ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilSamlIdp.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
8 class ilSamlIdp
9 {
13  protected $db;
14 
18  private static $instances = array();
19 
23  protected $idp_id;
24 
28  protected $is_active = false;
29 
33  protected $allow_local_auth = false;
34 
38  protected $default_role_id = false;
39 
43  protected $uid_claim = '';
44 
48  protected $login_claim = '';
49 
53  protected $sync_status = false;
54 
58  protected $entity_id = '';
59 
63  protected $account_migration_status = false;
64 
68  protected static $idp_as_data = array();
69 
73  public function __construct($a_idp_id = 0)
74  {
75  $this->db = $GLOBALS['DIC']->database();
76  $this->idp_id = $a_idp_id;
77 
78  if ($this->idp_id > 0) {
79  $this->read();
80  }
81  }
82 
87  public static function getFirstActiveIdp()
88  {
89  $idps = self::getActiveIdpList();
90  if (count($idps) > 0) {
91  return current($idps);
92  }
93 
94  require_once 'Services/Saml/exceptions/class.ilSamlException.php';
95  throw new \ilSamlException('No active SAML IDP found');
96  }
97 
102  public static function getInstanceByIdpId($a_idp_id)
103  {
104  if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
105  self::$instances[$a_idp_id] = new self($a_idp_id);
106  }
107 
108  return self::$instances[$a_idp_id];
109  }
110 
114  private function read()
115  {
116  $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
117  $res = $this->db->query($query);
118  while ($record = $this->db->fetchAssoc($res)) {
119  $this->bindDbRecord($record);
120  return;
121  }
122 
123  throw new \ilException('Could not find idp');
124  }
125 
129  public function persist()
130  {
131  if (!$this->getIdpId()) {
132  $this->setIdpId($this->db->nextId('saml_idp_settings'));
133  }
134 
135  $this->db->replace(
136  'saml_idp_settings',
137  array(
138  'idp_id' => array('integer', $this->getIdpId())
139  ),
140  array(
141  'is_active' => array('integer', $this->isActive()),
142  'default_role_id' => array('integer', $this->getDefaultRoleId()),
143  'uid_claim' => array('text', $this->getUidClaim()),
144  'login_claim' => array('text', $this->getLoginClaim()),
145  'entity_id' => array('text', $this->getEntityId()),
146  'sync_status' => array('integer', $this->isSynchronizationEnabled()),
147  'allow_local_auth' => array('integer', $this->allowLocalAuthentication()),
148  'account_migr_status' => array('integer', $this->isAccountMigrationEnabled())
149  )
150  );
151  }
152 
156  public function delete()
157  {
158  require_once 'Services/Authentication/classes/External/UserAttributeMapping/class.ilExternalAuthUserAttributeMapping.php';
159  $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
160  $mapping->delete();
161 
162  $this->db->manipulateF(
163  'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
164  array('text', 'text'),
165  array('default', AUTH_SAML . '_' . $this->getIdpId())
166  );
167 
168  $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer'));
169  }
170 
174  public function toArray()
175  {
176  return array(
177  'idp_id' => $this->getIdpId(),
178  'is_active' => $this->isActive(),
179  'default_role_id' => $this->getDefaultRoleId(),
180  'uid_claim' => $this->getUidClaim(),
181  'login_claim' => $this->getLoginClaim(),
182  'sync_status' => $this->isSynchronizationEnabled(),
183  'account_migr_status' => $this->isAccountMigrationEnabled(),
184  'allow_local_auth' => $this->allowLocalAuthentication(),
185  'entity_id' => $this->getEntityId()
186  );
187  }
188 
192  public function bindDbRecord(array $record)
193  {
194  $this->setIdpId((int) $record['idp_id']);
195  $this->setActive((bool) $record['is_active']);
196  $this->setDefaultRoleId((int) $record['default_role_id']);
197  $this->setUidClaim($record['uid_claim']);
198  $this->setLoginClaim($record['login_claim']);
199  $this->setSynchronizationStatus((bool) $record['sync_status']);
200  $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
201  $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
202  $this->setEntityId($record['entity_id']);
203  }
204 
208  public function bindForm(ilPropertyFormGUI $form)
209  {
210  $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
211  $this->setUidClaim($form->getInput('uid_claim'));
212  $this->setLoginClaim($form->getInput('login_claim'));
213  $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
214  $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
215  $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
216 
220  $metadata = $form->getItemByPostVar('metadata');
221  $this->setEntityId($metadata->getIdpMetadataParser()->getEntityId());
222  }
223 
228  public static function isAuthModeSaml($a_auth_mode)
229  {
230  if (!$a_auth_mode) {
231  $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
232  return false;
233  }
234 
235  $auth_arr = explode('_', $a_auth_mode);
236  return count($auth_arr) == 2 && $auth_arr[0] == AUTH_SAML && strlen($auth_arr[1]);
237  }
238 
243  public static function getIdpIdByAuthMode($a_auth_mode)
244  {
245  if (self::isAuthModeSaml($a_auth_mode)) {
246  $auth_arr = explode('_', $a_auth_mode);
247  return $auth_arr[1];
248  }
249 
250  return null;
251  }
252 
256  public static function getActiveIdpList()
257  {
258  $idps = array();
259 
260  foreach (self::getAllIdps() as $idp) {
261  if ($idp->isActive()) {
262  $idps[] = $idp;
263  }
264  }
265 
266  return $idps;
267  }
268 
272  public static function getAllIdps()
273  {
274  global $DIC;
275 
276  $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
277 
278  $idps = array();
279  while ($row = $DIC->database()->fetchAssoc($res)) {
280  $idp = new self();
281  $idp->bindDbRecord($row);
282 
283  $idps[] = $idp;
284  }
285 
286  return $idps;
287  }
288 
293  public static function getAuthModeByKey($a_auth_key)
294  {
295  $auth_arr = explode('_', $a_auth_key);
296  if (count((array) $auth_arr) > 1) {
297  return 'saml_' . $auth_arr[1];
298  }
299 
300  return 'saml';
301  }
302 
307  public static function getKeyByAuthMode($a_auth_mode)
308  {
309  $auth_arr = explode('_', $a_auth_mode);
310  if (count((array) $auth_arr) > 1) {
311  return AUTH_SAML . '_' . $auth_arr[1];
312  }
313 
314  return AUTH_SAML;
315  }
316 
320  public function getEntityId()
321  {
322  return $this->entity_id;
323  }
324 
328  public function setEntityId($entity_id)
329  {
330  $this->entity_id = $entity_id;
331  }
332 
336  public function isActive()
337  {
338  return (bool) $this->is_active;
339  }
340 
344  public function setActive($is_active)
345  {
346  $this->is_active = (bool) $is_active;
347  }
348 
352  public function getIdpId()
353  {
354  return (int) $this->idp_id;
355  }
356 
360  public function setIdpId($idp_id)
361  {
362  $this->idp_id = (int) $idp_id;
363  }
364 
368  public function allowLocalAuthentication()
369  {
370  return (bool) $this->allow_local_auth;
371  }
372 
376  public function setLocalLocalAuthenticationStatus($status)
377  {
378  $this->allow_local_auth = (bool) $status;
379  }
380 
384  public function getDefaultRoleId()
385  {
386  return (int) $this->default_role_id;
387  }
388 
392  public function setDefaultRoleId($role_id)
393  {
394  $this->default_role_id = (int) $role_id;
395  }
396 
400  public function setUidClaim($claim)
401  {
402  $this->uid_claim = $claim;
403  }
404 
408  public function getUidClaim()
409  {
410  return $this->uid_claim;
411  }
412 
416  public function setLoginClaim($claim)
417  {
418  $this->login_claim = $claim;
419  }
420 
424  public function getLoginClaim()
425  {
426  return $this->login_claim;
427  }
428 
432  public function isSynchronizationEnabled()
433  {
434  return (bool) $this->sync_status;
435  }
436 
440  public function setSynchronizationStatus($sync)
441  {
442  $this->sync_status = (bool) $sync;
443  }
444 
448  public function isAccountMigrationEnabled()
449  {
450  return (bool) $this->account_migration_status;
451  }
452 
456  public function setAccountMigrationStatus($status)
457  {
458  $this->account_migration_status = (int) $status;
459  }
460 }
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:243
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:192
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar($a_post_var)
Get Item by POST variable.
Definition: class.ilPropertyFormGUI.php:333
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$DIC
global $DIC
Definition: saml.php:7
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId($a_idp_id)
Definition: class.ilSamlIdp.php:102
ilSamlIdp\__construct
__construct($a_idp_id=0)
Definition: class.ilSamlIdp.php:73
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
ilSamlIdp\setDefaultRoleId
setDefaultRoleId($role_id)
Definition: class.ilSamlIdp.php:392
ilExternalAuthUserAttributeMapping
Class ilExternalAuthUserAttributeMapping.
Definition: class.ilExternalAuthUserAttributeMapping.php:10
ilSamlIdp\$instances
static $instances
Definition: class.ilSamlIdp.php:18
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilSamlIdp\setLoginClaim
setLoginClaim($claim)
Definition: class.ilSamlIdp.php:416
ilSamlIdp\setEntityId
setEntityId($entity_id)
Definition: class.ilSamlIdp.php:328
$sync
$sync
Definition: memcacheSync.php:62
$query
$query
Definition: proxy_ylocal.php:13
ilPropertyFormGUI\getInput
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Definition: class.ilPropertyFormGUI.php:551
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:272
ilSamlIdp\$idp_as_data
static $idp_as_data
Definition: class.ilSamlIdp.php:68
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus($sync)
Definition: class.ilSamlIdp.php:440
ilSamlIdp\setUidClaim
setUidClaim($claim)
Definition: class.ilSamlIdp.php:400
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml($a_auth_mode)
Definition: class.ilSamlIdp.php:228
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:8
ilSamlIdp\setActive
setActive($is_active)
Definition: class.ilSamlIdp.php:344
ilSamlIdp\setIdpId
setIdpId($idp_id)
Definition: class.ilSamlIdp.php:360
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:307
$idp
$idp
Definition: prp.php:13
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Definition: class.ilSamlIdp.php:293
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:448
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus($status)
Definition: class.ilSamlIdp.php:376
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:368
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:256
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:432
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus($status)
Definition: class.ilSamlIdp.php:456
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:87