dd/d89/class_8ilAuthProviderCAS_8php_source.html

 <?php
 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */

 include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
 include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';

 class ilAuthProviderCAS extends ilAuthProvider implements ilAuthProviderInterface
 {
     private $settings = null;

     public function __construct(ilAuthCredentials $credentials)
     {
         global $DIC;

         parent::__construct($credentials);
         include_once './Services/CAS/classes/class.ilCASSettings.php';
         $this->settings = ilCASSettings::getInstance();
     }

     protected function getSettings()
     {
         return $this->settings;
     }

     public function doAuthentication(\ilAuthStatus $status)
     {
         include_once './Services/CAS/lib/CAS.php';
         global $phpCAS;

         $this->getLogger()->debug('Starting cas authentication attempt... ');

         try {
             phpCAS::setDebug(false);
             phpCAS::setVerbose(true);
             phpCAS::client(
                 CAS_VERSION_2_0,
                 $this->getSettings()->getServer(),
                 (int) $this->getSettings()->getPort(),
                 $this->getSettings()->getUri()
             );

             phpCAS::setNoCasServerValidation();
             phpCAS::forceAuthentication();
         } catch (Exception $e) {
             $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
             $this->handleAuthenticationFail($status, 'err_wrong_login');
             return false;
         }

         if (!strlen(phpCAS::getUser())) {
             return $this->handleAuthenticationFail($status, 'err_wrong_login');
         }
         $this->getCredentials()->setUsername(phpCAS::getUser());

         // check and handle ldap data sources
         include_once './Services/LDAP/classes/class.ilLDAPServer.php';
         if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
             return $this->handleLDAPDataSource($status);
         }

         // Check account available
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
         if (strlen($local_user)) {
             $this->getLogger()->debug('CAS authentication successful.');
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
             $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
             return true;
         }

         if (!$this->getSettings()->isUserCreationEnabled()) {
             $this->getLogger()->debug('User creation disabled. No valid local account found');
             $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
             return false;
         }


         include_once './Services/CAS/classes/class.ilCASAttributeToUser.php';
         $importer = new ilCASAttributeToUser($this->getSettings());
         $new_name = $importer->create($this->getCredentials()->getUsername());

         if (!strlen($new_name)) {
             $this->getLogger()->debug('User creation failed.');
             $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
             return false;
         }

         $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
         $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
         return true;
     }

     protected function handleLDAPDataSource(\ilAuthStatus $status)
     {
         include_once './Services/LDAP/classes/class.ilLDAPServer.php';
         $server = ilLDAPServer::getInstanceByServerId(
             ilLDAPServer::getDataSource(AUTH_CAS)
         );

         $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());

         include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
         $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
         $sync->setExternalAccount($this->getCredentials()->getUsername());
         $sync->setUserData(array());
         $sync->forceCreation(true);

         try {
             $internal_account = $sync->sync();
         } catch (UnexpectedValueException $e) {
             $this->getLogger()->warning('Authentication failed with mesage: ' . $e->getMessage());
             $this->handleAuthenticationFail($status, 'err_wrong_login');
             return false;
         } catch (ilLDAPSynchronisationForbiddenException $e) {

             // No syncronisation allowed => create Error
             $this->getLogger()->warning('User creation disabled. No valid local account found');
             $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
             return false;
         } catch (ilLDAPAccountMigrationRequiredException $e) {

             // No syncronisation allowed => create Error
             $this->getLogger()->warning('User creation disabled. No valid local account found');
             $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
             return false;
         }
         $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
         $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
         return true;
     }
 }
ilLDAPSynchronisationForbiddenException
Description of ilLDAPSyncronisationException.
Definition: class.ilLDAPSynchronisationForbiddenException.php:12

phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1094

ilAuthProviderCAS\$settings
$settings
Definition: class.ilAuthProviderCAS.php:18

ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11

phpCAS\getUser
static getUser()
This method returns the CAS user&#39;s login name.
Definition: CAS.php:1175

ilAuthProviderCAS
CAS authentication provider.
Definition: class.ilAuthProviderCAS.php:13

$DIC
global $DIC
Definition: saml.php:7

AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12

ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14

ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(\ilAuthStatus $status)
Handle user data synchonization by ldap data source.
Definition: class.ilAuthProviderCAS.php:115

ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784

ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12

ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:10

ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58

ilAuthProvider\$status
$status
Definition: class.ilAuthProvider.php:23

ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116

ilAuthProvider\$credentials
$credentials
Definition: class.ilAuthProvider.php:21

UnexpectedValueException

ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11

ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11

ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode  ilDB $ilDB.
Definition: class.ilLDAPServer.php:288

ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63

ilAuthProvider\getCredentials
getCredentials()
Definition: class.ilAuthProvider.php:46

ilAuthProviderCAS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.Authentication status bool
Definition: class.ilAuthProviderCAS.php:44

$sync
$sync
Definition: memcacheSync.php:62

ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:302

CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78

array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692

ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38

$server
$server
Definition: getUserInfo.php:12

phpCAS\setVerbose
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
Definition: CAS.php:481

ilAuthProviderCAS\getSettings
getSettings()
Definition: class.ilAuthProviderCAS.php:36

ilAuthStatus\STATUS_AUTHENTICATED
const STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:18

settings
settings()
Definition: settings.php:2

ilAuthProviderCAS\__construct
__construct(ilAuthCredentials $credentials)
ilAuthProviderCAS constructor.
Definition: class.ilAuthProviderCAS.php:24

phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:439

ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55

phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1639

ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11

phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338

ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:40

Exception