ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3
8class ilSamlIdp
9{
13 protected $db;
14
18 private static $instances = array();
19
23 protected $idp_id;
24
28 protected $is_active = false;
29
33 protected $allow_local_auth = false;
34
38 protected $default_role_id = false;
39
43 protected $uid_claim = '';
44
48 protected $login_claim = '';
49
53 protected $sync_status = false;
54
58 protected $entity_id = '';
59
63 protected $account_migration_status = false;
64
68 protected static $idp_as_data = array();
69
73 public function __construct($a_idp_id = 0)
74 {
75 $this->db = $GLOBALS['DIC']->database();
76 $this->idp_id = $a_idp_id;
77
78 if ($this->idp_id > 0) {
79 $this->read();
80 }
81 }
82
87 public static function getFirstActiveIdp()
88 {
89 $idps = self::getActiveIdpList();
90 if (count($idps) > 0) {
91 return current($idps);
92 }
93
94 require_once 'Services/Saml/exceptions/class.ilSamlException.php';
95 throw new \ilSamlException('No active SAML IDP found');
96 }
97
102 public static function getInstanceByIdpId($a_idp_id)
103 {
104 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
105 self::$instances[$a_idp_id] = new self($a_idp_id);
106 }
107
108 return self::$instances[$a_idp_id];
109 }
110
114 private function read()
115 {
116 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
117 $res = $this->db->query($query);
118 while ($record = $this->db->fetchAssoc($res)) {
119 $this->bindDbRecord($record);
120 return;
121 }
122
123 throw new \ilException('Could not find idp');
124 }
125
129 public function persist()
130 {
131 if (!$this->getIdpId()) {
132 $this->setIdpId((int) $this->db->nextId('saml_idp_settings'));
133 }
134
135 $this->db->replace(
136 'saml_idp_settings',
137 array(
138 'idp_id' => array('integer', $this->getIdpId())
139 ),
140 array(
141 'is_active' => array('integer', $this->isActive()),
142 'default_role_id' => array('integer', $this->getDefaultRoleId()),
143 'uid_claim' => array('text', $this->getUidClaim()),
144 'login_claim' => array('text', $this->getLoginClaim()),
145 'entity_id' => array('text', $this->getEntityId()),
146 'sync_status' => array('integer', $this->isSynchronizationEnabled()),
147 'allow_local_auth' => array('integer', $this->allowLocalAuthentication()),
148 'account_migr_status' => array('integer', $this->isAccountMigrationEnabled())
149 )
150 );
151 }
152
156 public function delete()
157 {
158 require_once 'Services/Authentication/classes/External/UserAttributeMapping/class.ilExternalAuthUserAttributeMapping.php';
159 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
160 $mapping->delete();
161
162 $this->db->manipulateF(
163 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
164 array('text', 'text'),
165 array('default', AUTH_SAML . '_' . $this->getIdpId())
166 );
167
168 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer'));
169 }
170
174 public function toArray()
175 {
176 return array(
177 'idp_id' => $this->getIdpId(),
178 'is_active' => $this->isActive(),
179 'default_role_id' => $this->getDefaultRoleId(),
180 'uid_claim' => $this->getUidClaim(),
181 'login_claim' => $this->getLoginClaim(),
182 'sync_status' => $this->isSynchronizationEnabled(),
183 'account_migr_status' => $this->isAccountMigrationEnabled(),
184 'allow_local_auth' => $this->allowLocalAuthentication(),
185 'entity_id' => $this->getEntityId()
186 );
187 }
188
192 public function bindDbRecord(array $record)
193 {
194 $this->setIdpId((int) $record['idp_id']);
195 $this->setActive((bool) $record['is_active']);
196 $this->setDefaultRoleId((int) $record['default_role_id']);
197 $this->setUidClaim($record['uid_claim']);
198 $this->setLoginClaim($record['login_claim']);
199 $this->setSynchronizationStatus((bool) $record['sync_status']);
200 $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
201 $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
202 $this->setEntityId($record['entity_id']);
203 }
204
208 public function bindForm(ilPropertyFormGUI $form)
209 {
210 $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
211 $this->setUidClaim($form->getInput('uid_claim'));
212 $this->setLoginClaim($form->getInput('login_claim'));
213 $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
214 $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
215 $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
216
220 $metadata = $form->getItemByPostVar('metadata');
221 $this->setEntityId($metadata->getIdpMetadataParser()->getEntityId());
222 }
223
228 public static function isAuthModeSaml($a_auth_mode)
229 {
230 if (!$a_auth_mode) {
231 $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
232 return false;
233 }
234
235 $auth_arr = explode('_', $a_auth_mode);
236 return count($auth_arr) == 2 && $auth_arr[0] == AUTH_SAML && strlen($auth_arr[1]);
237 }
238
243 public static function getIdpIdByAuthMode($a_auth_mode)
244 {
245 if (self::isAuthModeSaml($a_auth_mode)) {
246 $auth_arr = explode('_', $a_auth_mode);
247 return $auth_arr[1];
248 }
249
250 return null;
251 }
252
257 public static function geIdpIdByEntityId($entityId)
258 {
259 foreach (self::getAllIdps() as $idp) {
260 if ($idp->isActive() && $idp->getEntityId() === $entityId) {
261 return $idp->getIdpId();
262 }
263 }
264
265 return 0;
266 }
267
271 public static function getActiveIdpList()
272 {
273 $idps = array();
274
275 foreach (self::getAllIdps() as $idp) {
276 if ($idp->isActive()) {
277 $idps[] = $idp;
278 }
279 }
280
281 return $idps;
282 }
283
287 public static function getAllIdps()
288 {
289 global $DIC;
290
291 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
292
293 $idps = array();
294 while ($row = $DIC->database()->fetchAssoc($res)) {
295 $idp = new self();
296 $idp->bindDbRecord($row);
297
298 $idps[] = $idp;
299 }
300
301 return $idps;
302 }
303
308 public static function getAuthModeByKey($a_auth_key)
309 {
310 $auth_arr = explode('_', $a_auth_key);
311 if (count((array) $auth_arr) > 1) {
312 return 'saml_' . $auth_arr[1];
313 }
314
315 return 'saml';
316 }
317
322 public static function getKeyByAuthMode($a_auth_mode)
323 {
324 $auth_arr = explode('_', $a_auth_mode);
325 if (count((array) $auth_arr) > 1) {
326 return AUTH_SAML . '_' . $auth_arr[1];
327 }
328
329 return AUTH_SAML;
330 }
331
335 public function getEntityId()
336 {
337 return $this->entity_id;
338 }
339
343 public function setEntityId($entity_id)
344 {
345 $this->entity_id = $entity_id;
346 }
347
351 public function isActive()
352 {
353 return (bool) $this->is_active;
354 }
355
359 public function setActive($is_active)
360 {
361 $this->is_active = (bool) $is_active;
362 }
363
367 public function getIdpId()
368 {
369 return (int) $this->idp_id;
370 }
371
375 public function setIdpId($idp_id)
376 {
377 $this->idp_id = (int) $idp_id;
378 }
379
383 public function allowLocalAuthentication()
384 {
385 return (bool) $this->allow_local_auth;
386 }
387
391 public function setLocalLocalAuthenticationStatus($status)
392 {
393 $this->allow_local_auth = (bool) $status;
394 }
395
399 public function getDefaultRoleId()
400 {
401 return (int) $this->default_role_id;
402 }
403
407 public function setDefaultRoleId($role_id)
408 {
409 $this->default_role_id = (int) $role_id;
410 }
411
415 public function setUidClaim($claim)
416 {
417 $this->uid_claim = $claim;
418 }
419
423 public function getUidClaim()
424 {
425 return $this->uid_claim;
426 }
427
431 public function setLoginClaim($claim)
432 {
433 $this->login_claim = $claim;
434 }
435
439 public function getLoginClaim()
440 {
441 return $this->login_claim;
442 }
443
447 public function isSynchronizationEnabled()
448 {
449 return (bool) $this->sync_status;
450 }
451
455 public function setSynchronizationStatus($sync)
456 {
457 $this->sync_status = (bool) $sync;
458 }
459
463 public function isAccountMigrationEnabled()
464 {
465 return (bool) $this->account_migration_status;
466 }
467
471 public function setAccountMigrationStatus($status)
472 {
473 $this->account_migration_status = (int) $status;
474 }
475}
$metadata
$metadata['__DYNAMIC:1__']
Definition: adfs-idp-hosted.php:3
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilPropertyFormGUI\getInput
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Definition: class.ilPropertyFormGUI.php:558
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:9
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:322
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:271
ilSamlIdp\setActive
setActive($is_active)
Definition: class.ilSamlIdp.php:359
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId($a_idp_id)
Definition: class.ilSamlIdp.php:102
ilSamlIdp\setIdpId
setIdpId($idp_id)
Definition: class.ilSamlIdp.php:375
ilSamlIdp\setLoginClaim
setLoginClaim($claim)
Definition: class.ilSamlIdp.php:431
ilSamlIdp\setDefaultRoleId
setDefaultRoleId($role_id)
Definition: class.ilSamlIdp.php:407
ilSamlIdp\$instances
static $instances
Definition: class.ilSamlIdp.php:18
ilSamlIdp\__construct
__construct($a_idp_id=0)
Definition: class.ilSamlIdp.php:73
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus($sync)
Definition: class.ilSamlIdp.php:455
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId($entityId)
Definition: class.ilSamlIdp.php:257
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:463
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus($status)
Definition: class.ilSamlIdp.php:471
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus($status)
Definition: class.ilSamlIdp.php:391
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode($a_auth_mode)
Definition: class.ilSamlIdp.php:243
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:87
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:447
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Definition: class.ilSamlIdp.php:308
ilSamlIdp\setEntityId
setEntityId($entity_id)
Definition: class.ilSamlIdp.php:343
ilSamlIdp\$idp_as_data
static $idp_as_data
Definition: class.ilSamlIdp.php:68
ilSamlIdp\setUidClaim
setUidClaim($claim)
Definition: class.ilSamlIdp.php:415
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml($a_auth_mode)
Definition: class.ilSamlIdp.php:228
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:287
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:383
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:192
$entityId
if( $source===null) if(!($source instanceof sspmod_saml_Auth_Source_SP)) $entityId
Definition: metadata.php:22
$sync
$sync
Definition: memcacheSync.php:62
$row
$row
Definition: migrateto20.php:360
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
$query
$query
Definition: proxy_ylocal.php:13
$idp
$idp
Definition: prp.php:13
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15