ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSamlIdp.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
8 class ilSamlIdp
9 {
13  protected $db;
14 
18  private static $instances = array();
19 
23  protected $idp_id;
24 
28  protected $is_active = false;
29 
33  protected $allow_local_auth = false;
34 
38  protected $default_role_id = false;
39 
43  protected $uid_claim = '';
44 
48  protected $login_claim = '';
49 
53  protected $sync_status = false;
54 
58  protected $entity_id = '';
59 
63  protected $account_migration_status = false;
64 
68  protected static $idp_as_data = array();
69 
73  public function __construct($a_idp_id = 0)
74  {
75  $this->db = $GLOBALS['DIC']->database();
76  $this->idp_id = $a_idp_id;
77 
78  if ($this->idp_id > 0) {
79  $this->read();
80  }
81  }
82 
87  public static function getFirstActiveIdp()
88  {
89  $idps = self::getActiveIdpList();
90  if (count($idps) > 0) {
91  return current($idps);
92  }
93 
94  require_once 'Services/Saml/exceptions/class.ilSamlException.php';
95  throw new \ilSamlException('No active SAML IDP found');
96  }
97 
102  public static function getInstanceByIdpId($a_idp_id)
103  {
104  if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
105  self::$instances[$a_idp_id] = new self($a_idp_id);
106  }
107 
108  return self::$instances[$a_idp_id];
109  }
110 
114  private function read()
115  {
116  $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
117  $res = $this->db->query($query);
118  while ($record = $this->db->fetchAssoc($res)) {
119  $this->bindDbRecord($record);
120  return;
121  }
122 
123  throw new \ilException('Could not find idp');
124  }
125 
129  public function persist()
130  {
131  if (!$this->getIdpId()) {
132  $this->setIdpId((int) $this->db->nextId('saml_idp_settings'));
133  }
134 
135  $this->db->replace(
136  'saml_idp_settings',
137  array(
138  'idp_id' => array('integer', $this->getIdpId())
139  ),
140  array(
141  'is_active' => array('integer', $this->isActive()),
142  'default_role_id' => array('integer', $this->getDefaultRoleId()),
143  'uid_claim' => array('text', $this->getUidClaim()),
144  'login_claim' => array('text', $this->getLoginClaim()),
145  'entity_id' => array('text', $this->getEntityId()),
146  'sync_status' => array('integer', $this->isSynchronizationEnabled()),
147  'allow_local_auth' => array('integer', $this->allowLocalAuthentication()),
148  'account_migr_status' => array('integer', $this->isAccountMigrationEnabled())
149  )
150  );
151  }
152 
156  public function delete()
157  {
158  require_once 'Services/Authentication/classes/External/UserAttributeMapping/class.ilExternalAuthUserAttributeMapping.php';
159  $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
160  $mapping->delete();
161 
162  $this->db->manipulateF(
163  'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
164  array('text', 'text'),
165  array('default', AUTH_SAML . '_' . $this->getIdpId())
166  );
167 
168  $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer'));
169  }
170 
174  public function toArray()
175  {
176  return array(
177  'idp_id' => $this->getIdpId(),
178  'is_active' => $this->isActive(),
179  'default_role_id' => $this->getDefaultRoleId(),
180  'uid_claim' => $this->getUidClaim(),
181  'login_claim' => $this->getLoginClaim(),
182  'sync_status' => $this->isSynchronizationEnabled(),
183  'account_migr_status' => $this->isAccountMigrationEnabled(),
184  'allow_local_auth' => $this->allowLocalAuthentication(),
185  'entity_id' => $this->getEntityId()
186  );
187  }
188 
192  public function bindDbRecord(array $record)
193  {
194  $this->setIdpId((int) $record['idp_id']);
195  $this->setActive((bool) $record['is_active']);
196  $this->setDefaultRoleId((int) $record['default_role_id']);
197  $this->setUidClaim($record['uid_claim']);
198  $this->setLoginClaim($record['login_claim']);
199  $this->setSynchronizationStatus((bool) $record['sync_status']);
200  $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
201  $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
202  $this->setEntityId($record['entity_id']);
203  }
204 
208  public function bindForm(ilPropertyFormGUI $form)
209  {
210  $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
211  $this->setUidClaim($form->getInput('uid_claim'));
212  $this->setLoginClaim($form->getInput('login_claim'));
213  $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
214  $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
215  $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
216 
220  $metadata = $form->getItemByPostVar('metadata');
221  $this->setEntityId($metadata->getIdpMetadataParser()->getEntityId());
222  }
223 
228  public static function isAuthModeSaml($a_auth_mode)
229  {
230  if (!$a_auth_mode) {
231  $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
232  return false;
233  }
234 
235  $auth_arr = explode('_', $a_auth_mode);
236  return count($auth_arr) == 2 && $auth_arr[0] == AUTH_SAML && strlen($auth_arr[1]);
237  }
238 
243  public static function getIdpIdByAuthMode($a_auth_mode)
244  {
245  if (self::isAuthModeSaml($a_auth_mode)) {
246  $auth_arr = explode('_', $a_auth_mode);
247  return $auth_arr[1];
248  }
249 
250  return null;
251  }
252 
257  public static function geIdpIdByEntityId($entityId)
258  {
259  foreach (self::getAllIdps() as $idp) {
260  if ($idp->isActive() && $idp->getEntityId() === $entityId) {
261  return $idp->getIdpId();
262  }
263  }
264 
265  return 0;
266  }
267 
271  public static function getActiveIdpList()
272  {
273  $idps = array();
274 
275  foreach (self::getAllIdps() as $idp) {
276  if ($idp->isActive()) {
277  $idps[] = $idp;
278  }
279  }
280 
281  return $idps;
282  }
283 
287  public static function getAllIdps()
288  {
289  global $DIC;
290 
291  $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
292 
293  $idps = array();
294  while ($row = $DIC->database()->fetchAssoc($res)) {
295  $idp = new self();
296  $idp->bindDbRecord($row);
297 
298  $idps[] = $idp;
299  }
300 
301  return $idps;
302  }
303 
308  public static function getAuthModeByKey($a_auth_key)
309  {
310  $auth_arr = explode('_', $a_auth_key);
311  if (count((array) $auth_arr) > 1) {
312  return 'saml_' . $auth_arr[1];
313  }
314 
315  return 'saml';
316  }
317 
322  public static function getKeyByAuthMode($a_auth_mode)
323  {
324  $auth_arr = explode('_', $a_auth_mode);
325  if (count((array) $auth_arr) > 1) {
326  return AUTH_SAML . '_' . $auth_arr[1];
327  }
328 
329  return AUTH_SAML;
330  }
331 
335  public function getEntityId()
336  {
337  return $this->entity_id;
338  }
339 
343  public function setEntityId($entity_id)
344  {
345  $this->entity_id = $entity_id;
346  }
347 
351  public function isActive()
352  {
353  return (bool) $this->is_active;
354  }
355 
359  public function setActive($is_active)
360  {
361  $this->is_active = (bool) $is_active;
362  }
363 
367  public function getIdpId()
368  {
369  return (int) $this->idp_id;
370  }
371 
375  public function setIdpId($idp_id)
376  {
377  $this->idp_id = (int) $idp_id;
378  }
379 
383  public function allowLocalAuthentication()
384  {
385  return (bool) $this->allow_local_auth;
386  }
387 
391  public function setLocalLocalAuthenticationStatus($status)
392  {
393  $this->allow_local_auth = (bool) $status;
394  }
395 
399  public function getDefaultRoleId()
400  {
401  return (int) $this->default_role_id;
402  }
403 
407  public function setDefaultRoleId($role_id)
408  {
409  $this->default_role_id = (int) $role_id;
410  }
411 
415  public function setUidClaim($claim)
416  {
417  $this->uid_claim = $claim;
418  }
419 
423  public function getUidClaim()
424  {
425  return $this->uid_claim;
426  }
427 
431  public function setLoginClaim($claim)
432  {
433  $this->login_claim = $claim;
434  }
435 
439  public function getLoginClaim()
440  {
441  return $this->login_claim;
442  }
443 
447  public function isSynchronizationEnabled()
448  {
449  return (bool) $this->sync_status;
450  }
451 
455  public function setSynchronizationStatus($sync)
456  {
457  $this->sync_status = (bool) $sync;
458  }
459 
463  public function isAccountMigrationEnabled()
464  {
465  return (bool) $this->account_migration_status;
466  }
467 
471  public function setAccountMigrationStatus($status)
472  {
473  $this->account_migration_status = (int) $status;
474  }
475 }
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:243
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:192
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId($entityId)
Definition: class.ilSamlIdp.php:257
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar($a_post_var)
Get Item by POST variable.
Definition: class.ilPropertyFormGUI.php:334
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$DIC
global $DIC
Definition: saml.php:7
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId($a_idp_id)
Definition: class.ilSamlIdp.php:102
ilSamlIdp\__construct
__construct($a_idp_id=0)
Definition: class.ilSamlIdp.php:73
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
ilSamlIdp\setDefaultRoleId
setDefaultRoleId($role_id)
Definition: class.ilSamlIdp.php:407
ilExternalAuthUserAttributeMapping
Class ilExternalAuthUserAttributeMapping.
Definition: class.ilExternalAuthUserAttributeMapping.php:10
ilSamlIdp\$instances
static $instances
Definition: class.ilSamlIdp.php:18
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilSamlIdp\setLoginClaim
setLoginClaim($claim)
Definition: class.ilSamlIdp.php:431
ilSamlIdp\setEntityId
setEntityId($entity_id)
Definition: class.ilSamlIdp.php:343
$sync
$sync
Definition: memcacheSync.php:62
$query
$query
Definition: proxy_ylocal.php:13
ilPropertyFormGUI\getInput
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Definition: class.ilPropertyFormGUI.php:558
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:287
ilSamlIdp\$idp_as_data
static $idp_as_data
Definition: class.ilSamlIdp.php:68
$entityId
if($source===null) if(!($source instanceof sspmod_saml_Auth_Source_SP)) $entityId
Definition: metadata.php:22
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus($sync)
Definition: class.ilSamlIdp.php:455
$row
$row
Definition: migrateto20.php:360
ilSamlIdp\setUidClaim
setUidClaim($claim)
Definition: class.ilSamlIdp.php:415
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml($a_auth_mode)
Definition: class.ilSamlIdp.php:228
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:8
ilSamlIdp\setActive
setActive($is_active)
Definition: class.ilSamlIdp.php:359
ilSamlIdp\setIdpId
setIdpId($idp_id)
Definition: class.ilSamlIdp.php:375
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:322
$idp
$idp
Definition: prp.php:13
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Definition: class.ilSamlIdp.php:308
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:463
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus($status)
Definition: class.ilSamlIdp.php:391
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:383
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:271
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:447
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus($status)
Definition: class.ilSamlIdp.php:471
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:87