7include_once 
'./Services/Authentication/classes/Provider/class.ilAuthProvider.php';
 
    8include_once 
'./Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
 
    9include_once 
'./Services/LTI/classes/InternalProvider/class.ilLTIToolProvider.php';
 
   10require_once 
'Services/LTI/classes/class.ilLTIDataConnector.php';
 
   31        if (isset(
$_POST[
'launch_presentation_document_target']) && 
$_POST[
'launch_presentation_document_target'] == 
'blank') {
 
   32            $_POST[
'launch_presentation_document_target'] = 
'window';
 
   35        if (isset(
$_POST[
'launch_presentation_css_url'])) {
 
   36            $_SESSION[
'lti_launch_css_url'] = 
$_POST[
'launch_presentation_css_url'];
 
   39        if (isset(
$_POST[
'launch_presentation_return_url']) && (strlen(trim(
$_POST[
'launch_presentation_return_url'])) > 0)) {
 
   40            $_SESSION[
'lti_launch_presentation_return_url'] = 
$_POST[
'launch_presentation_return_url'];
 
   48        $ok = $lti_provider->handleRequest();
 
   51            $this->
getLogger()->warning(
'LTI authentication failed with message: ' . $lti_provider->reason);
 
   52            $status->setReason($lti_provider->reason);
 
   56            $this->
getLogger()->debug(
'LTI authentication success');
 
   67            $consumer->getRecordId(),
 
   71        $_SESSION[
'lti_context_id'] = $consumer->getRefId();
 
   76        if (!$consumer->enabled) {
 
   77            $this->
getLogger()->warning(
'Consumer is not enabled');
 
   78            $status->
setReason(
'lti_consumer_inactive');
 
   83        if (!$consumer->getActive()) {
 
   84            $this->
getLogger()->warning(
'Consumer is not active');
 
   85            $status->
setReason(
'lti_consumer_inactive');
 
   91        $lti_id = $consumer->getExtConsumerId();
 
   93            $status->setReason(
'lti_auth_failed_invalid_key');
 
   98        $this->
getLogger()->debug(
'Using prefix:' . $consumer->getPrefix());
 
  102        if ($internal_account) {
 
  103            $this->
updateUser($internal_account, $consumer);
 
  105            $internal_account = $this->
createUser($consumer);
 
  111        $status->setAuthenticatedUserId($internal_account);
 
  113        $lti_lis_person_name_full = 
"";
 
  114        if (isset(
$_POST[
'lis_person_name_given'])) {
 
  115            $_SESSION[
'lti_lis_person_name_given'] = 
$_POST[
'lis_person_name_given'];
 
  116            $lti_lis_person_name_full = 
$_POST[
'lis_person_name_given'] . 
' ';
 
  118        if (isset(
$_POST[
'lis_person_name_family'])) {
 
  119            $_SESSION[
'lti_lis_person_name_family'] = 
$_POST[
'lis_person_name_family'];
 
  120            $lti_lis_person_name_full .= 
$_POST[
'lis_person_name_family'];
 
  122        if (isset(
$_POST[
'lis_person_name_full']) && (strlen(trim(
$_POST[
'lis_person_name_full'])) > 0)) {
 
  123            $_SESSION[
'lti_lis_person_name_full'] = 
$_POST[
'lis_person_name_full'];
 
  125            $_SESSION[
'lti_lis_person_name_full'] = $lti_lis_person_name_full;
 
  144        $query = 
'SELECT consumer_pk from lti2_consumer where consumer_key256 = ' . 
$ilDB->quote($a_oauth_consumer_key, 
'text');
 
  151            $lti_id = 
$row->consumer_pk;
 
  154        $this->
getLogger()->debug(
'External consumer key is: ' . (
int) $lti_id);
 
  166        $query = 
'SELECT prefix from lti_ext_consumer where id = ' . 
$ilDB->quote($a_lti_id, 
'integer');
 
  173            $prefix = 
$row->prefix;
 
  175        $this->
getLogger()->debug(
'LTI prefix: ' . $prefix);
 
  186        $query = 
'SELECT role from lti_ext_consumer where id = ' . 
$ilDB->quote($a_lti_id, 
'integer');
 
  194        $this->
getLogger()->debug(
'LTI role: ' . $role);
 
  203    protected function findUserId($a_oauth_user, $a_oauth_id, $a_user_prefix)
 
  206            self::AUTH_MODE_PREFIX . 
'_' . $a_oauth_id,
 
  213        $this->
getLogger()->debug(
'Found user with auth mode lti_' . $a_oauth_id . 
' with user_id: ' . 
$user_id);
 
  228        include_once(
'./Services/Authentication/classes/class.ilAuthUtils.php');
 
  231        $newUser[
"login"] = $local_user;
 
  232        $newUser[
"firstname"] = 
$_POST[
'lis_person_name_given'];
 
  233        $newUser[
"lastname"] = 
$_POST[
'lis_person_name_family'];
 
  234        $newUser[
'email'] = 
$_POST[
'lis_person_contact_email_primary'];
 
  238        $newUser[
"passwd"] = 
"";
 
  243        $newUser[
"profile_incomplete"] = 0;
 
  246        $userObj->assignData($newUser);
 
  247        $userObj->setTitle($userObj->getFullname());
 
  248        $userObj->setDescription($userObj->getEmail());
 
  251        $userObj->setLanguage(
$ilSetting->get(
"language"));
 
  254        $userObj->setTimeLimitOwner(7);
 
  255        $userObj->setTimeLimitUnlimited(0);
 
  256        $userObj->setTimeLimitFrom(time() - 5);
 
  257        $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable(
"session", 
"expire"));
 
  261        $userObj->setOwner(6);
 
  263        $userObj->setActive(1);
 
  264        $userObj->updateOwner();
 
  265        $userObj->saveAsNew();
 
  266        $userObj->writePrefs();
 
  268        $GLOBALS[
'DIC']->rbac()->admin()->assignUser($consumer->
getRole(), $userObj->getId());
 
  270        $this->
getLogger()->info(
'Created new lti user with uid: ' . $userObj->getId() . 
' and login: ' . $userObj->getLogin());
 
  271        return $userObj->getId();
 
  281        global $ilClientIniFile,
$ilLog,$rbacadmin;
 
  283        $user_obj = 
new ilObjUser($a_local_user_id);
 
  284        $user_obj->setFirstname(
$_POST[
'lis_person_name_given']);
 
  285        $user_obj->setLastname(
$_POST[
'lis_person_name_family']);
 
  286        $user_obj->setEmail(
$_POST[
'lis_person_contact_email_primary']);
 
  287        $user_obj->setActive(
true);
 
  289        $until = $user_obj->getTimeLimitUntil();
 
  291        if ($until < (time() + $ilClientIniFile->readVariable(
'session', 
'expire'))) {
 
  292            $user_obj->setTimeLimitFrom(time() - 60);
 
  293            $user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable(
"session", 
"expire"));
 
  296        $user_obj->refreshLogin();
 
  298        $GLOBALS[
'DIC']->rbac()->admin()->assignUser($consumer->
getRole(), $user_obj->getId());
 
  301        $this->
getLogger()->info(
'Update of lti user with uid: ' . $user_obj->getId() . 
' and login: ' . $user_obj->getLogin());
 
  302        return $user_obj->getId();
 
  307        $target_ref_id = 
$_SESSION[
'lti_context_id'];
 
  308        if (!$target_ref_id) {
 
  309            $this->
getLogger()->debug(
'No target id given');
 
  316        if (!strlen($roles)) {
 
  317            $this->
getLogger()->debug(
'No role information given');
 
  320        $role_arr = explode(
',', $roles);
 
  322        foreach ($role_arr as $role_name) {
 
  323            $role_name = trim($role_name);
 
  324            switch ($role_name) {
 
  325                case 'Administrator':
 
  327                    $this->
getLogger()->debug(
'Administrator role handling');
 
  328                    if ($obj_settings->getAdminRole()) {
 
  329                        $GLOBALS[
'DIC']->rbac()->admin()->assignUser(
 
  330                            $obj_settings->getAdminRole(),
 
  337                    $this->
getLogger()->debug(
'Instructor role handling');
 
  338                    $this->
getLogger()->debug(
'Tutor role for request: ' . $obj_settings->getTutorRole());
 
  339                    if ($obj_settings->getTutorRole()) {
 
  340                        $GLOBALS[
'DIC']->rbac()->admin()->assignUser(
 
  341                            $obj_settings->getTutorRole(),
 
  349                    $this->
getLogger()->debug(
'Member role handling');
 
  350                    if ($obj_settings->getMemberRole()) {
 
  351                        $GLOBALS[
'DIC']->rbac()->admin()->assignUser(
 
  352                            $obj_settings->getMemberRole(),
 
  368        $auth_arr = explode(
'_', $a_auth_key);
 
  369        if (count((array) $auth_arr) > 1) {
 
  370            return 'lti_' . $auth_arr[1];
 
  382        $auth_arr = explode(
'_', $a_auth_mode);
 
  383        if (count((array) $auth_arr) > 1) {
 
  398        $query = 
'SELECT consumer_pk from lti2_consumer where enabled = ' . 
$ilDB->quote(1, 
'integer');
 
  403            $sids[] = 
$row->consumer_pk;
 
  413        $query = 
'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
 
  418            $sids[] = 
$row->consumer_pk;
 
  430        include_once 
'./Services/LTI/classes/class.ilLTIDataConnector.php';
 
  432        include_once 
'./Services/LTI/classes/InternalProvider/class.ilLTIToolConsumer.php';
 
  434        return $consumer->getTitle();
 
  444        if (self::isAuthModeLTI($a_auth_mode)) {
 
  445            $auth_arr = explode(
'_', $a_auth_mode);
 
  461        $auth_arr = explode(
'_', $a_auth_mode);
 
An exception for terminatinating execution or to throw for unit testing.
OAuth based lti authentication.
static getActiveAuthModes()
get all active authmode server ids
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
updateUser($a_local_user_id, ilLTIToolConsumer $consumer)
update existing user
findGlobalRole($a_lti_id)
find global role of consumer
static lookupConsumer($a_sid)
Lookup consumer title.
findUserId($a_oauth_user, $a_oauth_id, $a_user_prefix)
Find user by auth mode and lti id.
findAuthKeyId($a_oauth_consumer_key)
find consumer key id @global type $ilDB
findAuthPrefix($a_lti_id)
find lti id
createUser(ilLTIToolConsumer $consumer)
create new user
handleLocalRoleAssignments($user_id, ilLTIToolConsumer $consumer)
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
static isAuthModeLTI($a_auth_mode)
Check if user auth mode is LDAP.
static getAuthModeByKey($a_auth_key)
Get auth mode by key.
Base class for authentication providers (radius, ldap, apache, ...)
Auth status implementation.
const STATUS_AUTHENTICATED
setReason($a_reason)
Set reason.
const STATUS_AUTHENTICATION_FAILED
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Class to represent an LTI Data Connector for ILIAS.
static getLogger($a_component_id)
Get component logger.
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
static _lookupId($a_user_str)
Lookup id by login.
static _lookupType($a_id, $a_reference=false)
lookup object type
Standard interface for auth provider implementations.
doAuthentication(\ilAuthStatus $status)
Do authentication.
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
foreach($_POST as $key=> $value) $res