ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAuthProviderCAS.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
5 include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
6 
13 class ilAuthProviderCAS extends ilAuthProvider implements ilAuthProviderInterface
14 {
18  private $settings = null;
19 
24  public function __construct(ilAuthCredentials $credentials)
25  {
26  global $DIC;
27 
28  parent::__construct($credentials);
29  include_once './Services/CAS/classes/class.ilCASSettings.php';
30  $this->settings = ilCASSettings::getInstance();
31  }
32 
36  protected function getSettings()
37  {
38  return $this->settings;
39  }
40 
44  public function doAuthentication(\ilAuthStatus $status)
45  {
46  include_once './Services/CAS/lib/CAS.php';
47  global $phpCAS;
48 
49  $this->getLogger()->debug('Starting cas authentication attempt... ');
50 
51  try {
52  phpCAS::setDebug(false);
53  phpCAS::setVerbose(true);
54  phpCAS::client(
55  CAS_VERSION_2_0,
56  $this->getSettings()->getServer(),
57  (int) $this->getSettings()->getPort(),
58  $this->getSettings()->getUri()
59  );
60 
61  phpCAS::setNoCasServerValidation();
62  phpCAS::forceAuthentication();
63  }
64  catch(Exception $e) {
65  $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
66  $this->handleAuthenticationFail($status, 'err_wrong_login');
67  return false;
68  }
69 
70  if(!strlen(phpCAS::getUser()))
71  {
72  return $this->handleAuthenticationFail($status, 'err_wrong_login');
73  }
74  $this->getCredentials()->setUsername(phpCAS::getUser());
75 
76  // check and handle ldap data sources
77  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
78  if(ilLDAPServer::isDataSourceActive(AUTH_CAS))
79  {
80  return $this->handleLDAPDataSource($status);
81  }
82 
83  // Check account available
84  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
85  if(strlen($local_user))
86  {
87  $this->getLogger()->debug('CAS authentication successful.');
88  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
89  $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
90  return true;
91  }
92 
93  if(!$this->getSettings()->isUserCreationEnabled())
94  {
95  $this->getLogger()->debug('User creation disabled. No valid local account found');
96  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
97  return false;
98  }
99 
100 
101  include_once './Services/CAS/classes/class.ilCASAttributeToUser.php';
102  $importer = new ilCASAttributeToUser($this->getSettings());
103  $new_name = $importer->create($this->getCredentials()->getUsername());
104 
105  if(!strlen($new_name))
106  {
107  $this->getLogger()->debug('User creation failed.');
108  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
109  return false;
110  }
111 
112  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
113  $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
114  return true;
115  }
116 
121  protected function handleLDAPDataSource(\ilAuthStatus $status)
122  {
123  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
124  $server = ilLDAPServer::getInstanceByServerId(
125  ilLDAPServer::getDataSource(AUTH_CAS)
126  );
127 
128  $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());
129 
130  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
131  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
132  $sync->setExternalAccount($this->getCredentials()->getUsername());
133  $sync->setUserData(array());
134  $sync->forceCreation(true);
135 
136  try {
137  $internal_account = $sync->sync();
138  }
139  catch(UnexpectedValueException $e) {
140  $this->getLogger()->warning('Authentication failed with mesage: ' . $e->getMessage());
141  $this->handleAuthenticationFail($status, 'err_wrong_login');
142  return false;
143  }
144  catch(ilLDAPSynchronisationForbiddenException $e) {
145 
146  // No syncronisation allowed => create Error
147  $this->getLogger()->warning('User creation disabled. No valid local account found');
148  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
149  return false;
150  }
151  catch(ilLDAPAccountMigrationRequiredException $e) {
152 
153  // No syncronisation allowed => create Error
154  $this->getLogger()->warning('User creation disabled. No valid local account found');
155  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
156  return false;
157  }
158  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
159  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
160  return true;
161  }
162 
163 }
phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1094
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11
phpCAS\getUser
static getUser()
This method returns the CAS user&#39;s login name.
Definition: CAS.php:1175
ilAuthProviderCAS
CAS authentication provider.
Definition: class.ilAuthProviderCAS.php:13
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(\ilAuthStatus $status)
Handle user data synchonization by ldap data source.
Definition: class.ilAuthProviderCAS.php:121
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:10
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:118
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:299
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:64
ilAuthProviderCAS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.Authentication status bool
Definition: class.ilAuthProviderCAS.php:44
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:314
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
phpCAS\setVerbose
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
Definition: CAS.php:481
$server
$server
Definition: dummy_client.php:12
settings
settings()
Definition: settings.php:2
ilAuthProviderCAS\__construct
__construct(ilAuthCredentials $credentials)
ilAuthProviderCAS constructor.
Definition: class.ilAuthProviderCAS.php:24
phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:439
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
$DIC
global $DIC
Definition: imagemanager.php:32
phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1639
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338
ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:41