ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ilAuthContainerCAS Class Reference

@classDescription CAS authentication More...

+ Inheritance diagram for ilAuthContainerCAS:
+ Collaboration diagram for ilAuthContainerCAS:

Public Member Functions

 __construct ()
 
 forceAuthentication ($username, $status, $auth)
 Force CAS authentication. More...
 
 loginObserver ($a_username, $a_auth)
 
 fetchData ($a_username, $a_password, $isChallengeResponse=false)
 

Protected Member Functions

 handleLDAPDataSource ($a_auth, $ext_account)
 Handle ldap as data source. More...
 
 initCAS ()
 

Protected Attributes

 $server_version = null
 
 $server_hostname = null
 
 $server_port = null
 
 $server_uri = null
 

Detailed Description

@classDescription CAS authentication

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 14 of file class.ilAuthContainerCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerCAS::__construct ( )

Definition at line 24 of file class.ilAuthContainerCAS.php.

25 {
26 parent::__construct();
27 $this->initCAS();
28 }

References initCAS().

+ Here is the call graph for this function:

Member Function Documentation

◆ fetchData()

ilAuthContainerCAS::fetchData (   $a_username,
  $a_password,
  $isChallengeResponse = false 
)
Returns
bool
Parameters
string$a_username
string$a_password
bool$isChallengeResponse,[optional]

Definition at line 194 of file class.ilAuthContainerCAS.php.

195 {
196 global $PHPCAS_CLIENT,$ilLog;
197
198 $ilLog->write(__METHOD__ . ': Fetch Data called');
199 return $PHPCAS_CLIENT->isAuthenticated();
200 }

References $ilLog.

◆ forceAuthentication()

ilAuthContainerCAS::forceAuthentication (   $username,
  $status,
  $auth 
)

Force CAS authentication.

Returns
Parameters
object$username
object$status
object$auth

Definition at line 37 of file class.ilAuthContainerCAS.php.

38 {
39 global $PHPCAS_CLIENT,$ilLog;
40
41 if (!$PHPCAS_CLIENT->isAuthenticated()) {
42 $PHPCAS_CLIENT->forceAuthentication();
43 }
44 }

References $ilLog.

◆ handleLDAPDataSource()

ilAuthContainerCAS::handleLDAPDataSource (   $a_auth,
  $ext_account 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 146 of file class.ilAuthContainerCAS.php.

147 {
148 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
151 );
152
153 $GLOBALS['ilLog']->write(__METHOD__ . ' Using ldap data source for user: ' . $ext_account);
154
155 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
156 $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
157 $sync->setExternalAccount($ext_account);
158 $sync->setUserData(array());
159 #$sync->forceCreation($this->force_creation);
160 // TODO: Check this
161 $sync->forceCreation(true);
162
163 try {
164 $internal_account = $sync->sync();
165 } catch (UnexpectedValueException $e) {
166 $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
167 $a_auth->status = AUTH_WRONG_LOGIN;
168 $a_auth->logout();
169 return false;
171 // No syncronisation allowed => create Error
172 $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
173 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
174 $a_auth->logout();
175 return false;
177 $GLOBALS['ilLog']->write(__METHOD__ . ': Starting account migration.');
178 $a_auth->logout();
179 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
180 }
181 $a_auth->setAuth($internal_account);
182 return true;
183 }
const AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS
Description of ilLDAPAccountMigrationRequiredException.
static getDataSource($a_auth_mode)
static getInstanceByServerId($a_server_id)
Get instance by server id.
Synchronization of user accounts used in auth container ldap, radius , cas,...
static redirect($a_script)
$sync
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
$server
Definition: sabredav.php:48

References $GLOBALS, $server, $sync, AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), and ilUtil\redirect().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initCAS()

ilAuthContainerCAS::initCAS ( )
protected

Definition at line 202 of file class.ilAuthContainerCAS.php.

203 {
204 global $ilSetting;
205
206 include_once("./Services/CAS/lib/CAS.php");
207
208 $this->server_version = CAS_VERSION_2_0;
209 $this->server_hostname = $ilSetting->get('cas_server');
210 $this->server_port = (int) $ilSetting->get('cas_port');
211 $this->server_uri = (string) $ilSetting->get('cas_uri');
212
215 $this->server_version,
216 $this->server_hostname,
217 $this->server_port,
218 $this->server_uri
219 );
221 }
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1663
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:462
static client( $server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:345
const CAS_VERSION_2_0
Definition: CAS.php:78
global $ilSetting
Definition: privfeed.php:17

References $ilSetting, CAS_VERSION_2_0, phpCAS\client(), phpCAS\setDebug(), and phpCAS\setNoCasServerValidation().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthContainerCAS::loginObserver (   $a_username,
  $a_auth 
)
See also
ilAuthContainerBase::loginObserver()

Definition at line 49 of file class.ilAuthContainerCAS.php.

50 {
51 global $ilias, $rbacadmin, $ilSetting,$ilLog,$PHPCAS_CLIENT;
52
53 $ilLog->write(__METHOD__ . ': Successful CAS login.');
54
55 // Radius with ldap as data source
56 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
58 return $this->handleLDAPDataSource($a_auth, $a_username);
59 }
60
61 include_once("./Services/CAS/lib/CAS.php");
62 if ($PHPCAS_CLIENT->getUser() != "") {
63 $username = $PHPCAS_CLIENT->getUser();
64 $ilLog->write(__METHOD__ . ': Username: ' . $username);
65
66 // Authorize this user
67 include_once('./Services/User/classes/class.ilObjUser.php');
68 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
69
70 if ($local_user != "") {
71 $a_auth->setAuth($local_user);
72 } else {
73 if (!$ilSetting->get("cas_create_users")) {
74 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
75 $a_auth->logout();
76 return false;
77 }
78
79 $userObj = new ilObjUser();
80
81 $local_user = ilAuthUtils::_generateLogin($username);
82
83 $newUser["firstname"] = $local_user;
84 $newUser["lastname"] = "";
85
86 $newUser["login"] = $local_user;
87
88 // set "plain md5" password (= no valid password)
89 $newUser["passwd"] = "";
90 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
91
92 //$newUser["gender"] = "m";
93 $newUser["auth_mode"] = "cas";
94 $newUser["ext_account"] = $username;
95 $newUser["profile_incomplete"] = 1;
96
97 // system data
98 $userObj->assignData($newUser);
99 $userObj->setTitle($userObj->getFullname());
100 $userObj->setDescription($userObj->getEmail());
101
102 // set user language to system language
103 $userObj->setLanguage($ilSetting->get("language"));
104
105 // Time limit
106 $userObj->setTimeLimitOwner(7);
107 $userObj->setTimeLimitUnlimited(1);
108 $userObj->setTimeLimitFrom(time());
109 $userObj->setTimeLimitUntil(time());
110
111 // Create user in DB
112 $userObj->setOwner(0);
113 $userObj->create();
114 $userObj->setActive(1);
115
116 $userObj->updateOwner();
117
118 //insert user data in table user_data
119 $userObj->saveAsNew();
120
121 // setup user preferences
122 $userObj->writePrefs();
123
124 // to do: test this
125 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
126 unset($userObj);
127
128 $a_auth->setAuth($local_user);
129 return true;
130 }
131 } else {
132 $ilLog->write(__METHOD__ . ': Login failed.');
133
134 // This should never occur unless CAS is not configured properly
135 $a_auth->status = AUTH_WRONG_LOGIN;
136 return false;
137 }
138 return false;
139 }
const IL_PASSWD_CRYPTED
handleLDAPDataSource($a_auth, $ext_account)
Handle ldap as data source.
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user

References $ilLog, $ilSetting, ilObjUser\_checkExternalAuthAccount(), ilAuthUtils\_generateLogin(), AUTH_CAS, AUTH_CAS_NO_ILIAS_USER, handleLDAPDataSource(), IL_PASSWD_CRYPTED, and ilLDAPServer\isDataSourceActive().

+ Here is the call graph for this function:

Field Documentation

◆ $server_hostname

ilAuthContainerCAS::$server_hostname = null
protected

Definition at line 17 of file class.ilAuthContainerCAS.php.

◆ $server_port

ilAuthContainerCAS::$server_port = null
protected

Definition at line 18 of file class.ilAuthContainerCAS.php.

◆ $server_uri

ilAuthContainerCAS::$server_uri = null
protected

Definition at line 19 of file class.ilAuthContainerCAS.php.

◆ $server_version

ilAuthContainerCAS::$server_version = null
protected

Definition at line 16 of file class.ilAuthContainerCAS.php.


The documentation for this class was generated from the following file: