ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Private Attributes
ilAuthProviderCAS Class Reference

CAS authentication provider. More...

+ Inheritance diagram for ilAuthProviderCAS:
+ Collaboration diagram for ilAuthProviderCAS:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 ilAuthProviderCAS constructor. More...
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication.
Parameters
\ilAuthStatus$statusAuthentication status
Returns
bool
More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 

Protected Member Functions

 getSettings ()
 
 handleLDAPDataSource (\ilAuthStatus $status)
 Handle user data synchonization by ldap data source. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $settings = null
 

Additional Inherited Members

- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Detailed Description

CAS authentication provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 13 of file class.ilAuthProviderCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderCAS::__construct ( ilAuthCredentials  $credentials)

ilAuthProviderCAS constructor.

Parameters
\ilAuthCredentials$credentials

Definition at line 24 of file class.ilAuthProviderCAS.php.

References $DIC, ilCASSettings\getInstance(), and settings().

25  {
26  global $DIC;
27 
28  parent::__construct($credentials);
29  include_once './Services/CAS/classes/class.ilCASSettings.php';
30  $this->settings = ilCASSettings::getInstance();
31  }
$DIC
global $DIC
Definition: saml.php:7
settings
settings()
Definition: settings.php:2
ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:40
+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderCAS::doAuthentication ( \ilAuthStatus  $status)

Do authentication.

Parameters
\ilAuthStatus$statusAuthentication status
Returns
bool

Implements ilAuthProviderInterface.

Definition at line 44 of file class.ilAuthProviderCAS.php.

References ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), AUTH_CAS, CAS_VERSION_2_0, phpCAS\client(), phpCAS\forceAuthentication(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), phpCAS\getUser(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilLDAPServer\isDataSourceActive(), ilAuthStatus\setAuthenticatedUserId(), phpCAS\setDebug(), phpCAS\setNoCasServerValidation(), ilAuthStatus\setStatus(), phpCAS\setVerbose(), and ilAuthStatus\STATUS_AUTHENTICATED.

45  {
46  include_once './Services/CAS/lib/CAS.php';
47  global $phpCAS;
48 
49  $this->getLogger()->debug('Starting cas authentication attempt... ');
50 
51  try {
52  phpCAS::setDebug(false);
53  phpCAS::setVerbose(true);
54  phpCAS::client(
55  CAS_VERSION_2_0,
56  $this->getSettings()->getServer(),
57  (int) $this->getSettings()->getPort(),
58  $this->getSettings()->getUri()
59  );
60 
61  phpCAS::setNoCasServerValidation();
62  phpCAS::forceAuthentication();
63  } catch (Exception $e) {
64  $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
65  $this->handleAuthenticationFail($status, 'err_wrong_login');
66  return false;
67  }
68 
69  if (!strlen(phpCAS::getUser())) {
70  return $this->handleAuthenticationFail($status, 'err_wrong_login');
71  }
72  $this->getCredentials()->setUsername(phpCAS::getUser());
73 
74  // check and handle ldap data sources
75  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
76  if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
77  return $this->handleLDAPDataSource($status);
78  }
79 
80  // Check account available
81  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
82  if (strlen($local_user)) {
83  $this->getLogger()->debug('CAS authentication successful.');
84  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
85  $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
86  return true;
87  }
88 
89  if (!$this->getSettings()->isUserCreationEnabled()) {
90  $this->getLogger()->debug('User creation disabled. No valid local account found');
91  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
92  return false;
93  }
94 
95 
96  include_once './Services/CAS/classes/class.ilCASAttributeToUser.php';
97  $importer = new ilCASAttributeToUser($this->getSettings());
98  $new_name = $importer->create($this->getCredentials()->getUsername());
99 
100  if (!strlen($new_name)) {
101  $this->getLogger()->debug('User creation failed.');
102  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
103  return false;
104  }
105 
106  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107  $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
108  return true;
109  }
phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1094
phpCAS\getUser
static getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1175
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(\ilAuthStatus $status)
Handle user data synchonization by ldap data source.
Definition: class.ilAuthProviderCAS.php:115
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:10
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:288
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
phpCAS\setVerbose
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
Definition: CAS.php:481
phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:439
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1639
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338
+ Here is the call graph for this function:

◆ getSettings()

ilAuthProviderCAS::getSettings ( )
protected
Returns

Definition at line 36 of file class.ilAuthProviderCAS.php.

References $settings.

Referenced by doAuthentication().

37  {
38  return $this->settings;
39  }
+ Here is the caller graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderCAS::handleLDAPDataSource ( \ilAuthStatus  $status)
protected

Handle user data synchonization by ldap data source.

Parameters
\ilAuthStatus$status

Definition at line 115 of file class.ilAuthProviderCAS.php.

References $server, $sync, ilObjUser\_lookupId(), array, AUTH_CAS, ilAuthProvider\getCredentials(), ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by doAuthentication().

116  {
117  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
118  $server = ilLDAPServer::getInstanceByServerId(
119  ilLDAPServer::getDataSource(AUTH_CAS)
120  );
121 
122  $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());
123 
124  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
125  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
126  $sync->setExternalAccount($this->getCredentials()->getUsername());
127  $sync->setUserData(array());
128  $sync->forceCreation(true);
129 
130  try {
131  $internal_account = $sync->sync();
132  } catch (UnexpectedValueException $e) {
133  $this->getLogger()->warning('Authentication failed with mesage: ' . $e->getMessage());
134  $this->handleAuthenticationFail($status, 'err_wrong_login');
135  return false;
136  } catch (ilLDAPSynchronisationForbiddenException $e) {
137 
138  // No syncronisation allowed => create Error
139  $this->getLogger()->warning('User creation disabled. No valid local account found');
140  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
141  return false;
142  } catch (ilLDAPAccountMigrationRequiredException $e) {
143 
144  // No syncronisation allowed => create Error
145  $this->getLogger()->warning('User creation disabled. No valid local account found');
146  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
147  return false;
148  }
149  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
150  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
151  return true;
152  }
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
$sync
$sync
Definition: memcacheSync.php:62
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:302
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
$server
$server
Definition: getUserInfo.php:12
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $settings

ilAuthProviderCAS::$settings = null
private

Definition at line 18 of file class.ilAuthProviderCAS.php.

Referenced by getSettings().

The documentation for this class was generated from the following file: