ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

Collaboration diagram for ilAuthUtils:

Static Public Member Functions
static	initSession ()
	Initialize session. More...
static	isAuthenticationForced ()
	Check if authentication is should be forced. More...
static	handleForcedAuthentication ()
static	_getAuthModeOfUser ($a_username, $a_password, $a_db_handler='')
static	_getAuthMode ($a_auth_mode, $a_db_handler='')
static	_getAuthModeName ($a_auth_key)
static	_getActiveAuthModes ()
static	_getAllAuthModes ()
static	_generateLogin ($a_login)
	generate free login by starting with a default string and adding postfix numbers More...
static	_hasMultipleAuthenticationMethods ()
static	_getMultipleAuthModeOptions ($lng)
static	_isExternalAccountEnabled ()
	Check if an external account name is required. More...
static	_allowPasswordModificationByAuthMode ($a_auth_mode)
	Allow password modification. More...
static	_needsExternalAccountByAuthMode ($a_auth_mode)
	Check if chosen auth mode needs an external account entry. More...
static	isLocalPasswordEnabledForAuthMode ($a_authmode)
	Check if local password validation is enabled for a specific auth_mode. More...
static	isPasswordModificationEnabled ($a_authmode)
	Check if password modification is enabled. More...
static	supportsLocalPasswordValidation ($a_authmode)
	Check if local password validation is supported. More...
static	getAuthPlugins ()
	Get active enabled auth plugins. More...
static	getAuthModeTranslation ($a_auth_key, $auth_name='')

Data Fields
const	LOCAL_PWV_FULL = 1
const	LOCAL_PWV_NO = 2
const	LOCAL_PWV_USER = 3

Detailed Description

static utility functions used to manage authentication modes

Author

Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Version

$Id$

Definition at line 68 of file class.ilAuthUtils.php.

Member Function Documentation

_allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode )

static

Allow password modification.

public

Parameters

int

auth_mode

Definition at line 631 of file class.ilAuthUtils.php.

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

    {
        switch ((int) $a_auth_mode) {
            case AUTH_LDAP:
            case AUTH_RADIUS:
            case AUTH_ECS:
            case AUTH_PROVIDER_LTI:
            case AUTH_OPENID_CONNECT:
                return false;
            default:
                return true;
        }
    }

Here is the caller graph for this function:

_generateLogin()

static ilAuthUtils::_generateLogin (   $a_login )

static

generate free login by starting with a default string and adding postfix numbers

Definition at line 438 of file class.ilAuthUtils.php.

References $DIC, $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderLTI\createUser(), ilAuthProviderECS\createUser(), ilAuthContainerECS\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilCASAuth\login(), ilAuthContainerCAS\loginObserver(), ilAuthContainerSOAP\loginObserver(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

    {
        global $DIC;

        $ilDB = $DIC['ilDB'];
        
        // Check if username already exists
        $found = false;
        $postfix = 0;
        $c_login = $a_login;
        while (!$found) {
            $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
                $ilDB->quote($c_login));
            if ($r->numRows() > 0) {
                $postfix++;
                $c_login = $a_login . $postfix;
            } else {
                $found = true;
            }
        }
        
        return $c_login;
    }

Here is the caller graph for this function:

_getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )

static

Definition at line 322 of file class.ilAuthUtils.php.

References $DIC, $idp, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilECSServerSettings\getInstance(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), ilObjUserGUI\getValues(), and ilUserTableGUI\initFilter().

    {
        global $DIC;

        $ilias = $DIC['ilias'];
        $ilSetting = $DIC['ilSetting'];
        
        $modes = array(
                        'default' => $ilSetting->get("auth_mode"),
                        'local' => AUTH_LOCAL
                        );
        include_once('Services/LDAP/classes/class.ilLDAPServer.php');
        foreach (ilLDAPServer::_getActiveServerList() as $sid) {
            $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
        }
        
        include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
        foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
            $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
        }

        if (ilOpenIdConnectSettings::getInstance()->getActive()) {
            $modes['oidc'] = AUTH_OPENID_CONNECT;
        }

        if ($ilSetting->get("radius_active")) {
            $modes['radius'] = AUTH_RADIUS;
        }
        if ($ilSetting->get("shib_active")) {
            $modes['shibboleth'] = AUTH_SHIBBOLETH;
        }
        if ($ilSetting->get("script_active")) {
            $modes['script'] = AUTH_SCRIPT;
        }
        if ($ilSetting->get("cas_active")) {
            $modes['cas'] = AUTH_CAS;
        }
        if ($ilSetting->get("soap_auth_active")) {
            $modes['soap'] = AUTH_SOAP;
        }
        if ($ilSetting->get("apache_active")) {
            $modes['apache'] = AUTH_APACHE;
        }
                
        include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
        if (ilECSServerSettings::getInstance()->activeServerExists()) {
            $modes['ecs'] = AUTH_ECS;
        }

        require_once 'Services/Saml/classes/class.ilSamlIdp.php';
        foreach (ilSamlIdp::getActiveIdpList() as $idp) {
            $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
        }

        // begin-path auth_plugin
        foreach (self::getAuthPlugins() as $pl) {
            foreach ($pl->getAuthIds() as $auth_id) {
                if ($pl->isAuthActive($auth_id)) {
                    $modes[$pl->getAuthName($auth_id)] = $auth_id;
                }
            }
        }
        // end-path auth_plugin
        return $modes;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )

static

Definition at line 388 of file class.ilAuthUtils.php.

References $id, $idp, $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

    {
        $modes = array(
            AUTH_LOCAL,
            AUTH_LDAP,
            AUTH_SHIBBOLETH,
            AUTH_SAML,
            AUTH_CAS,
            AUTH_SOAP,
            AUTH_RADIUS,
            AUTH_ECS,
            AUTH_PROVIDER_LTI,
            AUTH_OPENID_CONNECT,
            AUTH_APACHE
        );
        $ret = array();
        foreach ($modes as $mode) {
            if ($mode == AUTH_PROVIDER_LTI) {
                include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
                    $id = AUTH_PROVIDER_LTI . '_' . $sid;
                    $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                }
                continue;
            }

            // multi ldap implementation
            if ($mode == AUTH_LDAP) {
                foreach (ilLDAPServer::_getServerList() as $ldap_id) {
                    $id = AUTH_LDAP . '_' . $ldap_id;
                    $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                }
                continue;
            } elseif ($mode == AUTH_SAML) {
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                foreach (ilSamlIdp::getAllIdps() as $idp) {
                    $id = AUTH_SAML . '_' . $idp->getIdpId();
                    $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                }
                continue;
            }
            $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
        }
        return $ret;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,   $a_db_handler = ''  )

static

Definition at line 181 of file class.ilAuthUtils.php.

References $DIC, $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilLDAPServer\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

    {
        global $DIC;

        $ilDB = $DIC['ilDB'];
        $ilSetting = $DIC['ilSetting'];

        $db = &$ilDB;
        
        if ($a_db_handler != '') {
            $db = &$a_db_handler;
        }

        // begin-patch ldap_multiple
        if (strpos($a_auth_mode, '_') !== false) {
            $auth_arr = explode('_', $a_auth_mode);
            $auth_switch = $auth_arr[0];
        } else {
            $auth_switch = $a_auth_mode;
        }
        switch ($auth_switch) {
            case "local":
                return AUTH_LOCAL;
                break;
                
            case "ldap":
                // begin-patch ldap_multiple
                include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
                // end-patch ldap_multiple
                
            case 'lti':
                include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
                
            case "radius":
                return AUTH_RADIUS;
                break;
                
            case "script":
                return AUTH_SCRIPT;
                break;
                
            case "shibboleth":
                return AUTH_SHIBBOLETH;
                break;

            case 'oidc':
                return AUTH_OPENID_CONNECT;
                break;

            case 'saml':
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                return ilSamlIdp::getKeyByAuthMode($a_auth_mode);

            case "cas":
                return AUTH_CAS;
                break;

            case "soap":
                return AUTH_SOAP;
                break;
                
            case 'ecs':
                return AUTH_ECS;

            case 'apache':
                return AUTH_APACHE;

            default:
                return $ilSetting->get("auth_mode");
                break;
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key )

static

Definition at line 256 of file class.ilAuthUtils.php.

References $DIC, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilLDAPServer\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilObjUserGUI\getValues(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

    {
        global $DIC;

        $ilias = $DIC['ilias'];

        // begin-patch ldap_multiple
        switch ((int) $a_auth_key) {
            case AUTH_LOCAL:
                return "local";
                break;
                
            case AUTH_LDAP:
                // begin-patch ldap_multiple
                include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                return ilLDAPServer::getAuthModeByKey($a_auth_key);
                // end-patch ldap_multiple
                
            case AUTH_PROVIDER_LTI:
                include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
                
            case AUTH_RADIUS:
                return "radius";
                break;

            case AUTH_CAS:
                return "cas";
                break;

            case AUTH_SCRIPT:
                return "script";
                break;
                
            case AUTH_SHIBBOLETH:
                return "shibboleth";
                break;

            case AUTH_SAML:
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                return ilSamlIdp::getAuthModeByKey($a_auth_key);

            case AUTH_SOAP:
                return "soap";
                break;
                
            case AUTH_ECS:
                return 'ecs';

            case AUTH_APACHE:
                return 'apache';

            case AUTH_PROVIDER_LTI:
                return "lti";
                break;

            case AUTH_OPENID_CONNECT:
                return 'oidc';
                break;

            default:
                return "default";
                break;
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_getAuthModeOfUser()

static ilAuthUtils::_getAuthModeOfUser (   $a_username,   $a_password,   $a_db_handler = ''  )

static

Definition at line 133 of file class.ilAuthUtils.php.

References $_GET, $_POST, $DIC, $ilDB, $r, $row, ilAuthModeDetermination\_getInstance(), AUTH_ECS, AUTH_INACTIVE, AUTH_MULTIPLE, ilAuthFactory\CONTEXT_ECS, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and ilAuthFactory\setContext().

    {
        global $DIC;

        $ilDB = $DIC['ilDB'];
        
        if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
            ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
            return AUTH_ECS;
        }
        if (isset($_POST['auth_mode'])) {
            // begin-patch ldap_multiple
            return $_POST['auth_mode'];
            // end-patch ldap_multiple
        }

        include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
        $det = ilAuthModeDetermination::_getInstance();
        
        if (!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1) {
            ilLoggerFactory::getLogger('auth')->debug('Using AUTH_MULTIPLE');
            return AUTH_MULTIPLE;
        }


        $db = &$ilDB;
        
        if ($a_db_handler != '') {
            $db = &$a_db_handler;
        }
        
        // Is it really necessary to check the auth mode with password ?
        // Changed: smeyer
        $q = "SELECT auth_mode FROM usr_data WHERE " .
             "login = " . $ilDB->quote($a_username);
        //"passwd = ".$ilDB->quote(md5($a_password))."";
                             
             
        $r = $db->query($q);
        $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
        //echo "+".$row->auth_mode."+";

        
        $auth_mode = self::_getAuthMode($row->auth_mode, $db);
        
        return in_array($auth_mode, self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
    }

Here is the call graph for this function:

_getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng )

static

Definition at line 498 of file class.ilAuthUtils.php.

References $default, $DIC, $ilSetting, $lng, PHPMailer\PHPMailer\$options, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

    {
        global $DIC;

        $ilSetting = $DIC['ilSetting'];
        
        // in the moment only ldap is activated as additional authentication method
        include_once('Services/LDAP/classes/class.ilLDAPServer.php');
        
        $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');

        
        // begin-patch ldap_multiple
        foreach (ilLDAPServer::_getActiveServerList() as $sid) {
            $server = ilLDAPServer::getInstanceByServerId($sid);
            $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
        }
        // end-patch ldap_multiple
        
        include_once('Services/Radius/classes/class.ilRadiusSettings.php');
        $rad_settings = ilRadiusSettings::_getInstance();
        if ($rad_settings->isActive()) {
            $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
        }

        if ($ilSetting->get('apache_active')) {
            global $DIC;

            $lng = $DIC['lng'];
            $apache_settings = new ilSetting('apache_auth');
            $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
            $options[AUTH_APACHE]['hide_in_ui'] = true;
        }

        if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
            $default = AUTH_LDAP;
        } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
            $default = AUTH_RADIUS;
        } else {
            $default = AUTH_LOCAL;
        }
        
        $default = $ilSetting->get('default_auth_mode', $default);
        $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
        
        
        // begin-patch auth_plugin
        $pls = ilAuthUtils::getAuthPlugins();
        foreach ($pls as $pl) {
            $auths = $pl->getAuthIds();
            foreach ($auths as $auth_id) {
                $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
                if ($pl_auth_option) {
                    $options = $options + $pl_auth_option;
                }
            }
        }
        // end-patch auth_plugins

        if (array_key_exists($default, $options)) {
            $options[$default]['checked'] = true;
        }

        return $options ? $options : array();
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )

static

Definition at line 462 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

    {
        include_once('Services/Radius/classes/class.ilRadiusSettings.php');
        
        $rad_settings = ilRadiusSettings::_getInstance();
        if ($rad_settings->isActive()) {
            return true;
        }
        include_once('Services/LDAP/classes/class.ilLDAPServer.php');

        if (count(ilLDAPServer::_getActiveServerList())) {
            return true;
        }

        global $DIC;

        $ilSetting = $DIC['ilSetting'];

        if ($ilSetting->get('apache_active')) {
            return true;
        }
        
        // begin-patch auth_plugin
        foreach (ilAuthUtils::getAuthPlugins() as $pl) {
            foreach ($pl->getAuthIds() as $auth_id) {
                if ($pl->getMultipleAuthModeOptions($auth_id)) {
                    return true;
                }
            }
        }
        // end-patch auth_plugin
        
        
        return false;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )

static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

public

Parameters

Definition at line 573 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\getValues(), and ilObjUserGUI\saveObject().

    {
        global $DIC;

        $ilSetting = $DIC['ilSetting'];
        
        if ($ilSetting->get("cas_active")) {
            return true;
        }
        if ($ilSetting->get("soap_auth_active")) {
            return true;
        }
        if ($ilSetting->get("shib_active")) {
            return true;
        }
        if ($ilSetting->get('radius_active')) {
            return true;
        }
        include_once('Services/LDAP/classes/class.ilLDAPServer.php');
        if (count(ilLDAPServer::_getActiveServerList())) {
            return true;
        }
        
        include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
        if (count(ilAuthProviderLTI::getActiveAuthModes())) {
            return true;
        }
        
        require_once 'Services/Saml/classes/class.ilSamlIdp.php';
        if (count(ilSamlIdp::getActiveIdpList()) > 0) {
            return true;
        }

        if (ilOpenIdConnectSettings::getInstance()->getActive()) {
            return true;
        }

        // begin-path auth_plugin
        foreach (self::getAuthPlugins() as $pl) {
            foreach ($pl->getAuthIds() as $auth_id) {
                if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
                    return true;
                }
            }
        }
        // end-path auth_plugin
        
        return false;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

_needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode )

static

Check if chosen auth mode needs an external account entry.

public

Parameters

int

auth_mode

Definition at line 653 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

    {
        switch ($a_auth_mode) {
            case AUTH_LOCAL:
            case AUTH_APACHE:
                return false;
            default:
                return true;
        }
    }

Here is the caller graph for this function:

getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key,   $auth_name = ''  )

static

Parameters

string	$a_auth_key
string	$auth_name

Definition at line 835 of file class.ilAuthUtils.php.

References $DIC, $idp, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), ilObjUserGUI\getValues(), and ilUserTableGUI\initFilter().

    {
        global $DIC;

        $lng = $DIC['lng'];
        
        switch ((int) $a_auth_key) {
            case AUTH_LDAP:
                include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
                $server = ilLDAPServer::getInstanceByServerId($sid);
                return $server->getName();
                
            case AUTH_PROVIDER_LTI:
                include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
                return ilAuthProviderLTI::lookupConsumer($sid);
                

            case AUTH_SAML:
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
                $idp = ilSamlIdp::getInstanceByIdpId($idp_id);
                return $idp->getEntityId();

            default:
                $lng->loadLanguageModule('auth');
                if (!empty($auth_name)) {
                    return $lng->txt('auth_' . $auth_name);
                } else {
                    return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
                }
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )

static

Get active enabled auth plugins.

Returns

ilAuthDefinition

Definition at line 811 of file class.ilAuthUtils.php.

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

    {
        $pls = $GLOBALS['DIC']['ilPluginAdmin']->getActivePluginsForSlot(
            IL_COMP_SERVICE,
            'Authentication',
            'authhk'
        );
        $pl_objs = array();
        foreach ($pls as $pl) {
            $pl_objs[] = $GLOBALS['DIC']['ilPluginAdmin']->getPluginObject(
                IL_COMP_SERVICE,
                'Authentication',
                'authhk',
                $pl
            );
        }
        return $pl_objs;
    }

Here is the caller graph for this function:

handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )

static

Definition at line 93 of file class.ilAuthUtils.php.

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

    {
        if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
            include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
            $credentials = new ilAuthFrontendCredentials();
            $credentials->setUsername($_GET['ecs_login']);
            $credentials->setAuthMode(AUTH_ECS);
            
            include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
            $provider_factory = new ilAuthProviderFactory();
            $providers = $provider_factory->getProviders($credentials);
            
            include_once './Services/Authentication/classes/class.ilAuthStatus.php';
            $status = ilAuthStatus::getInstance();
            
            include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
            $frontend_factory = new ilAuthFrontendFactory();
            $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
            $frontend = $frontend_factory->getFrontend(
                $GLOBALS['DIC']['ilAuthSession'],
                $status,
                $credentials,
                $providers
            );
            
            $frontend->authenticate();
            
            switch ($status->getStatus()) {
                case ilAuthStatus::STATUS_AUTHENTICATED:
                    return;
                    
                case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
                    ilInitialisation::goToPublicSection();
                    return;
            }
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

initSession()

static ilAuthUtils::initSession ( )

static

Initialize session.

Definition at line 78 of file class.ilAuthUtils.php.

    {
    }

isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )

static

Check if authentication is should be forced.

Definition at line 85 of file class.ilAuthUtils.php.

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

    {
        if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
            return true;
        }
        return false;
    }

Here is the caller graph for this function:

isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode )

static

Check if local password validation is enabled for a specific auth_mode.

Parameters

int

$a_authmode

Returns

bool

Definition at line 686 of file class.ilAuthUtils.php.

References $DIC, $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

    {
        global $DIC;

        $ilSetting = $DIC->settings();

        switch ((int) $a_authmode) {
            // always enabled
            case AUTH_LOCAL:
            case AUTH_APACHE:
                return true;

            // No local passwords for these auth modes
            case AUTH_LDAP:
            case AUTH_RADIUS:
            case AUTH_ECS:
            case AUTH_SCRIPT:
            case AUTH_PROVIDER_LTI:
            case AUTH_OPENID_CONNECT:
                return false;

            case AUTH_SAML:
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
                return $idp->isActive() && $idp->allowLocalAuthentication();

            case AUTH_SHIBBOLETH:
                return $ilSetting->get("shib_auth_allow_local");
            case AUTH_SOAP:
                return $ilSetting->get("soap_auth_allow_local");
            case AUTH_CAS:
                return $ilSetting->get("cas_allow_local");

        }
        return false;
    }

Here is the call graph for this function:

isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode )

static

Check if password modification is enabled.

Parameters

int

$a_authmode

Returns

bool

Definition at line 730 of file class.ilAuthUtils.php.

References $DIC, $idp, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

    {
        global $DIC;

        $ilSetting = $DIC['ilSetting'];

        if (self::isPasswordModificationHidden()) {
            return false;
        }
        
        // begin-patch ldap_multiple
        // cast to int
        switch ((int) $a_authmode) {
            // No local passwords for these auth modes
            case AUTH_LDAP:
            case AUTH_RADIUS:
            case AUTH_ECS:
            case AUTH_SCRIPT:
            case AUTH_PROVIDER_LTI:
            case AUTH_OPENID_CONNECT:
                return false;

            case AUTH_SAML:
                require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
                return $idp->isActive() && $idp->allowLocalAuthentication();
            
            // Always for and local
            case AUTH_LOCAL:
            case AUTH_APACHE:
                return true;

            // Read setting:
            case AUTH_SHIBBOLETH:
                return $ilSetting->get("shib_auth_allow_local");
            case AUTH_SOAP:
                return $ilSetting->get("soap_auth_allow_local");
            case AUTH_CAS:
                return $ilSetting->get("cas_allow_local");
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode )

static

Check if local password validation is supported.

Parameters

object

$a_authmode

Returns

Definition at line 777 of file class.ilAuthUtils.php.

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired().

    {
        // begin-patch ldap_multiple
        // cast to int
        switch ((int) $a_authmode) {
            case AUTH_LDAP:
            case AUTH_LOCAL:
            case AUTH_RADIUS:
                return ilAuthUtils::LOCAL_PWV_FULL;
            
            case AUTH_SHIBBOLETH:
            case AUTH_OPENID_CONNECT:
            case AUTH_SAML:
            case AUTH_SOAP:
            case AUTH_CAS:
                if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
                    return ilAuthUtils::LOCAL_PWV_NO;
                }
                return ilAuthUtils::LOCAL_PWV_USER;
                
            case AUTH_PROVIDER_LTI:
            case AUTH_ECS:
            case AUTH_SCRIPT:
            case AUTH_APACHE:
            default:
                return ilAuthUtils::LOCAL_PWV_USER;
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 71 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 72 of file class.ilAuthUtils.php.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

---

The documentation for this class was generated from the following file:

• Services/Authentication/classes/class.ilAuthUtils.php