da/d59/class_8ilAuthProviderOpenIdConnect_8php_source.html

 <?php
 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */

 use Jumbojett\OpenIDConnectClient;

 class ilAuthProviderOpenIdConnect extends ilAuthProvider implements ilAuthProviderInterface
 {
     private $settings = null;


     public function __construct(ilAuthCredentials $credentials)
     {
         parent::__construct($credentials);
         $this->settings = ilOpenIdConnectSettings::getInstance();
     }

     public function handleLogout()
     {
         if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL) {
             return false;
         }

         $auth_token = ilSession::get('oidc_auth_token');
         $this->getLogger()->debug('Using token: ' . $auth_token);

         if (strlen($auth_token)) {
             ilSession::set('oidc_auth_token', '');
             $oidc = $this->initClient();
             $oidc->signOut(
                 $auth_token,
                 ILIAS_HTTP_PATH . '/logout.php'
             );
         }
     }

     public function doAuthentication(\ilAuthStatus $status)
     {
         try {
             $oidc = $this->initClient();
             $oidc->setRedirectURL(ILIAS_HTTP_PATH . '/openidconnect.php');

             $this->getLogger()->debug(
                 'Redirect url is: ' .
                 $oidc->getRedirectURL()
             );

             $oidc->setResponseTypes(
                 [
                     'id_token'
                 ]
             );
             $oidc->addScope(
                 [
                     'openid',
                     'profile',
                     'email',
                     'roles'
                 ]
             );


             $oidc->addAuthParam(['response_mode' => 'form_post']);
             switch ($this->settings->getLoginPromptType()) {
                 case ilOpenIdConnectSettings::LOGIN_ENFORCE:
                     $oidc->addAuthParam(['prompt' => 'login']);
                     break;
             }
             $oidc->setAllowImplicitFlow(true);

             $oidc->authenticate();
             // user is authenticated, otherwise redirected to authorization endpoint or exception
             $this->getLogger()->dump($_REQUEST, \ilLogLevel::DEBUG);

             $claims = $oidc->getVerifiedClaims(null);
             $this->getLogger()->dump($claims, \ilLogLevel::DEBUG);
             $status = $this->handleUpdate($status, $claims);

             // @todo : provide a general solution for all authentication methods
             $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();

             if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
                 $token = $oidc->requestClientCredentialsToken();
                 ilSession::set('oidc_auth_token', $token->access_token);
             }
             return true;
         } catch (Exception $e) {
             $this->getLogger()->warning($e->getMessage());
             $this->getLogger()->warning($e->getCode());
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setTranslatedReason($e->getMessage());
             return false;
         }
     }


     private function handleUpdate(ilAuthStatus $status, $user_info)
     {
         if (!is_object($user_info)) {
             $this->getLogger()->error('Received invalid user credentials: ');
             $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setReason('err_wrong_login');
             return false;
         }

         $uid_field = $this->settings->getUidField();
         $ext_account = $user_info->$uid_field;

         $this->getLogger()->debug('Authenticated external account: ' . $ext_account);


         $int_account = ilObjUser::_checkExternalAuthAccount(
             ilOpenIdConnectUserSync::AUTH_MODE,
             $ext_account
         );

         try {
             $sync = new ilOpenIdConnectUserSync($this->settings, $user_info);
             if (!is_string($ext_account)) {
                 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
                 $status->setReason('err_wrong_login');
                 return $status;
             }
             $sync->setExternalAccount($ext_account);
             $sync->setInternalAccount($int_account);
             $sync->updateUser();

             $user_id = $sync->getUserId();
             ilSession::set('used_external_auth', true);
             $status->setAuthenticatedUserId($user_id);
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);

             // @todo : provide a general solution for all authentication methods
             $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
         } catch (ilOpenIdConnectSyncForbiddenException $e) {
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setReason('err_wrong_login');
         }

         return $status;
     }

     private function initClient() : OpenIDConnectClient
     {
         $oidc = new OpenIDConnectClient(
             $this->settings->getProvider(),
             $this->settings->getClientId(),
             $this->settings->getSecret()
         );
         return $oidc;
     }
 }
ilAuthProviderOpenIdConnect\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.
Definition: class.ilAuthProviderOpenIdConnect.php:58

ilOpenIdConnectSettings\LOGOUT_SCOPE_GLOBAL
const LOGOUT_SCOPE_GLOBAL
Definition: class.ilOpenIdConnectSettings.php:22

settings
settings()
Definition: settings.php:2

ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:11

OpenIDConnectClient
Copyright MITRE 2012.

ilAuthProviderOpenIdConnect\initClient
initClient()
Definition: class.ilAuthProviderOpenIdConnect.php:172

ilOpenIdConnectSyncForbiddenException
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectSyncForbiddenException.php:10

$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12

ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19

ilSession\get
static get($a_var)
Get a value.
Definition: class.ilSession.php:441

ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:430

ilOpenIdConnectSettings\LOGIN_ENFORCE
const LOGIN_ENFORCE
Definition: class.ilOpenIdConnectSettings.php:19

ilAuthProviderOpenIdConnect\handleLogout
handleLogout()
Handle logout event.
Definition: class.ilAuthProviderOpenIdConnect.php:34

ilLogLevel\ERROR
const ERROR
Definition: class.ilLogLevel.php:21

ilAuthStatus\setTranslatedReason
setTranslatedReason($a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:90

ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:146

ilAuthProvider\$status
$status
Definition: class.ilAuthProvider.php:23

ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116

ilAuthProvider\$credentials
$credentials
Definition: class.ilAuthProvider.php:21

ilAuthProvider\$user_id
$user_id
Definition: class.ilAuthProvider.php:24

ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:11

ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:11

ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63

ilAuthProvider\getCredentials
getCredentials()
Definition: class.ilAuthProvider.php:46

ilAuthProviderOpenIdConnect
Class ilAuthProviderOpenIdConnect.
Definition: class.ilAuthProviderOpenIdConnect.php:13

ilOpenIdConnectUserSync\AUTH_MODE
const AUTH_MODE
Definition: class.ilOpenIdConnectUserSync.php:12

PHPMailer\PHPMailer\$token
$token
Definition: get_oauth_token.php:135

$sync
$sync
Definition: memcacheSync.php:62

ilAuthStatus\setReason
setReason($a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81

ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3909

ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38

ilOpenIdConnectUserSync
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectUserSync.php:10

ilAuthStatus\STATUS_AUTHENTICATED
const STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:18

ilAuthProviderOpenIdConnect\handleUpdate
handleUpdate(ilAuthStatus $status, $user_info)
Definition: class.ilAuthProviderOpenIdConnect.php:122

php

ilLogLevel\DEBUG
const DEBUG
Definition: class.ilLogLevel.php:17

ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:11

ilAuthProviderOpenIdConnect\$settings
$settings
Definition: class.ilAuthProviderOpenIdConnect.php:18

ilAuthProviderOpenIdConnect\__construct
__construct(ilAuthCredentials $credentials)
ilAuthProviderOpenIdConnect constructor.
Definition: class.ilAuthProviderOpenIdConnect.php:25

$oidc
$oidc
Definition: client_example.php:28

Jumbojett\OpenIDConnectClient
Require the CURL and JSON PHP extensions to be installed.
Definition: OpenIDConnectClient.php:89

ilOpenIdConnectSettings\LOGOUT_SCOPE_LOCAL
const LOGOUT_SCOPE_LOCAL
Definition: class.ilOpenIdConnectSettings.php:23

Exception