ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3
9{
13 protected $db;
14
18 private static $instances = array();
19
23 protected $idp_id;
24
28 protected $is_active = false;
29
33 protected $allow_local_auth = false;
34
38 protected $default_role_id = false;
39
43 protected $uid_claim = '';
44
48 protected $login_claim = '';
49
53 protected $sync_status = false;
54
58 protected $entity_id = '';
59
63 protected $account_migration_status = false;
64
68 protected static $idp_as_data = array();
69
73 public function __construct($a_idp_id = 0)
74 {
75 $this->db = $GLOBALS['DIC']->database();
76 $this->idp_id = $a_idp_id;
77
78 if ($this->idp_id > 0) {
79 $this->read();
80 }
81 }
82
87 public static function getFirstActiveIdp()
88 {
89 $idps = self::getActiveIdpList();
90 if (count($idps) > 0) {
91 return current($idps);
92 }
93
94 require_once 'Services/Saml/exceptions/class.ilSamlException.php';
95 throw new \ilSamlException('No active SAML IDP found');
96 }
97
102 public static function getInstanceByIdpId($a_idp_id)
103 {
104 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
105 self::$instances[$a_idp_id] = new self($a_idp_id);
106 }
107
108 return self::$instances[$a_idp_id];
109 }
110
114 private function read()
115 {
116 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
117 $res = $this->db->query($query);
118 while ($record = $this->db->fetchAssoc($res)) {
119 $this->bindDbRecord($record);
120 return;
121 }
122
123 throw new \ilException('Could not find idp');
124 }
125
129 public function persist()
130 {
131 if (!$this->getIdpId()) {
132 $this->setIdpId($this->db->nextId('saml_idp_settings'));
133 }
134
135 $this->db->replace(
136 'saml_idp_settings',
137 array(
138 'idp_id' => array('integer', $this->getIdpId())
139 ),
140 array(
141 'is_active' => array('integer', $this->isActive()),
142 'default_role_id' => array('integer', $this->getDefaultRoleId()),
143 'uid_claim' => array('text', $this->getUidClaim()),
144 'login_claim' => array('text', $this->getLoginClaim()),
145 'entity_id' => array('text', $this->getEntityId()),
146 'sync_status' => array('integer', $this->isSynchronizationEnabled()),
147 'allow_local_auth' => array('integer', $this->allowLocalAuthentication()),
148 'account_migr_status' => array('integer', $this->isAccountMigrationEnabled())
149 )
150 );
151 }
152
156 public function delete()
157 {
158 require_once 'Services/Authentication/classes/External/UserAttributeMapping/class.ilExternalAuthUserAttributeMapping.php';
159 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
160 $mapping->delete();
161
162 $this->db->manipulateF(
163 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
164 array('text', 'text'),
165 array('default', AUTH_SAML . '_' . $this->getIdpId())
166 );
167
168 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer'));
169 }
170
174 public function toArray()
175 {
176 return array(
177 'idp_id' => $this->getIdpId(),
178 'is_active' => $this->isActive(),
179 'default_role_id' => $this->getDefaultRoleId(),
180 'uid_claim' => $this->getUidClaim(),
181 'login_claim' => $this->getLoginClaim(),
182 'sync_status' => $this->isSynchronizationEnabled(),
183 'account_migr_status' => $this->isAccountMigrationEnabled(),
184 'allow_local_auth' => $this->allowLocalAuthentication(),
185 'entity_id' => $this->getEntityId()
186 );
187 }
188
192 public function bindDbRecord(array $record)
193 {
194 $this->setIdpId((int) $record['idp_id']);
195 $this->setActive((bool) $record['is_active']);
196 $this->setDefaultRoleId((int) $record['default_role_id']);
197 $this->setUidClaim($record['uid_claim']);
198 $this->setLoginClaim($record['login_claim']);
199 $this->setSynchronizationStatus((bool) $record['sync_status']);
200 $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
201 $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
202 $this->setEntityId($record['entity_id']);
203 }
204
208 public function bindForm(ilPropertyFormGUI $form)
209 {
210 $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
211 $this->setUidClaim($form->getInput('uid_claim'));
212 $this->setLoginClaim($form->getInput('login_claim'));
213 $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
214 $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
215 $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
216
220 $metadata = $form->getItemByPostVar('metadata');
221 $this->setEntityId($metadata->getIdpMetadataParser()->getEntityId());
222 }
223
228 public static function isAuthModeSaml($a_auth_mode)
229 {
230 if (!$a_auth_mode) {
231 $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
232 return false;
233 }
234
235 $auth_arr = explode('_', $a_auth_mode);
236 return count($auth_arr) == 2 && $auth_arr[0] == AUTH_SAML && strlen($auth_arr[1]);
237 }
238
243 public static function getIdpIdByAuthMode($a_auth_mode)
244 {
245 if (self::isAuthModeSaml($a_auth_mode)) {
246 $auth_arr = explode('_', $a_auth_mode);
247 return $auth_arr[1];
248 }
249
250 return null;
251 }
252
256 public static function getActiveIdpList()
257 {
258 $idps = array();
259
260 foreach (self::getAllIdps() as $idp) {
261 if ($idp->isActive()) {
262 $idps[] = $idp;
263 }
264 }
265
266 return $idps;
267 }
268
272 public static function getAllIdps()
273 {
274 global $DIC;
275
276 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
277
278 $idps = array();
279 while ($row = $DIC->database()->fetchAssoc($res)) {
280 $idp = new self();
281 $idp->bindDbRecord($row);
282
283 $idps[] = $idp;
284 }
285
286 return $idps;
287 }
288
293 public static function getAuthModeByKey($a_auth_key)
294 {
295 $auth_arr = explode('_', $a_auth_key);
296 if (count((array) $auth_arr) > 1) {
297 return 'saml_' . $auth_arr[1];
298 }
299
300 return 'saml';
301 }
302
307 public static function getKeyByAuthMode($a_auth_mode)
308 {
309 $auth_arr = explode('_', $a_auth_mode);
310 if (count((array) $auth_arr) > 1) {
311 return AUTH_SAML . '_' . $auth_arr[1];
312 }
313
314 return AUTH_SAML;
315 }
316
320 public function getEntityId()
321 {
322 return $this->entity_id;
323 }
324
328 public function setEntityId($entity_id)
329 {
330 $this->entity_id = $entity_id;
331 }
332
336 public function isActive()
337 {
338 return (bool) $this->is_active;
339 }
340
344 public function setActive($is_active)
345 {
346 $this->is_active = (bool) $is_active;
347 }
348
352 public function getIdpId()
353 {
354 return (int) $this->idp_id;
355 }
356
360 public function setIdpId($idp_id)
361 {
362 $this->idp_id = (int) $idp_id;
363 }
364
368 public function allowLocalAuthentication()
369 {
370 return (bool) $this->allow_local_auth;
371 }
372
376 public function setLocalLocalAuthenticationStatus($status)
377 {
378 $this->allow_local_auth = (bool) $status;
379 }
380
384 public function getDefaultRoleId()
385 {
386 return (int) $this->default_role_id;
387 }
388
392 public function setDefaultRoleId($role_id)
393 {
394 $this->default_role_id = (int) $role_id;
395 }
396
400 public function setUidClaim($claim)
401 {
402 $this->uid_claim = $claim;
403 }
404
408 public function getUidClaim()
409 {
410 return $this->uid_claim;
411 }
412
416 public function setLoginClaim($claim)
417 {
418 $this->login_claim = $claim;
419 }
420
424 public function getLoginClaim()
425 {
426 return $this->login_claim;
427 }
428
432 public function isSynchronizationEnabled()
433 {
434 return (bool) $this->sync_status;
435 }
436
441 {
442 $this->sync_status = (bool) $sync;
443 }
444
449 {
451 }
452
456 public function setAccountMigrationStatus($status)
457 {
458 $this->account_migration_status = (int) $status;
459 }
460}
$metadata['__DYNAMIC:1__']
An exception for terminatinating execution or to throw for unit testing.
const AUTH_SAML
This class represents a property form user interface.
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Class ilSamlIdp.
static getKeyByAuthMode($a_auth_mode)
static getActiveIdpList()
setActive($is_active)
static getInstanceByIdpId($a_idp_id)
setIdpId($idp_id)
setLoginClaim($claim)
setDefaultRoleId($role_id)
static $instances
__construct($a_idp_id=0)
setSynchronizationStatus($sync)
isAccountMigrationEnabled()
setAccountMigrationStatus($status)
setLocalLocalAuthenticationStatus($status)
static getIdpIdByAuthMode($a_auth_mode)
static getFirstActiveIdp()
isSynchronizationEnabled()
static getAuthModeByKey($a_auth_key)
setEntityId($entity_id)
static $idp_as_data
setUidClaim($claim)
static isAuthModeSaml($a_auth_mode)
static getAllIdps()
allowLocalAuthentication()
bindDbRecord(array $record)
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
$sync
$query
$idp
Definition: prp.php:13
if(isset($_POST['submit'])) $form
global $DIC
Definition: saml.php:7
foreach($_POST as $key=> $value) $res