ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAuthContainerCAS.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once 'Auth/Container.php';
5 
6 
14 class ilAuthContainerCAS extends Auth_Container
15 {
16  protected $server_version = null;
17  protected $server_hostname = null;
18  protected $server_port = null;
19  protected $server_uri = null;
20 
21 
24  public function __construct()
25  {
26  parent::__construct();
27  $this->initCAS();
28  }
29 
37  public function forceAuthentication($username, $status, $auth)
38  {
39  global $PHPCAS_CLIENT,$ilLog;
40 
41  if (!$PHPCAS_CLIENT->isAuthenticated()) {
42  $PHPCAS_CLIENT->forceAuthentication();
43  }
44  }
45 
49  public function loginObserver($a_username, $a_auth)
50  {
51  global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
52 
53  $ilLog->write(__METHOD__ . ': Successful CAS login.');
54 
55  // Radius with ldap as data source
56  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
57  if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
58  return $this->handleLDAPDataSource($a_auth, $a_username);
59  }
60 
61  include_once("./Services/CAS/lib/CAS.php");
62  if ($PHPCAS_CLIENT->getUser() != "") {
63  $username = $PHPCAS_CLIENT->getUser();
64  $ilLog->write(__METHOD__ . ': Username: ' . $username);
65 
66  // Authorize this user
67  include_once('./Services/User/classes/class.ilObjUser.php');
68  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
69 
70  if ($local_user != "") {
71  $a_auth->setAuth($local_user);
72  } else {
73  if (!$ilSetting->get("cas_create_users")) {
74  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
75  $a_auth->logout();
76  return false;
77  }
78 
79  $userObj = new ilObjUser();
80 
81  $local_user = ilAuthUtils::_generateLogin($username);
82 
83  $newUser["firstname"] = $local_user;
84  $newUser["lastname"] = "";
85 
86  $newUser["login"] = $local_user;
87 
88  // set "plain md5" password (= no valid password)
89  $newUser["passwd"] = "";
90  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
91 
92  //$newUser["gender"] = "m";
93  $newUser["auth_mode"] = "cas";
94  $newUser["ext_account"] = $username;
95  $newUser["profile_incomplete"] = 1;
96 
97  // system data
98  $userObj->assignData($newUser);
99  $userObj->setTitle($userObj->getFullname());
100  $userObj->setDescription($userObj->getEmail());
101 
102  // set user language to system language
103  $userObj->setLanguage($ilSetting->get("language"));
104 
105  // Time limit
106  $userObj->setTimeLimitOwner(7);
107  $userObj->setTimeLimitUnlimited(1);
108  $userObj->setTimeLimitFrom(time());
109  $userObj->setTimeLimitUntil(time());
110 
111  // Create user in DB
112  $userObj->setOwner(0);
113  $userObj->create();
114  $userObj->setActive(1);
115 
116  $userObj->updateOwner();
117 
118  //insert user data in table user_data
119  $userObj->saveAsNew();
120 
121  // setup user preferences
122  $userObj->writePrefs();
123 
124  // to do: test this
125  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
126  unset($userObj);
127 
128  $a_auth->setAuth($local_user);
129  return true;
130  }
131  } else {
132  $ilLog->write(__METHOD__ . ': Login failed.');
133 
134  // This should never occur unless CAS is not configured properly
135  $a_auth->status = AUTH_WRONG_LOGIN;
136  return false;
137  }
138  return false;
139  }
140 
146  protected function handleLDAPDataSource($a_auth, $ext_account)
147  {
148  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
149  $server = ilLDAPServer::getInstanceByServerId(
150  ilLDAPServer::getDataSource(AUTH_CAS)
151  );
152 
153  $GLOBALS['ilLog']->write(__METHOD__ . ' Using ldap data source for user: ' . $ext_account);
154 
155  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
156  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
157  $sync->setExternalAccount($ext_account);
158  $sync->setUserData(array());
159  #$sync->forceCreation($this->force_creation);
160  // TODO: Check this
161  $sync->forceCreation(true);
162 
163  try {
164  $internal_account = $sync->sync();
165  } catch (UnexpectedValueException $e) {
166  $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
167  $a_auth->status = AUTH_WRONG_LOGIN;
168  $a_auth->logout();
169  return false;
170  } catch (ilLDAPSynchronisationForbiddenException $e) {
171  // No syncronisation allowed => create Error
172  $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
173  $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
174  $a_auth->logout();
175  return false;
176  } catch (ilLDAPAccountMigrationRequiredException $e) {
177  $GLOBALS['ilLog']->write(__METHOD__ . ': Starting account migration.');
178  $a_auth->logout();
179  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
180  }
181  $a_auth->setAuth($internal_account);
182  return true;
183  }
184 
185 
186 
194  public function fetchData($a_username, $a_password, $isChallengeResponse = false)
195  {
196  global $PHPCAS_CLIENT,$ilLog;
197 
198  $ilLog->write(__METHOD__ . ': Fetch Data called');
199  return $PHPCAS_CLIENT->isAuthenticated();
200  }
201 
202  protected function initCAS()
203  {
204  global $ilSetting;
205 
206  include_once("./Services/CAS/lib/CAS.php");
207 
208  $this->server_version = CAS_VERSION_2_0;
209  $this->server_hostname = $ilSetting->get('cas_server');
210  $this->server_port = (int) $ilSetting->get('cas_port');
211  $this->server_uri = (string) $ilSetting->get('cas_uri');
212 
213  phpCAS::setDebug();
214  phpCAS::client(
215  $this->server_version,
216  $this->server_hostname,
217  $this->server_port,
218  $this->server_uri
219  );
220  phpCAS::setNoCasServerValidation();
221  }
222 }
Auth_Container
ilAuthContainerCAS\forceAuthentication
forceAuthentication($username, $status, $auth)
Force CAS authentication.
Definition: class.ilAuthContainerCAS.php:37
string
Add rich text string
Definition: 05featuredemo.inc.php:117
$auth
$auth
Definition: metadata.php:48
ilAuthContainerCAS\handleLDAPDataSource
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
Definition: class.ilAuthContainerCAS.php:146
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:415
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:45
ilAuthContainerCAS\fetchData
fetchData($a_username, $a_password, $isChallengeResponse=false)
Definition: class.ilAuthContainerCAS.php:194
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:288
$sync
$sync
Definition: memcacheSync.php:62
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:302
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
$server
$server
Definition: getUserInfo.php:12
$ilSetting
global $ilSetting
Definition: privfeed.php:17
phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:439
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1639
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3353
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338
ilAuthContainerCAS\loginObserver
loginObserver($a_username, $a_auth)
Definition: class.ilAuthContainerCAS.php:49