ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3
9{
13 protected $db;
14
18 private static $instances = array();
19
23 protected $idp_id;
24
28 protected $is_active = false;
29
33 protected $allow_local_auth = false;
34
38 protected $default_role_id = false;
39
43 protected $uid_claim = '';
44
48 protected $login_claim = '';
49
53 protected $sync_status = false;
54
58 protected $entity_id = '';
59
63 protected $account_migration_status = false;
64
68 protected static $idp_as_data = array();
69
73 public function __construct($a_idp_id = 0)
74 {
75 $this->db = $GLOBALS['DIC']->database();
76 $this->idp_id = $a_idp_id;
77
78 if ($this->idp_id > 0) {
79 $this->read();
80 }
81 }
82
87 public static function getFirstActiveIdp()
88 {
89 $idps = self::getActiveIdpList();
90 if (count($idps) > 0) {
91 return current($idps);
92 }
93
94 require_once 'Services/Saml/exceptions/class.ilSamlException.php';
95 throw new \ilSamlException('No active SAML IDP found');
96 }
97
102 public static function getInstanceByIdpId($a_idp_id)
103 {
104 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
105 self::$instances[$a_idp_id] = new self($a_idp_id);
106 }
107
108 return self::$instances[$a_idp_id];
109 }
110
114 private function read()
115 {
116 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
117 $res = $this->db->query($query);
118 while ($record = $this->db->fetchAssoc($res)) {
119 $this->bindDbRecord($record);
120 return;
121 }
122
123 throw new \ilException('Could not find idp');
124 }
125
129 public function persist()
130 {
131 if (!$this->getIdpId()) {
132 $this->setIdpId((int) $this->db->nextId('saml_idp_settings'));
133 }
134
135 $this->db->replace(
136 'saml_idp_settings',
137 array(
138 'idp_id' => array('integer', $this->getIdpId())
139 ),
140 array(
141 'is_active' => array('integer', $this->isActive()),
142 'default_role_id' => array('integer', $this->getDefaultRoleId()),
143 'uid_claim' => array('text', $this->getUidClaim()),
144 'login_claim' => array('text', $this->getLoginClaim()),
145 'entity_id' => array('text', $this->getEntityId()),
146 'sync_status' => array('integer', $this->isSynchronizationEnabled()),
147 'allow_local_auth' => array('integer', $this->allowLocalAuthentication()),
148 'account_migr_status' => array('integer', $this->isAccountMigrationEnabled())
149 )
150 );
151 }
152
156 public function delete()
157 {
158 require_once 'Services/Authentication/classes/External/UserAttributeMapping/class.ilExternalAuthUserAttributeMapping.php';
159 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
160 $mapping->delete();
161
162 $this->db->manipulateF(
163 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
164 array('text', 'text'),
165 array('default', AUTH_SAML . '_' . $this->getIdpId())
166 );
167
168 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer'));
169 }
170
174 public function toArray()
175 {
176 return array(
177 'idp_id' => $this->getIdpId(),
178 'is_active' => $this->isActive(),
179 'default_role_id' => $this->getDefaultRoleId(),
180 'uid_claim' => $this->getUidClaim(),
181 'login_claim' => $this->getLoginClaim(),
182 'sync_status' => $this->isSynchronizationEnabled(),
183 'account_migr_status' => $this->isAccountMigrationEnabled(),
184 'allow_local_auth' => $this->allowLocalAuthentication(),
185 'entity_id' => $this->getEntityId()
186 );
187 }
188
192 public function bindDbRecord(array $record)
193 {
194 $this->setIdpId((int) $record['idp_id']);
195 $this->setActive((bool) $record['is_active']);
196 $this->setDefaultRoleId((int) $record['default_role_id']);
197 $this->setUidClaim($record['uid_claim']);
198 $this->setLoginClaim($record['login_claim']);
199 $this->setSynchronizationStatus((bool) $record['sync_status']);
200 $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
201 $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
202 $this->setEntityId($record['entity_id']);
203 }
204
208 public function bindForm(ilPropertyFormGUI $form)
209 {
210 $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
211 $this->setUidClaim($form->getInput('uid_claim'));
212 $this->setLoginClaim($form->getInput('login_claim'));
213 $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
214 $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
215 $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
216
220 $metadata = $form->getItemByPostVar('metadata');
221 $this->setEntityId($metadata->getIdpMetadataParser()->getEntityId());
222 }
223
228 public static function isAuthModeSaml($a_auth_mode)
229 {
230 if (!$a_auth_mode) {
231 $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
232 return false;
233 }
234
235 $auth_arr = explode('_', $a_auth_mode);
236 return count($auth_arr) == 2 && $auth_arr[0] == AUTH_SAML && strlen($auth_arr[1]);
237 }
238
243 public static function getIdpIdByAuthMode($a_auth_mode)
244 {
245 if (self::isAuthModeSaml($a_auth_mode)) {
246 $auth_arr = explode('_', $a_auth_mode);
247 return $auth_arr[1];
248 }
249
250 return null;
251 }
252
257 public static function geIdpIdByEntityId($entityId)
258 {
259 foreach (self::getAllIdps() as $idp) {
260 if ($idp->isActive() && $idp->getEntityId() === $entityId) {
261 return $idp->getIdpId();
262 }
263 }
264
265 return 0;
266 }
267
271 public static function getActiveIdpList()
272 {
273 $idps = array();
274
275 foreach (self::getAllIdps() as $idp) {
276 if ($idp->isActive()) {
277 $idps[] = $idp;
278 }
279 }
280
281 return $idps;
282 }
283
287 public static function getAllIdps()
288 {
289 global $DIC;
290
291 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
292
293 $idps = array();
294 while ($row = $DIC->database()->fetchAssoc($res)) {
295 $idp = new self();
296 $idp->bindDbRecord($row);
297
298 $idps[] = $idp;
299 }
300
301 return $idps;
302 }
303
308 public static function getAuthModeByKey($a_auth_key)
309 {
310 $auth_arr = explode('_', $a_auth_key);
311 if (count((array) $auth_arr) > 1) {
312 return 'saml_' . $auth_arr[1];
313 }
314
315 return 'saml';
316 }
317
322 public static function getKeyByAuthMode($a_auth_mode)
323 {
324 $auth_arr = explode('_', $a_auth_mode);
325 if (count((array) $auth_arr) > 1) {
326 return AUTH_SAML . '_' . $auth_arr[1];
327 }
328
329 return AUTH_SAML;
330 }
331
335 public function getEntityId()
336 {
337 return $this->entity_id;
338 }
339
343 public function setEntityId($entity_id)
344 {
345 $this->entity_id = $entity_id;
346 }
347
351 public function isActive()
352 {
353 return (bool) $this->is_active;
354 }
355
359 public function setActive($is_active)
360 {
361 $this->is_active = (bool) $is_active;
362 }
363
367 public function getIdpId()
368 {
369 return (int) $this->idp_id;
370 }
371
375 public function setIdpId($idp_id)
376 {
377 $this->idp_id = (int) $idp_id;
378 }
379
383 public function allowLocalAuthentication()
384 {
385 return (bool) $this->allow_local_auth;
386 }
387
391 public function setLocalLocalAuthenticationStatus($status)
392 {
393 $this->allow_local_auth = (bool) $status;
394 }
395
399 public function getDefaultRoleId()
400 {
401 return (int) $this->default_role_id;
402 }
403
407 public function setDefaultRoleId($role_id)
408 {
409 $this->default_role_id = (int) $role_id;
410 }
411
415 public function setUidClaim($claim)
416 {
417 $this->uid_claim = $claim;
418 }
419
423 public function getUidClaim()
424 {
425 return $this->uid_claim;
426 }
427
431 public function setLoginClaim($claim)
432 {
433 $this->login_claim = $claim;
434 }
435
439 public function getLoginClaim()
440 {
441 return $this->login_claim;
442 }
443
447 public function isSynchronizationEnabled()
448 {
449 return (bool) $this->sync_status;
450 }
451
456 {
457 $this->sync_status = (bool) $sync;
458 }
459
464 {
466 }
467
471 public function setAccountMigrationStatus($status)
472 {
473 $this->account_migration_status = (int) $status;
474 }
475}
$metadata['__DYNAMIC:1__']
An exception for terminatinating execution or to throw for unit testing.
const AUTH_SAML
This class represents a property form user interface.
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Class ilSamlIdp.
static getKeyByAuthMode($a_auth_mode)
static getActiveIdpList()
setActive($is_active)
static getInstanceByIdpId($a_idp_id)
setIdpId($idp_id)
setLoginClaim($claim)
setDefaultRoleId($role_id)
static $instances
__construct($a_idp_id=0)
setSynchronizationStatus($sync)
static geIdpIdByEntityId($entityId)
isAccountMigrationEnabled()
setAccountMigrationStatus($status)
setLocalLocalAuthenticationStatus($status)
static getIdpIdByAuthMode($a_auth_mode)
static getFirstActiveIdp()
isSynchronizationEnabled()
static getAuthModeByKey($a_auth_key)
setEntityId($entity_id)
static $idp_as_data
setUidClaim($claim)
static isAuthModeSaml($a_auth_mode)
static getAllIdps()
allowLocalAuthentication()
bindDbRecord(array $record)
if( $source===null) if(!($source instanceof sspmod_saml_Auth_Source_SP)) $entityId
Definition: metadata.php:22
$sync
$row
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
$query
$idp
Definition: prp.php:13
if(isset($_POST['submit'])) $form
global $DIC
Definition: saml.php:7
foreach($_POST as $key=> $value) $res