ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static initSession ()
 Initialize session. More...
 
static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key, $auth_name='')
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 68 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 631 of file class.ilAuthUtils.php.

632 {
633 switch ((int) $a_auth_mode) {
634 case AUTH_LDAP:
635 case AUTH_RADIUS:
636 case AUTH_ECS:
639 return false;
640 default:
641 return true;
642 }
643 }
const AUTH_OPENID_CONNECT
const AUTH_ECS
const AUTH_LDAP
const AUTH_RADIUS
const AUTH_PROVIDER_LTI

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 438 of file class.ilAuthUtils.php.

439 {
440 global $DIC;
441
442 $ilDB = $DIC['ilDB'];
443
444 // Check if username already exists
445 $found = false;
446 $postfix = 0;
447 $c_login = $a_login;
448 while (!$found) {
449 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
450 $ilDB->quote($c_login));
451 if ($r->numRows() > 0) {
452 $postfix++;
453 $c_login = $a_login . $postfix;
454 } else {
455 $found = true;
456 }
457 }
458
459 return $c_login;
460 }
$r
Definition: example_031.php:79
global $DIC
Definition: saml.php:7
global $ilDB

References $DIC, $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthContainerECS\createUser(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 322 of file class.ilAuthUtils.php.

323 {
324 global $DIC;
325
326 $ilias = $DIC['ilias'];
327 $ilSetting = $DIC['ilSetting'];
328
329 $modes = array(
330 'default' => $ilSetting->get("auth_mode"),
331 'local' => AUTH_LOCAL
332 );
333 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
334 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
335 $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
336 }
337
338 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
339 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
340 $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
341 }
342
343 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
344 $modes['oidc'] = AUTH_OPENID_CONNECT;
345 }
346
347 if ($ilSetting->get("radius_active")) {
348 $modes['radius'] = AUTH_RADIUS;
349 }
350 if ($ilSetting->get("shib_active")) {
351 $modes['shibboleth'] = AUTH_SHIBBOLETH;
352 }
353 if ($ilSetting->get("script_active")) {
354 $modes['script'] = AUTH_SCRIPT;
355 }
356 if ($ilSetting->get("cas_active")) {
357 $modes['cas'] = AUTH_CAS;
358 }
359 if ($ilSetting->get("soap_auth_active")) {
360 $modes['soap'] = AUTH_SOAP;
361 }
362 if ($ilSetting->get("apache_active")) {
363 $modes['apache'] = AUTH_APACHE;
364 }
365
366 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
367 if (ilECSServerSettings::getInstance()->activeServerExists()) {
368 $modes['ecs'] = AUTH_ECS;
369 }
370
371 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
372 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
373 $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
374 }
375
376 // begin-path auth_plugin
377 foreach (self::getAuthPlugins() as $pl) {
378 foreach ($pl->getAuthIds() as $auth_id) {
379 if ($pl->isAuthActive($auth_id)) {
380 $modes[$pl->getAuthName($auth_id)] = $auth_id;
381 }
382 }
383 }
384 // end-path auth_plugin
385 return $modes;
386 }
const AUTH_SHIBBOLETH
const AUTH_APACHE
const AUTH_SAML
const AUTH_LOCAL
const AUTH_SCRIPT
const AUTH_CAS
const AUTH_SOAP
static getInstance()
Get singleton instance.
static _getActiveServerList()
Get active server list.
static getInstance()
Get singleton instance.
static getActiveIdpList()
global $ilSetting
Definition: privfeed.php:17
$idp
Definition: prp.php:13

References $DIC, $idp, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilOpenIdConnectSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 388 of file class.ilAuthUtils.php.

389 {
390 $modes = array(
392 AUTH_LDAP,
394 AUTH_SAML,
395 AUTH_CAS,
396 AUTH_SOAP,
398 AUTH_ECS,
402 );
403 $ret = array();
404 foreach ($modes as $mode) {
405 if ($mode == AUTH_PROVIDER_LTI) {
406 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
407 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
408 $id = AUTH_PROVIDER_LTI . '_' . $sid;
410 }
411 continue;
412 }
413
414 // multi ldap implementation
415 if ($mode == AUTH_LDAP) {
416 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
417 $id = AUTH_LDAP . '_' . $ldap_id;
419 }
420 continue;
421 } elseif ($mode == AUTH_SAML) {
422 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
423 foreach (ilSamlIdp::getAllIdps() as $idp) {
424 $id = AUTH_SAML . '_' . $idp->getIdpId();
426 }
427 continue;
428 }
429 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
430 }
431 return $ret;
432 }
static _getAuthModeName($a_auth_key)
static _getServerList()
Get list of all configured servers.
static getAllIdps()
if(!array_key_exists('StateId', $_REQUEST)) $id
$ret
Definition: parser.php:6

References $id, $idp, $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 181 of file class.ilAuthUtils.php.

182 {
183 global $DIC;
184
185 $ilDB = $DIC['ilDB'];
186 $ilSetting = $DIC['ilSetting'];
187
188 $db = &$ilDB;
189
190 if ($a_db_handler != '') {
191 $db = &$a_db_handler;
192 }
193
194 // begin-patch ldap_multiple
195 if (strpos($a_auth_mode, '_') !== false) {
196 $auth_arr = explode('_', $a_auth_mode);
197 $auth_switch = $auth_arr[0];
198 } else {
199 $auth_switch = $a_auth_mode;
200 }
201 switch ($auth_switch) {
202 case "local":
203 return AUTH_LOCAL;
204 break;
205
206 case "ldap":
207 // begin-patch ldap_multiple
208 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
209 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
210 // end-patch ldap_multiple
211
212 case 'lti':
213 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
214 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
215
216 case "radius":
217 return AUTH_RADIUS;
218 break;
219
220 case "script":
221 return AUTH_SCRIPT;
222 break;
223
224 case "shibboleth":
225 return AUTH_SHIBBOLETH;
226 break;
227
228 case 'oidc':
229 return AUTH_OPENID_CONNECT;
230 break;
231
232 case 'saml':
233 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
234 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
235
236 case "cas":
237 return AUTH_CAS;
238 break;
239
240 case "soap":
241 return AUTH_SOAP;
242 break;
243
244 case 'ecs':
245 return AUTH_ECS;
246
247 case 'apache':
248 return AUTH_APACHE;
249
250 default:
251 return $ilSetting->get("auth_mode");
252 break;
253 }
254 }
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
static getKeyByAuthMode($a_auth_mode)

References $DIC, $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by _getAuthModeOfUser(), ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 256 of file class.ilAuthUtils.php.

257 {
258 global $DIC;
259
260 $ilias = $DIC['ilias'];
261
262 // begin-patch ldap_multiple
263 switch ((int) $a_auth_key) {
264 case AUTH_LOCAL:
265 return "local";
266 break;
267
268 case AUTH_LDAP:
269 // begin-patch ldap_multiple
270 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
271 return ilLDAPServer::getAuthModeByKey($a_auth_key);
272 // end-patch ldap_multiple
273
275 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
276 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
277
278 case AUTH_RADIUS:
279 return "radius";
280 break;
281
282 case AUTH_CAS:
283 return "cas";
284 break;
285
286 case AUTH_SCRIPT:
287 return "script";
288 break;
289
290 case AUTH_SHIBBOLETH:
291 return "shibboleth";
292 break;
293
294 case AUTH_SAML:
295 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
296 return ilSamlIdp::getAuthModeByKey($a_auth_key);
297
298 case AUTH_SOAP:
299 return "soap";
300 break;
301
302 case AUTH_ECS:
303 return 'ecs';
304
305 case AUTH_APACHE:
306 return 'apache';
307
309 return "lti";
310 break;
311
313 return 'oidc';
314 break;
315
316 default:
317 return "default";
318 break;
319 }
320 }
static getAuthModeByKey($a_auth_key)
Get auth mode by key.
static getAuthModeByKey($a_auth_key)
get auth mode by key
static getAuthModeByKey($a_auth_key)

References $DIC, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeOfUser()

static ilAuthUtils::_getAuthModeOfUser (   $a_username,
  $a_password,
  $a_db_handler = '' 
)
static

Definition at line 133 of file class.ilAuthUtils.php.

134 {
135 global $DIC;
136
137 $ilDB = $DIC['ilDB'];
138
139 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
141 return AUTH_ECS;
142 }
143 if (isset($_POST['auth_mode'])) {
144 // begin-patch ldap_multiple
145 return $_POST['auth_mode'];
146 // end-patch ldap_multiple
147 }
148
149 include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
151
152 if (!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1) {
153 ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
154 return AUTH_MULTIPLE;
155 }
156
157
158 $db = &$ilDB;
159
160 if ($a_db_handler != '') {
161 $db = &$a_db_handler;
162 }
163
164 // Is it really necessary to check the auth mode with password ?
165 // Changed: smeyer
166 $q = "SELECT auth_mode FROM usr_data WHERE " .
167 "login = " . $ilDB->quote($a_username);
168 //"passwd = ".$ilDB->quote(md5($a_password))."";
169
170
171 $r = $db->query($q);
173 //echo "+".$row->auth_mode."+";
174
175
176 $auth_mode = self::_getAuthMode($row->auth_mode, $db);
177
178 return in_array($auth_mode, self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
179 }
$_GET["client_id"]
$_POST["username"]
const AUTH_MULTIPLE
const AUTH_INACTIVE
static setContext($a_context)
set context
static _getAuthMode($a_auth_mode, $a_db_handler='')
static getLogger($a_component_id)
Get component logger.
$row

References $_GET, $_POST, $DIC, $ilDB, $r, $row, _getAuthMode(), ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, ilAuthFactory\CONTEXT_ECS, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and ilAuthFactory\setContext().

+ Here is the call graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 498 of file class.ilAuthUtils.php.

499 {
500 global $DIC;
501
502 $ilSetting = $DIC['ilSetting'];
503
504 // in the moment only ldap is activated as additional authentication method
505 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
506
507 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
508
509
510 // begin-patch ldap_multiple
511 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
513 $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
514 }
515 // end-patch ldap_multiple
516
517 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
518 $rad_settings = ilRadiusSettings::_getInstance();
519 if ($rad_settings->isActive()) {
520 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
521 }
522
523 if ($ilSetting->get('apache_active')) {
524 global $DIC;
525
526 $lng = $DIC['lng'];
527 $apache_settings = new ilSetting('apache_auth');
528 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
529 $options[AUTH_APACHE]['hide_in_ui'] = true;
530 }
531
532 if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
534 } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
536 } else {
538 }
539
540 $default = $ilSetting->get('default_auth_mode', $default);
541 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
542
543
544 // begin-patch auth_plugin
546 foreach ($pls as $pl) {
547 $auths = $pl->getAuthIds();
548 foreach ($auths as $auth_id) {
549 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
550 if ($pl_auth_option) {
551 $options = $options + $pl_auth_option;
552 }
553 }
554 }
555 // end-patch auth_plugins
556
557 if (array_key_exists($default, $options)) {
558 $options[$default]['checked'] = true;
559 }
560
561 return $options ? $options : array();
562 }
$default
Definition: build.php:20
static getAuthPlugins()
Get active enabled auth plugins.
static getInstanceByServerId($a_server_id)
Get instance by server id.
static _getInstance()
singleton get instance
ILIAS Setting Class.
$server
Definition: sabredav.php:48
$lng

References $default, $DIC, $ilSetting, $lng, PHPMailer\PHPMailer\$options, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 462 of file class.ilAuthUtils.php.

463 {
464 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
465
466 $rad_settings = ilRadiusSettings::_getInstance();
467 if ($rad_settings->isActive()) {
468 return true;
469 }
470 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
471
473 return true;
474 }
475
476 global $DIC;
477
478 $ilSetting = $DIC['ilSetting'];
479
480 if ($ilSetting->get('apache_active')) {
481 return true;
482 }
483
484 // begin-patch auth_plugin
485 foreach (ilAuthUtils::getAuthPlugins() as $pl) {
486 foreach ($pl->getAuthIds() as $auth_id) {
487 if ($pl->getMultipleAuthModeOptions($auth_id)) {
488 return true;
489 }
490 }
491 }
492 // end-patch auth_plugin
493
494
495 return false;
496 }

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 573 of file class.ilAuthUtils.php.

574 {
575 global $DIC;
576
577 $ilSetting = $DIC['ilSetting'];
578
579 if ($ilSetting->get("cas_active")) {
580 return true;
581 }
582 if ($ilSetting->get("soap_auth_active")) {
583 return true;
584 }
585 if ($ilSetting->get("shib_active")) {
586 return true;
587 }
588 if ($ilSetting->get('radius_active')) {
589 return true;
590 }
591 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
593 return true;
594 }
595
596 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
598 return true;
599 }
600
601 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
602 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
603 return true;
604 }
605
606 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
607 return true;
608 }
609
610 // begin-path auth_plugin
611 foreach (self::getAuthPlugins() as $pl) {
612 foreach ($pl->getAuthIds() as $auth_id) {
613 if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
614 return true;
615 }
616 }
617 }
618 // end-path auth_plugin
619
620 return false;
621 }
static getActiveAuthModes()
get all active authmode server ids

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 653 of file class.ilAuthUtils.php.

654 {
655 switch ($a_auth_mode) {
656 case AUTH_LOCAL:
657 case AUTH_APACHE:
658 return false;
659 default:
660 return true;
661 }
662 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key,
  $auth_name = '' 
)
static
Parameters
string$a_auth_key
string$auth_name

Definition at line 835 of file class.ilAuthUtils.php.

836 {
837 global $DIC;
838
839 $lng = $DIC['lng'];
840
841 switch ((int) $a_auth_key) {
842 case AUTH_LDAP:
843 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
844 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
846 return $server->getName();
847
849 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
852
853
854 case AUTH_SAML:
855 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
856 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
858 return $idp->getEntityId();
859
860 default:
861 $lng->loadLanguageModule('auth');
862 if (!empty($auth_name)) {
863 return $lng->txt('auth_' . $auth_name);
864 } else {
865 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
866 }
867 }
868 }
static lookupConsumer($a_sid)
Lookup consumer title.
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
static getInstanceByIdpId($a_idp_id)
static getIdpIdByAuthMode($a_auth_mode)

References $DIC, $idp, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 811 of file class.ilAuthUtils.php.

812 {
813 $pls = $GLOBALS['DIC']['ilPluginAdmin']->getActivePluginsForSlot(
815 'Authentication',
816 'authhk'
817 );
818 $pl_objs = array();
819 foreach ($pls as $pl) {
820 $pl_objs[] = $GLOBALS['DIC']['ilPluginAdmin']->getPluginObject(
822 'Authentication',
823 'authhk',
824 $pl
825 );
826 }
827 return $pl_objs;
828 }
const IL_COMP_SERVICE
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 93 of file class.ilAuthUtils.php.

94 {
95 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
96 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
97 $credentials = new ilAuthFrontendCredentials();
98 $credentials->setUsername($_GET['ecs_login']);
99 $credentials->setAuthMode(AUTH_ECS);
100
101 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
102 $provider_factory = new ilAuthProviderFactory();
103 $providers = $provider_factory->getProviders($credentials);
104
105 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
106 $status = ilAuthStatus::getInstance();
107
108 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
109 $frontend_factory = new ilAuthFrontendFactory();
110 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
111 $frontend = $frontend_factory->getFrontend(
112 $GLOBALS['DIC']['ilAuthSession'],
113 $status,
114 $credentials,
115 $providers
116 );
117
118 $frontend->authenticate();
119
120 switch ($status->getStatus()) {
122 return;
123
126 return;
127 }
128 }
129 }
Factory for auth frontend classes.
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static goToPublicSection()
go to public section

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initSession()

static ilAuthUtils::initSession ( )
static

Initialize session.

Definition at line 78 of file class.ilAuthUtils.php.

79 {
80 }

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 85 of file class.ilAuthUtils.php.

86 {
87 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
88 return true;
89 }
90 return false;
91 }

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 686 of file class.ilAuthUtils.php.

687 {
688 global $DIC;
689
690 $ilSetting = $DIC->settings();
691
692 switch ((int) $a_authmode) {
693 // always enabled
694 case AUTH_LOCAL:
695 case AUTH_APACHE:
696 return true;
697
698 // No local passwords for these auth modes
699 case AUTH_LDAP:
700 case AUTH_RADIUS:
701 case AUTH_ECS:
702 case AUTH_SCRIPT:
705 return false;
706
707 case AUTH_SAML:
708 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
710 return $idp->isActive() && $idp->allowLocalAuthentication();
711
712 case AUTH_SHIBBOLETH:
713 return $ilSetting->get("shib_auth_allow_local");
714 case AUTH_SOAP:
715 return $ilSetting->get("soap_auth_allow_local");
716 case AUTH_CAS:
717 return $ilSetting->get("cas_allow_local");
718
719 }
720 return false;
721 }

References $DIC, $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

+ Here is the call graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 730 of file class.ilAuthUtils.php.

731 {
732 global $DIC;
733
734 $ilSetting = $DIC['ilSetting'];
735
736 if (self::isPasswordModificationHidden()) {
737 return false;
738 }
739
740 // begin-patch ldap_multiple
741 // cast to int
742 switch ((int) $a_authmode) {
743 // No local passwords for these auth modes
744 case AUTH_LDAP:
745 case AUTH_RADIUS:
746 case AUTH_ECS:
747 case AUTH_SCRIPT:
750 return false;
751
752 case AUTH_SAML:
753 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
755 return $idp->isActive() && $idp->allowLocalAuthentication();
756
757 // Always for and local
758 case AUTH_LOCAL:
759 case AUTH_APACHE:
760 return true;
761
762 // Read setting:
763 case AUTH_SHIBBOLETH:
764 return $ilSetting->get("shib_auth_allow_local");
765 case AUTH_SOAP:
766 return $ilSetting->get("soap_auth_allow_local");
767 case AUTH_CAS:
768 return $ilSetting->get("cas_allow_local");
769 }
770 }

References $DIC, $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 777 of file class.ilAuthUtils.php.

778 {
779 // begin-patch ldap_multiple
780 // cast to int
781 switch ((int) $a_authmode) {
782 case AUTH_LDAP:
783 case AUTH_LOCAL:
784 case AUTH_RADIUS:
786
787 case AUTH_SHIBBOLETH:
789 case AUTH_SAML:
790 case AUTH_SOAP:
791 case AUTH_CAS:
794 }
796
798 case AUTH_ECS:
799 case AUTH_SCRIPT:
800 case AUTH_APACHE:
801 default:
803 }
804 }
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 71 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

The documentation for this class was generated from the following file: