ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static initSession ()
 Initialize session. More...
 
static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key)
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 66 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 594 of file class.ilAuthUtils.php.

595 {
596 // begin-patch ldap_multiple
597 // cast to int
598 switch ((int) $a_auth_mode) {
599 case AUTH_LDAP:
600 case AUTH_RADIUS:
601 case AUTH_ECS:
602 case AUTH_PROVIDER_LTI:
603 return false;
604 default:
605 return true;
606 }
607 }
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:28

References AUTH_ECS, AUTH_LDAP, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 415 of file class.ilAuthUtils.php.

416 {
417 global $ilDB;
418
419 // Check if username already exists
420 $found = false;
421 $postfix = 0;
422 $c_login = $a_login;
423 while (!$found) {
424 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
425 $ilDB->quote($c_login));
426 if ($r->numRows() > 0) {
427 $postfix++;
428 $c_login = $a_login . $postfix;
429 } else {
430 $found = true;
431 }
432 }
433
434 return $c_login;
435 }
$r
$r
Definition: example_031.php:79
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthContainerECS\createUser(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSaml\importUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 305 of file class.ilAuthUtils.php.

306 {
307 global $ilias,$ilSetting;
308
309 $modes = array(
310 'default' => $ilSetting->get("auth_mode"),
311 'local' => AUTH_LOCAL
312 );
313 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
314 // begin-patch ldap_multiple
315 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
316 $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
317 }
318
319 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
320 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
321 $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
322 }
323
324 // end-patch ldap_multiple
325 if ($ilSetting->get("radius_active")) {
326 $modes['radius'] = AUTH_RADIUS;
327 }
328 if ($ilSetting->get("shib_active")) {
329 $modes['shibboleth'] = AUTH_SHIBBOLETH;
330 }
331 if ($ilSetting->get("script_active")) {
332 $modes['script'] = AUTH_SCRIPT;
333 }
334 if ($ilSetting->get("cas_active")) {
335 $modes['cas'] = AUTH_CAS;
336 }
337 if ($ilSetting->get("soap_auth_active")) {
338 $modes['soap'] = AUTH_SOAP;
339 }
340 if ($ilSetting->get("apache_active")) {
341 $modes['apache'] = AUTH_APACHE;
342 }
343
344 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
345 if (ilECSServerSettings::getInstance()->activeServerExists()) {
346 $modes['ecs'] = AUTH_ECS;
347 }
348
349 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
350 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
351 $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
352 }
353
354 // begin-path auth_plugin
355 foreach (self::getAuthPlugins() as $pl) {
356 foreach ($pl->getAuthIds() as $auth_id) {
357 if ($pl->isAuthActive($auth_id)) {
358 $modes[$pl->getAuthName($auth_id)] = $auth_id;
359 }
360 }
361 }
362 // end-path auth_plugin
363 return $modes;
364 }
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:103
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:256
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$idp
$idp
Definition: prp.php:13

References $idp, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 366 of file class.ilAuthUtils.php.

367 {
368 $modes = array(
369 AUTH_LOCAL,
370 AUTH_LDAP,
371 AUTH_SHIBBOLETH,
372 AUTH_SAML,
373 AUTH_CAS,
374 AUTH_SOAP,
375 AUTH_RADIUS,
376 AUTH_ECS,
377 AUTH_PROVIDER_LTI,
378 AUTH_APACHE
379 );
380 $ret = array();
381 foreach ($modes as $mode) {
382 if ($mode == AUTH_PROVIDER_LTI) {
383 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
384 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
385 $id = AUTH_PROVIDER_LTI . '_' . $sid;
386 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
387 }
388 continue;
389 }
390
391 // multi ldap implementation
392 if ($mode == AUTH_LDAP) {
393 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
394 $id = AUTH_LDAP . '_' . $ldap_id;
395 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
396 }
397 continue;
398 } elseif ($mode == AUTH_SAML) {
399 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
400 foreach (ilSamlIdp::getAllIdps() as $idp) {
401 $id = AUTH_SAML . '_' . $idp->getIdpId();
402 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
403 }
404 continue;
405 }
406 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
407 }
408 return $ret;
409 }
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:245
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:194
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:272
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$ret
$ret
Definition: parser.php:6

References $id, $idp, $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 177 of file class.ilAuthUtils.php.

178 {
179 global $ilDB, $ilSetting;
180
181 $db =&$ilDB;
182
183 if ($a_db_handler != '') {
184 $db =&$a_db_handler;
185 }
186
187 // begin-patch ldap_multiple
188 if (strpos($a_auth_mode, '_') !== false) {
189 $auth_arr = explode('_', $a_auth_mode);
190 $auth_switch = $auth_arr[0];
191 } else {
192 $auth_switch = $a_auth_mode;
193 }
194 switch ($auth_switch) {
195 case "local":
196 return AUTH_LOCAL;
197 break;
198
199 case "ldap":
200 // begin-patch ldap_multiple
201 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
202 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
203 // end-patch ldap_multiple
204
205 case 'lti':
206 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
207 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
208
209 case "radius":
210 return AUTH_RADIUS;
211 break;
212
213 case "script":
214 return AUTH_SCRIPT;
215 break;
216
217 case "shibboleth":
218 return AUTH_SHIBBOLETH;
219 break;
220
221 case 'saml':
222 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
223 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
224
225 case "cas":
226 return AUTH_CAS;
227 break;
228
229 case "soap":
230 return AUTH_SOAP;
231 break;
232
233 case 'ecs':
234 return AUTH_ECS;
235
236 case 'apache':
237 return AUTH_APACHE;
238
239 default:
240 return $ilSetting->get("auth_mode");
241 break;
242 }
243 }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:380
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:399
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:307

References $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by _getAuthModeOfUser(), ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 245 of file class.ilAuthUtils.php.

246 {
247 global $ilias;
248
249 // begin-patch ldap_multiple
250 switch ((int) $a_auth_key) {
251 case AUTH_LOCAL:
252 return "local";
253 break;
254
255 case AUTH_LDAP:
256 // begin-patch ldap_multiple
257 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
258 return ilLDAPServer::getAuthModeByKey($a_auth_key);
259 // end-patch ldap_multiple
260
261 case AUTH_PROVIDER_LTI:
262 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
263 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
264
265 case AUTH_RADIUS:
266 return "radius";
267 break;
268
269 case AUTH_CAS:
270 return "cas";
271 break;
272
273 case AUTH_SCRIPT:
274 return "script";
275 break;
276
277 case AUTH_SHIBBOLETH:
278 return "shibboleth";
279 break;
280
281 case AUTH_SAML:
282 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
283 return ilSamlIdp::getAuthModeByKey($a_auth_key);
284
285 case AUTH_SOAP:
286 return "soap";
287 break;
288
289 case AUTH_ECS:
290 return 'ecs';
291
292 case AUTH_APACHE:
293 return 'apache';
294
295 case AUTH_PROVIDER_LTI:
296 return "lti";
297 break;
298
299 default:
300 return "default";
301 break;
302 }
303 }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:366
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:385
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Definition: class.ilSamlIdp.php:293

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeOfUser()

static ilAuthUtils::_getAuthModeOfUser (   $a_username,
  $a_password,
  $a_db_handler = '' 
)
static

Definition at line 131 of file class.ilAuthUtils.php.

132 {
133 global $ilDB;
134
135 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
136 ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
137 return AUTH_ECS;
138 }
139 if (isset($_POST['auth_mode'])) {
140 // begin-patch ldap_multiple
141 return $_POST['auth_mode'];
142 // end-patch ldap_multiple
143 }
144
145 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
146 $det = ilAuthModeDetermination::_getInstance();
147
148 if (!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1) {
149 ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
150 return AUTH_MULTIPLE;
151 }
152
153
154 $db =&$ilDB;
155
156 if ($a_db_handler != '') {
157 $db =&$a_db_handler;
158 }
159
160 // Is it really necessary to check the auth mode with password ?
161 // Changed: smeyer
162 $q = "SELECT auth_mode FROM usr_data WHERE " .
163 "login = " . $ilDB->quote($a_username);
164 //"passwd = ".$ilDB->quote(md5($a_password))."";
165
166
167 $r = $db->query($q);
168 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
169 //echo "+".$row->auth_mode."+";
170
171
172 $auth_mode = self::_getAuthMode($row->auth_mode, $db);
173
174 return in_array($auth_mode, self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
175 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
AUTH_MULTIPLE
const AUTH_MULTIPLE
Definition: class.ilAuthUtils.php:24
AUTH_INACTIVE
const AUTH_INACTIVE
Definition: class.ilAuthUtils.php:22
ilAuthFactory\setContext
static setContext($a_context)
set context
Definition: class.ilAuthFactory.php:95
ilAuthUtils\_getAuthMode
static _getAuthMode($a_auth_mode, $a_db_handler='')
Definition: class.ilAuthUtils.php:177
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79

References $_GET, $_POST, $ilDB, $r, $row, _getAuthMode(), ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, ilAuthFactory\CONTEXT_ECS, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and ilAuthFactory\setContext().

+ Here is the call graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 471 of file class.ilAuthUtils.php.

472 {
473 global $ilSetting;
474
475 // in the moment only ldap is activated as additional authentication method
476 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
477
478 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
479
480
481 // begin-patch ldap_multiple
482 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
483 $server = ilLDAPServer::getInstanceByServerId($sid);
484 $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
485 }
486 // end-patch ldap_multiple
487
488 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
489 $rad_settings = ilRadiusSettings::_getInstance();
490 if ($rad_settings->isActive()) {
491 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
492 }
493
494 if ($ilSetting->get('apache_active')) {
495 global $lng;
496 $apache_settings = new ilSetting('apache_auth');
497 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
498 $options[AUTH_APACHE]['hide_in_ui'] = true;
499 }
500
501 if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
502 $default = AUTH_LDAP;
503 } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
504 $default = AUTH_RADIUS;
505 } else {
506 $default = AUTH_LOCAL;
507 }
508
509 $default = $ilSetting->get('default_auth_mode', $default);
510 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
511
512
513 // begin-patch auth_plugin
514 $pls = ilAuthUtils::getAuthPlugins();
515 foreach ($pls as $pl) {
516 $auths = $pl->getAuthIds();
517 foreach ($auths as $auth_id) {
518 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
519 if ($pl_auth_option) {
520 $options = $options + $pl_auth_option;
521 }
522 }
523 }
524 // end-patch auth_plugins
525
526 if (array_key_exists($default, $options)) {
527 $options[$default]['checked'] = true;
528 }
529
530 return $options ? $options : array();
531 }
$options
if(!isset( $_REQUEST[ 'ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:766
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$server
$server
Definition: getUserInfo.php:12
$lng
global $lng
Definition: privfeed.php:17

References $ilSetting, $lng, $options, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 437 of file class.ilAuthUtils.php.

438 {
439 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
440
441 $rad_settings = ilRadiusSettings::_getInstance();
442 if ($rad_settings->isActive()) {
443 return true;
444 }
445 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
446
447 if (count(ilLDAPServer::_getActiveServerList())) {
448 return true;
449 }
450
451 global $ilSetting;
452
453 if ($ilSetting->get('apache_active')) {
454 return true;
455 }
456
457 // begin-patch auth_plugin
458 foreach (ilAuthUtils::getAuthPlugins() as $pl) {
459 foreach ($pl->getAuthIds() as $auth_id) {
460 if ($pl->getMultipleAuthModeOptions($auth_id)) {
461 return true;
462 }
463 }
464 }
465 // end-patch auth_plugin
466
467
468 return false;
469 }

References $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 542 of file class.ilAuthUtils.php.

543 {
544 global $ilSetting;
545
546 if ($ilSetting->get("cas_active")) {
547 return true;
548 }
549 if ($ilSetting->get("soap_auth_active")) {
550 return true;
551 }
552 if ($ilSetting->get("shib_active")) {
553 return true;
554 }
555 if ($ilSetting->get('radius_active')) {
556 return true;
557 }
558 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
559 if (count(ilLDAPServer::_getActiveServerList())) {
560 return true;
561 }
562
563 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
564 if (count(ilAuthProviderLTI::getActiveAuthModes())) {
565 return true;
566 }
567
568 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
569 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
570 return true;
571 }
572
573 // begin-path auth_plugin
574 foreach (self::getAuthPlugins() as $pl) {
575 foreach ($pl->getAuthIds() as $auth_id) {
576 if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
577 return true;
578 }
579 }
580 }
581 // end-path auth_plugin
582
583 return false;
584 }
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:393

References $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), and ilSamlIdp\getActiveIdpList().

Referenced by ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 617 of file class.ilAuthUtils.php.

618 {
619 switch ($a_auth_mode) {
620 case AUTH_LOCAL:
621 case AUTH_APACHE:
622 return false;
623 default:
624 return true;
625 }
626 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key)
static
Parameters
string$a_auth_key

Definition at line 790 of file class.ilAuthUtils.php.

791 {
792 global $lng;
793
794 switch ((int) $a_auth_key) {
795 case AUTH_LDAP:
796 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
797 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
798 $server = ilLDAPServer::getInstanceByServerId($sid);
799 return $server->getName();
800
801 case AUTH_PROVIDER_LTI:
802 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
803 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
804 return ilAuthProviderLTI::lookupConsumer($sid);
805
806
807 case AUTH_SAML:
808 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
809 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
810 $idp = ilSamlIdp::getInstanceByIdpId($idp_id);
811 return $idp->getEntityId();
812
813 default:
814 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
815 }
816 }
ilAuthProviderLTI\lookupConsumer
static lookupConsumer($a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:428
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:442
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:372
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId($a_idp_id)
Definition: class.ilSamlIdp.php:102
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:243

References $idp, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 766 of file class.ilAuthUtils.php.

767 {
768 $pls = $GLOBALS['ilPluginAdmin']->getActivePluginsForSlot(
769 IL_COMP_SERVICE,
770 'Authentication',
771 'authhk'
772 );
773 $pl_objs = array();
774 foreach ($pls as $pl) {
775 $pl_objs[] = $GLOBALS['ilPluginAdmin']->getPluginObject(
776 IL_COMP_SERVICE,
777 'Authentication',
778 'authhk',
779 $pl
780 );
781 }
782 return $pl_objs;
783 }
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 91 of file class.ilAuthUtils.php.

92 {
93 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
94 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
95 $credentials = new ilAuthFrontendCredentials();
96 $credentials->setUsername($_GET['ecs_login']);
97 $credentials->setAuthMode(AUTH_ECS);
98
99 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
100 $provider_factory = new ilAuthProviderFactory();
101 $providers = $provider_factory->getProviders($credentials);
102
103 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
104 $status = ilAuthStatus::getInstance();
105
106 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
107 $frontend_factory = new ilAuthFrontendFactory();
108 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
109 $frontend = $frontend_factory->getFrontend(
110 $GLOBALS['DIC']['ilAuthSession'],
111 $status,
112 $credentials,
113 $providers
114 );
115
116 $frontend->authenticate();
117
118 switch ($status->getStatus()) {
119 case ilAuthStatus::STATUS_AUTHENTICATED:
120 return;
121
122 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
123 ilInitialisation::goToPublicSection();
124 return;
125 }
126 }
127 }
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:735

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initSession()

static ilAuthUtils::initSession ( )
static

Initialize session.

Definition at line 76 of file class.ilAuthUtils.php.

77 {
78 }

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 83 of file class.ilAuthUtils.php.

84 {
85 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
86 return true;
87 }
88 return false;
89 }

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 648 of file class.ilAuthUtils.php.

649 {
650 global $ilSetting;
651
652 switch ((int) $a_authmode) {
653 // always enabled
654 case AUTH_LOCAL:
655 case AUTH_APACHE:
656 return true;
657
658 // No local passwords for these auth modes
659 case AUTH_LDAP:
660 case AUTH_RADIUS:
661 case AUTH_ECS:
662 case AUTH_SCRIPT:
663 case AUTH_PROVIDER_LTI:
664 return false;
665
666 case AUTH_SAML:
667 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
668 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
669 return $idp->isActive() && $idp->allowLocalAuthentication();
670
671 case AUTH_SHIBBOLETH:
672 return $ilSetting->get("shib_auth_allow_local");
673 case AUTH_SOAP:
674 return $ilSetting->get("soap_auth_allow_local");
675 case AUTH_CAS:
676 return $ilSetting->get("cas_allow_local");
677
678 }
679 return false;
680 }

References $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

+ Here is the call graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 689 of file class.ilAuthUtils.php.

690 {
691 global $ilSetting;
692
693 if (self::isPasswordModificationHidden()) {
694 return false;
695 }
696
697 // begin-patch ldap_multiple
698 // cast to int
699 switch ((int) $a_authmode) {
700 // No local passwords for these auth modes
701 case AUTH_LDAP:
702 case AUTH_RADIUS:
703 case AUTH_ECS:
704 case AUTH_SCRIPT:
705 case AUTH_PROVIDER_LTI:
706 return false;
707
708 case AUTH_SAML:
709 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
710 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
711 return $idp->isActive() && $idp->allowLocalAuthentication();
712
713 // Always for and local
714 case AUTH_LOCAL:
715 case AUTH_APACHE:
716 return true;
717
718 // Read setting:
719 case AUTH_SHIBBOLETH:
720 return $ilSetting->get("shib_auth_allow_local");
721 case AUTH_SOAP:
722 return $ilSetting->get("soap_auth_allow_local");
723 case AUTH_CAS:
724 return $ilSetting->get("cas_allow_local");
725 }
726 }

References $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 733 of file class.ilAuthUtils.php.

734 {
735 // begin-patch ldap_multiple
736 // cast to int
737 switch ((int) $a_authmode) {
738 case AUTH_LDAP:
739 case AUTH_LOCAL:
740 case AUTH_RADIUS:
741 return ilAuthUtils::LOCAL_PWV_FULL;
742
743 case AUTH_SHIBBOLETH:
744 case AUTH_SAML:
745 case AUTH_SOAP:
746 case AUTH_CAS:
747 if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
748 return ilAuthUtils::LOCAL_PWV_NO;
749 }
750 return ilAuthUtils::LOCAL_PWV_USER;
751
752 case AUTH_PROVIDER_LTI:
753 case AUTH_ECS:
754 case AUTH_SCRIPT:
755 case AUTH_APACHE:
756 default:
757 return ilAuthUtils::LOCAL_PWV_USER;
758 }
759 }
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:689

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 68 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 69 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by ilDAVUtils\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: