ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ilAuthProviderOpenIdConnect Class Reference

Class ilAuthProviderOpenIdConnect. More...

+ Inheritance diagram for ilAuthProviderOpenIdConnect:
+ Collaboration diagram for ilAuthProviderOpenIdConnect:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 ilAuthProviderOpenIdConnect constructor. More...
 
 handleLogout ()
 Handle logout event. More...
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Private Member Functions

 handleUpdate (ilAuthStatus $status, $user_info)
 
 initClient ()
 

Private Attributes

 $settings = null
 

Additional Inherited Members

- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderOpenIdConnect::__construct ( ilAuthCredentials  $credentials)

ilAuthProviderOpenIdConnect constructor.

Parameters
ilAuthCredentials$credentials

Reimplemented from ilAuthProvider.

Definition at line 25 of file class.ilAuthProviderOpenIdConnect.php.

26 {
27 parent::__construct($credentials);
29 }
static getInstance()
Get singleton instance.
settings()
Definition: settings.php:2

References ilAuthProvider\$credentials, ilOpenIdConnectSettings\getInstance(), and settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderOpenIdConnect::doAuthentication ( \ilAuthStatus  $status)

Do authentication.

Parameters
\ilAuthStatus$statusAuthentication status
Returns
bool

Implements ilAuthProviderInterface.

Definition at line 58 of file class.ilAuthProviderOpenIdConnect.php.

59 {
60 try {
61 $oidc = $this->initClient();
62 $oidc->setRedirectURL(ILIAS_HTTP_PATH . '/openidconnect.php');
63
64 $this->getLogger()->debug(
65 'Redirect url is: ' .
66 $oidc->getRedirectURL()
67 );
68
69 $oidc->setResponseTypes(
70 [
71 'id_token'
72 ]
73 );
74 $oidc->addScope(
75 [
76 'openid',
77 'profile',
78 'email',
79 'roles'
80 ]
81 );
82
83
84 $oidc->addAuthParam(['response_mode' => 'form_post']);
85 switch ($this->settings->getLoginPromptType()) {
87 $oidc->addAuthParam(['prompt' => 'login']);
88 break;
89 }
90 $oidc->setAllowImplicitFlow(true);
91
92 $oidc->authenticate();
93 // user is authenticated, otherwise redirected to authorization endpoint or exception
94 $this->getLogger()->dump($_REQUEST, \ilLogLevel::DEBUG);
95
96 $claims = $oidc->getVerifiedClaims(null);
97 $this->getLogger()->dump($claims, \ilLogLevel::DEBUG);
98 $status = $this->handleUpdate($status, $claims);
99
100 // @todo : provide a general solution for all authentication methods
101 $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
102
103 if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
104 $token = $oidc->requestClientCredentialsToken();
105 ilSession::set('oidc_auth_token', $token->access_token);
106 }
107 return true;
108 } catch (Exception $e) {
109 $this->getLogger()->warning($e->getMessage());
110 $this->getLogger()->warning($e->getCode());
112 $status->setTranslatedReason($e->getMessage());
113 return false;
114 }
115 }
$_GET["client_id"]
handleUpdate(ilAuthStatus $status, $user_info)
getLogger()
Get logger.
const STATUS_AUTHENTICATION_FAILED
static set($a_var, $a_val)
Set a value.

References $_GET, $oidc, ilAuthProvider\$status, PHPMailer\PHPMailer\$token, ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), handleUpdate(), initClient(), ilOpenIdConnectSettings\LOGIN_ENFORCE, ilOpenIdConnectSettings\LOGOUT_SCOPE_GLOBAL, ilSession\set(), settings(), and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ handleLogout()

ilAuthProviderOpenIdConnect::handleLogout ( )

Handle logout event.

Definition at line 34 of file class.ilAuthProviderOpenIdConnect.php.

35 {
36 if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL) {
37 return false;
38 }
39
40 $auth_token = ilSession::get('oidc_auth_token');
41 $this->getLogger()->debug('Using token: ' . $auth_token);
42
43 if (strlen($auth_token)) {
44 ilSession::set('oidc_auth_token', '');
45 $oidc = $this->initClient();
46 $oidc->signOut(
47 $auth_token,
48 ILIAS_HTTP_PATH . '/logout.php'
49 );
50 }
51 }
static get($a_var)
Get a value.

References $oidc, ilSession\get(), ilAuthProvider\getLogger(), initClient(), ilOpenIdConnectSettings\LOGOUT_SCOPE_LOCAL, ilSession\set(), and settings().

+ Here is the call graph for this function:

◆ handleUpdate()

ilAuthProviderOpenIdConnect::handleUpdate ( ilAuthStatus  $status,
  $user_info 
)
private
Parameters
ilAuthStatus$status
array$user_info

Definition at line 122 of file class.ilAuthProviderOpenIdConnect.php.

123 {
124 if (!is_object($user_info)) {
125 $this->getLogger()->error('Received invalid user credentials: ');
126 $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
128 $status->setReason('err_wrong_login');
129 return false;
130 }
131
132 $uid_field = $this->settings->getUidField();
133 $ext_account = $user_info->$uid_field;
134
135 $this->getLogger()->debug('Authenticated external account: ' . $ext_account);
136
137
140 $ext_account
141 );
142
143 try {
144 $sync = new ilOpenIdConnectUserSync($this->settings, $user_info);
145 if (!is_string($ext_account)) {
147 $status->setReason('err_wrong_login');
148 return $status;
149 }
150 $sync->setExternalAccount($ext_account);
151 $sync->setInternalAccount($int_account);
152 $sync->updateUser();
153
154 $user_id = $sync->getUserId();
155 ilSession::set('used_external_auth', true);
156 $status->setAuthenticatedUserId($user_id);
158
159 // @todo : provide a general solution for all authentication methods
160 $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
163 $status->setReason('err_wrong_login');
164 }
165
166 return $status;
167 }
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Class ilOpenIdConnectSettingsGUI.
$sync

References $_GET, ilAuthProvider\$status, $sync, ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilOpenIdConnectUserSync\AUTH_MODE, ilLogLevel\ERROR, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilSession\set(), settings(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by doAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initClient()

ilAuthProviderOpenIdConnect::initClient ( )
private
Returns
OpenIDConnectClient

Definition at line 172 of file class.ilAuthProviderOpenIdConnect.php.

173 {
175 $this->settings->getProvider(),
176 $this->settings->getClientId(),
177 $this->settings->getSecret()
178 );
179 return $oidc;
180 }
Require the CURL and JSON PHP extensions to be installed.

References $oidc, and settings().

Referenced by doAuthentication(), and handleLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $settings

ilAuthProviderOpenIdConnect::$settings = null
private

Definition at line 18 of file class.ilAuthProviderOpenIdConnect.php.


The documentation for this class was generated from the following file: