContainerCAS Class Reference

@classDescription CAS authentication More...

+ Inheritance diagram for ilAuthContainerCAS:
+ Collaboration diagram for ilAuthContainerCAS:

Public Member Functions

 __construct ()
 
 forceAuthentication ($username, $status, $auth)
 Force CAS authentication. More...
 
 loginObserver ($a_username, $a_auth)
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source. More...
 
 initCAS ()
 

Protected Attributes

 $server_version = null
 
 $server_hostname = null
 
 $server_port = null
 
 $server_uri = null
 

Detailed Description

@classDescription CAS authentication

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 14 of file class.ilAuthContainerCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerCAS::__construct ( )

Definition at line 26 of file class.ilAuthContainerCAS.php.

27 {
28 parent::__construct();
29 $this->initCAS();
30 }

References initCAS().

+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerCAS::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)
Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Definition at line 208 of file class.ilAuthContainerCAS.php.

209 {
210 global $PHPCAS_CLIENT,$ilLog;
211
212 $ilLog->write(__METHOD__.': Fetch Data called');
213 return $PHPCAS_CLIENT->isAuthenticated();
214 }
$ilLog
$ilLog
Definition: inc.setup_header.php:130

References $ilLog.

◆ forceAuthentication()

ilAuthContainerCAS::forceAuthentication (   $username,
  $status,
  $auth 
)

Force CAS authentication.

Returns
Parameters
object$username
object$status
object$auth

Definition at line 39 of file class.ilAuthContainerCAS.php.

40 {
41 global $PHPCAS_CLIENT,$ilLog;
42
43 if(!$PHPCAS_CLIENT->isAuthenticated())
44 {
45 $PHPCAS_CLIENT->forceAuthentication();
46 }
47 }

References $ilLog.

◆ handleLDAPDataSource()

ilAuthContainerCAS::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 157 of file class.ilAuthContainerCAS.php.

158 {
159 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
160 $server = ilLDAPServer::getInstanceByServerId(
161 ilLDAPServer::getDataSource(AUTH_CAS)
162 );
163
164 $GLOBALS['ilLog']->write(__METHOD__.' Using ldap data source for user: '.$ext_account);
165
166 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
167 $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
168 $sync->setExternalAccount($ext_account);
169 $sync->setUserData(array());
170 #$sync->forceCreation($this->force_creation);
171 // TODO: Check this
172 $sync->forceCreation(true);
173
174 try {
175 $internal_account = $sync->sync();
176 }
177 catch(UnexpectedValueException $e) {
178 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
179 $a_auth->status = AUTH_WRONG_LOGIN;
180 $a_auth->logout();
181 return false;
182 }
183 catch(ilLDAPSynchronisationForbiddenException $e) {
184 // No syncronisation allowed => create Error
185 $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
186 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
187 $a_auth->logout();
188 return false;
189 }
190 catch(ilLDAPAccountMigrationRequiredException $e) {
191 $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
192 $a_auth->logout();
193 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
194 }
195 $a_auth->setAuth($internal_account);
196 return true;
197 }
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:314
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3567
$server
$server
Definition: dummy_client.php:12
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18

References $GLOBALS, $server, AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), and ilUtil\redirect().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initCAS()

ilAuthContainerCAS::initCAS ( )
protected

Definition at line 216 of file class.ilAuthContainerCAS.php.

217 {
218 global $ilSetting;
219
220 include_once("./Services/CAS/lib/CAS.php");
221
222 $this->server_version = CAS_VERSION_2_0;
223 $this->server_hostname = $ilSetting->get('cas_server');
224 $this->server_port = (int) $ilSetting->get('cas_port');
225 $this->server_uri = (string) $ilSetting->get('cas_uri');
226
227 phpCAS::setDebug();
228 phpCAS::client(
229 $this->server_version,
230 $this->server_hostname,
231 $this->server_port,
232 $this->server_uri
233 );
234 phpCAS::setNoCasServerValidation();
235 }
phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1639
phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:439
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $ilSetting, CAS_VERSION_2_0, phpCAS\client(), phpCAS\setDebug(), and phpCAS\setNoCasServerValidation().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerCAS::loginObserver (   $a_username,
  $a_auth 
)
See also
ilAuthContainerBase::loginObserver()

Definition at line 52 of file class.ilAuthContainerCAS.php.

53 {
54 global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
55
56 $ilLog->write(__METHOD__.': Successful CAS login.');
57
58 // Radius with ldap as data source
59 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
60 if(ilLDAPServer::isDataSourceActive(AUTH_CAS))
61 {
62 return $this->handleLDAPDataSource($a_auth,$a_username);
63 }
64
65 include_once("./Services/CAS/lib/CAS.php");
66 if ($PHPCAS_CLIENT->getUser() != "")
67 {
68 $username = $PHPCAS_CLIENT->getUser();
69 $ilLog->write(__METHOD__.': Username: '.$username);
70
71 // Authorize this user
72 include_once('./Services/User/classes/class.ilObjUser.php');
73 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
74
75 if ($local_user != "")
76 {
77 $a_auth->setAuth($local_user);
78 }
79 else
80 {
81 if (!$ilSetting->get("cas_create_users"))
82 {
83 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
84 $a_auth->logout();
85 return false;
86 }
87
88 $userObj = new ilObjUser();
89
90 $local_user = ilAuthUtils::_generateLogin($username);
91
92 $newUser["firstname"] = $local_user;
93 $newUser["lastname"] = "";
94
95 $newUser["login"] = $local_user;
96
97 // set "plain md5" password (= no valid password)
98 $newUser["passwd"] = "";
99 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
100
101 //$newUser["gender"] = "m";
102 $newUser["auth_mode"] = "cas";
103 $newUser["ext_account"] = $username;
104 $newUser["profile_incomplete"] = 1;
105
106 // system data
107 $userObj->assignData($newUser);
108 $userObj->setTitle($userObj->getFullname());
109 $userObj->setDescription($userObj->getEmail());
110
111 // set user language to system language
112 $userObj->setLanguage($ilSetting->get("language"));
113
114 // Time limit
115 $userObj->setTimeLimitOwner(7);
116 $userObj->setTimeLimitUnlimited(1);
117 $userObj->setTimeLimitFrom(time());
118 $userObj->setTimeLimitUntil(time());
119
120 // Create user in DB
121 $userObj->setOwner(0);
122 $userObj->create();
123 $userObj->setActive(1);
124
125 $userObj->updateOwner();
126
127 //insert user data in table user_data
128 $userObj->saveAsNew();
129
130 // setup user preferences
131 $userObj->writePrefs();
132
133 // to do: test this
134 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
135 unset($userObj);
136
137 $a_auth->setAuth($local_user);
138 return true;
139 }
140 }
141 else
142 {
143 $ilLog->write(__METHOD__.': Login failed.');
144
145 // This should never occur unless CAS is not configured properly
146 $a_auth->status = AUTH_WRONG_LOGIN;
147 return false;
148 }
149 return false;
150 }
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthContainerCAS\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerCAS.php:157
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:611
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:299
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721

References $ilLog, $ilSetting, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, handleLDAPDataSource(), IL_PASSWD_CRYPTED, and ilLDAPServer\isDataSourceActive().

+ Here is the call graph for this function:

Field Documentation

◆ $server_hostname

ilAuthContainerCAS::$server_hostname = null
protected

Definition at line 19 of file class.ilAuthContainerCAS.php.

◆ $server_port

ilAuthContainerCAS::$server_port = null
protected

Definition at line 20 of file class.ilAuthContainerCAS.php.

◆ $server_uri

ilAuthContainerCAS::$server_uri = null
protected

Definition at line 21 of file class.ilAuthContainerCAS.php.

◆ $server_version

ilAuthContainerCAS::$server_version = null
protected

Definition at line 18 of file class.ilAuthContainerCAS.php.

The documentation for this class was generated from the following file: