ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key, $auth_name='')
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 68 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 569 of file class.ilAuthUtils.php.

570 {
571 switch ((int) $a_auth_mode) {
572 case AUTH_LDAP:
573 case AUTH_RADIUS:
574 case AUTH_ECS:
575 case AUTH_PROVIDER_LTI:
576 case AUTH_OPENID_CONNECT:
577 return false;
578 default:
579 return true;
580 }
581 }
AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:22
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:17
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:30

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 376 of file class.ilAuthUtils.php.

377 {
378 global $DIC;
379
380 $ilDB = $DIC['ilDB'];
381
382 // Check if username already exists
383 $found = false;
384 $postfix = 0;
385 $c_login = $a_login;
386 while (!$found) {
387 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
388 $ilDB->quote($c_login));
389 if ($r->numRows() > 0) {
390 $postfix++;
391 $c_login = $a_login . $postfix;
392 } else {
393 $found = true;
394 }
395 }
396
397 return $c_login;
398 }
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$DIC
$DIC
Definition: xapitoken.php:46

References $DIC, and $ilDB.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 260 of file class.ilAuthUtils.php.

261 {
262 global $DIC;
263
264 $ilias = $DIC['ilias'];
265 $ilSetting = $DIC['ilSetting'];
266
267 $modes = array(
268 'default' => $ilSetting->get("auth_mode"),
269 'local' => AUTH_LOCAL
270 );
271 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
272 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
273 $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
274 }
275
276 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
277 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
278 $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
279 }
280
281 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
282 $modes['oidc'] = AUTH_OPENID_CONNECT;
283 }
284
285 if ($ilSetting->get("radius_active")) {
286 $modes['radius'] = AUTH_RADIUS;
287 }
288 if ($ilSetting->get("shib_active")) {
289 $modes['shibboleth'] = AUTH_SHIBBOLETH;
290 }
291 if ($ilSetting->get("script_active")) {
292 $modes['script'] = AUTH_SCRIPT;
293 }
294 if ($ilSetting->get("cas_active")) {
295 $modes['cas'] = AUTH_CAS;
296 }
297 if ($ilSetting->get("soap_auth_active")) {
298 $modes['soap'] = AUTH_SOAP;
299 }
300 if ($ilSetting->get("apache_active")) {
301 $modes['apache'] = AUTH_APACHE;
302 }
303
304 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
305 if (ilECSServerSettings::getInstance()->activeServerExists()) {
306 $modes['ecs'] = AUTH_ECS;
307 }
308
309 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
310 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
311 $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
312 }
313
314 // begin-path auth_plugin
315 foreach (self::getAuthPlugins() as $pl) {
316 foreach ($pl->getAuthIds() as $auth_id) {
317 if ($pl->isAuthActive($auth_id)) {
318 $modes[$pl->getAuthName($auth_id)] = $auth_id;
319 }
320 }
321 }
322 // end-path auth_plugin
323 return $modes;
324 }
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:19
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:109
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:146
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:241
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilOpenIdConnectSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 326 of file class.ilAuthUtils.php.

327 {
328 $modes = array(
329 AUTH_LOCAL,
330 AUTH_LDAP,
331 AUTH_SHIBBOLETH,
332 AUTH_SAML,
333 AUTH_CAS,
334 AUTH_SOAP,
335 AUTH_RADIUS,
336 AUTH_ECS,
337 AUTH_PROVIDER_LTI,
338 AUTH_OPENID_CONNECT,
339 AUTH_APACHE
340 );
341 $ret = array();
342 foreach ($modes as $mode) {
343 if ($mode == AUTH_PROVIDER_LTI) {
344 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
345 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
346 $id = AUTH_PROVIDER_LTI . '_' . $sid;
347 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
348 }
349 continue;
350 }
351
352 // multi ldap implementation
353 if ($mode == AUTH_LDAP) {
354 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
355 $id = AUTH_LDAP . '_' . $ldap_id;
356 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
357 }
358 continue;
359 } elseif ($mode == AUTH_SAML) {
360 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
361 foreach (ilSamlIdp::getAllIdps() as $idp) {
362 $id = AUTH_SAML . '_' . $idp->getIdpId();
363 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
364 }
365 continue;
366 }
367 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
368 }
369 return $ret;
370 }
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:198
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:206
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:257
$ret
$ret
Definition: parser.php:6

References $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 123 of file class.ilAuthUtils.php.

124 {
125 global $DIC;
126
127 $ilDB = $DIC['ilDB'];
128 $ilSetting = $DIC['ilSetting'];
129
130 $db = &$ilDB;
131
132 if ($a_db_handler != '') {
133 $db = &$a_db_handler;
134 }
135
136 // begin-patch ldap_multiple
137 if (strpos($a_auth_mode, '_') !== false) {
138 $auth_arr = explode('_', $a_auth_mode);
139 $auth_switch = $auth_arr[0];
140 } else {
141 $auth_switch = $a_auth_mode;
142 }
143 switch ($auth_switch) {
144 case "local":
145 return AUTH_LOCAL;
146 break;
147
148 case "ldap":
149 // begin-patch ldap_multiple
150 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
151 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
152 // end-patch ldap_multiple
153
154 case 'lti':
155 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
156 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
157
158 case "radius":
159 return AUTH_RADIUS;
160 break;
161
162 case "script":
163 return AUTH_SCRIPT;
164 break;
165
166 case "shibboleth":
167 return AUTH_SHIBBOLETH;
168 break;
169
170 case 'oidc':
171 return AUTH_OPENID_CONNECT;
172 break;
173
174 case 'saml':
175 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
176 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
177
178 case "cas":
179 return AUTH_CAS;
180 break;
181
182 case "soap":
183 return AUTH_SOAP;
184 break;
185
186 case 'ecs':
187 return AUTH_ECS;
188
189 case 'apache':
190 return AUTH_APACHE;
191
192 default:
193 return $ilSetting->get("auth_mode");
194 break;
195 }
196 }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:377
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:292

References $DIC, $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 198 of file class.ilAuthUtils.php.

199 {
200 global $DIC;
201
202 $ilias = $DIC['ilias'];
203
204 // begin-patch ldap_multiple
205 switch ((int) $a_auth_key) {
206 case AUTH_LOCAL:
207 return "local";
208 break;
209
210 case AUTH_LDAP:
211 // begin-patch ldap_multiple
212 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
213 return ilLDAPServer::getAuthModeByKey($a_auth_key);
214 // end-patch ldap_multiple
215
216 case AUTH_PROVIDER_LTI:
217 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
218 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
219
220 case AUTH_RADIUS:
221 return "radius";
222 break;
223
224 case AUTH_CAS:
225 return "cas";
226 break;
227
228 case AUTH_SCRIPT:
229 return "script";
230 break;
231
232 case AUTH_SHIBBOLETH:
233 return "shibboleth";
234 break;
235
236 case AUTH_SAML:
237 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
238 return ilSamlIdp::getAuthModeByKey($a_auth_key);
239
240 case AUTH_SOAP:
241 return "soap";
242 break;
243
244 case AUTH_ECS:
245 return 'ecs';
246
247 case AUTH_APACHE:
248 return 'apache';
249
250 case AUTH_OPENID_CONNECT:
251 return 'oidc';
252 break;
253
254 default:
255 return "default";
256 break;
257 }
258 }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:363
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:413
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:278

References $DIC, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 436 of file class.ilAuthUtils.php.

437 {
438 global $DIC;
439
440 $ilSetting = $DIC['ilSetting'];
441
442 // in the moment only ldap is activated as additional authentication method
443 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
444
445 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
446
447
448 // begin-patch ldap_multiple
449 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
450 $server = ilLDAPServer::getInstanceByServerId($sid);
451 $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
452 }
453 // end-patch ldap_multiple
454
455 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
456 $rad_settings = ilRadiusSettings::_getInstance();
457 if ($rad_settings->isActive()) {
458 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
459 }
460
461 if ($ilSetting->get('apache_active')) {
462 global $DIC;
463
464 $lng = $DIC['lng'];
465 $apache_settings = new ilSetting('apache_auth');
466 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
467 $options[AUTH_APACHE]['hide_in_ui'] = true;
468 }
469
470 if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
471 $default = AUTH_LDAP;
472 } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
473 $default = AUTH_RADIUS;
474 } else {
475 $default = AUTH_LOCAL;
476 }
477
478 $default = $ilSetting->get('default_auth_mode', $default);
479 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
480
481
482 // begin-patch auth_plugin
483 $pls = ilAuthUtils::getAuthPlugins();
484 foreach ($pls as $pl) {
485 $auths = $pl->getAuthIds();
486 foreach ($auths as $auth_id) {
487 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
488 if ($pl_auth_option) {
489 $options = $options + $pl_auth_option;
490 }
491 }
492 }
493 // end-patch auth_plugins
494
495 if (array_key_exists($default, $options)) {
496 $options[$default]['checked'] = true;
497 }
498
499 return $options ? $options : array();
500 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:749
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$server
$server
Definition: dummy_client.php:12
$lng
$lng
Definition: save_question_post_data.php:23

References $DIC, $ilSetting, $lng, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 400 of file class.ilAuthUtils.php.

401 {
402 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
403
404 $rad_settings = ilRadiusSettings::_getInstance();
405 if ($rad_settings->isActive()) {
406 return true;
407 }
408 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
409
410 if (count(ilLDAPServer::_getActiveServerList())) {
411 return true;
412 }
413
414 global $DIC;
415
416 $ilSetting = $DIC['ilSetting'];
417
418 if ($ilSetting->get('apache_active')) {
419 return true;
420 }
421
422 // begin-patch auth_plugin
423 foreach (ilAuthUtils::getAuthPlugins() as $pl) {
424 foreach ($pl->getAuthIds() as $auth_id) {
425 if ($pl->getMultipleAuthModeOptions($auth_id)) {
426 return true;
427 }
428 }
429 }
430 // end-patch auth_plugin
431
432
433 return false;
434 }

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 511 of file class.ilAuthUtils.php.

512 {
513 global $DIC;
514
515 $ilSetting = $DIC['ilSetting'];
516
517 if ($ilSetting->get("cas_active")) {
518 return true;
519 }
520 if ($ilSetting->get("soap_auth_active")) {
521 return true;
522 }
523 if ($ilSetting->get("shib_active")) {
524 return true;
525 }
526 if ($ilSetting->get('radius_active')) {
527 return true;
528 }
529 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
530 if (count(ilLDAPServer::_getActiveServerList())) {
531 return true;
532 }
533
534 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
535 if (count(ilAuthProviderLTI::getActiveAuthModes())) {
536 return true;
537 }
538
539 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
540 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
541 return true;
542 }
543
544 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
545 return true;
546 }
547
548 // begin-path auth_plugin
549 foreach (self::getAuthPlugins() as $pl) {
550 foreach ($pl->getAuthIds() as $auth_id) {
551 if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
552 return true;
553 }
554 }
555 }
556 // end-path auth_plugin
557
558 return false;
559 }
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:390

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 591 of file class.ilAuthUtils.php.

592 {
593 switch ($a_auth_mode) {
594 case AUTH_LOCAL:
595 case AUTH_APACHE:
596 return false;
597 default:
598 return true;
599 }
600 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key,
  $auth_name = '' 
)
static
Parameters
string$a_auth_key
string$auth_name

Definition at line 773 of file class.ilAuthUtils.php.

774 {
775 global $DIC;
776
777 $lng = $DIC['lng'];
778
779 switch ((int) $a_auth_key) {
780 case AUTH_LDAP:
781 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
782 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
783 $server = ilLDAPServer::getInstanceByServerId($sid);
784 return $server->getName();
785
786 case AUTH_PROVIDER_LTI:
787 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
788 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
789 return ilAuthProviderLTI::lookupConsumer($sid);
790
791
792 case AUTH_SAML:
793 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
794 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
795 $idp = ilSamlIdp::getInstanceByIdpId($idp_id);
796 return $idp->getEntityId();
797
798 default:
799 $lng->loadLanguageModule('auth');
800 if (!empty($auth_name)) {
801 return $lng->txt('auth_' . $auth_name);
802 } else {
803 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
804 }
805 }
806}
ilAuthProviderLTI\lookupConsumer
static lookupConsumer($a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:425
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:439
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:400
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:213
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66

References $DIC, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 749 of file class.ilAuthUtils.php.

750 {
751 $pls = $GLOBALS['DIC']['ilPluginAdmin']->getActivePluginsForSlot(
752 IL_COMP_SERVICE,
753 'Authentication',
754 'authhk'
755 );
756 $pl_objs = array();
757 foreach ($pls as $pl) {
758 $pl_objs[] = $GLOBALS['DIC']['ilPluginAdmin']->getPluginObject(
759 IL_COMP_SERVICE,
760 'Authentication',
761 'authhk',
762 $pl
763 );
764 }
765 return $pl_objs;
766 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 85 of file class.ilAuthUtils.php.

86 {
87 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
88 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
89 $credentials = new ilAuthFrontendCredentials();
90 $credentials->setUsername($_GET['ecs_login']);
91 $credentials->setAuthMode(AUTH_ECS);
92
93 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
94 $provider_factory = new ilAuthProviderFactory();
95 $providers = $provider_factory->getProviders($credentials);
96
97 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
98 $status = ilAuthStatus::getInstance();
99
100 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
101 $frontend_factory = new ilAuthFrontendFactory();
102 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
103 $frontend = $frontend_factory->getFrontend(
104 $GLOBALS['DIC']['ilAuthSession'],
105 $status,
106 $credentials,
107 $providers
108 );
109
110 $frontend->authenticate();
111
112 switch ($status->getStatus()) {
113 case ilAuthStatus::STATUS_AUTHENTICATED:
114 return;
115
116 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
117 ilInitialisation::goToPublicSection();
118 return;
119 }
120 }
121 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:826

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 77 of file class.ilAuthUtils.php.

78 {
79 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
80 return true;
81 }
82 return false;
83 }

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 624 of file class.ilAuthUtils.php.

625 {
626 global $DIC;
627
628 $ilSetting = $DIC->settings();
629
630 switch ((int) $a_authmode) {
631 // always enabled
632 case AUTH_LOCAL:
633 case AUTH_APACHE:
634 return true;
635
636 // No local passwords for these auth modes
637 case AUTH_LDAP:
638 case AUTH_RADIUS:
639 case AUTH_ECS:
640 case AUTH_SCRIPT:
641 case AUTH_PROVIDER_LTI:
642 case AUTH_OPENID_CONNECT:
643 return false;
644
645 case AUTH_SAML:
646 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
647 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
648 return $idp->isActive() && $idp->allowLocalAuthentication();
649
650 case AUTH_SHIBBOLETH:
651 return $ilSetting->get("shib_auth_allow_local");
652 case AUTH_SOAP:
653 return $ilSetting->get("soap_auth_allow_local");
654 case AUTH_CAS:
655 return $ilSetting->get("cas_allow_local");
656
657 }
658 return false;
659 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

+ Here is the call graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 668 of file class.ilAuthUtils.php.

669 {
670 global $DIC;
671
672 $ilSetting = $DIC['ilSetting'];
673
674 if (self::isPasswordModificationHidden()) {
675 return false;
676 }
677
678 // begin-patch ldap_multiple
679 // cast to int
680 switch ((int) $a_authmode) {
681 // No local passwords for these auth modes
682 case AUTH_LDAP:
683 case AUTH_RADIUS:
684 case AUTH_ECS:
685 case AUTH_SCRIPT:
686 case AUTH_PROVIDER_LTI:
687 case AUTH_OPENID_CONNECT:
688 return false;
689
690 case AUTH_SAML:
691 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
692 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
693 return $idp->isActive() && $idp->allowLocalAuthentication();
694
695 // Always for and local
696 case AUTH_LOCAL:
697 case AUTH_APACHE:
698 return true;
699
700 // Read setting:
701 case AUTH_SHIBBOLETH:
702 return $ilSetting->get("shib_auth_allow_local");
703 case AUTH_SOAP:
704 return $ilSetting->get("soap_auth_allow_local");
705 case AUTH_CAS:
706 return $ilSetting->get("cas_allow_local");
707 }
708 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 715 of file class.ilAuthUtils.php.

716 {
717 // begin-patch ldap_multiple
718 // cast to int
719 switch ((int) $a_authmode) {
720 case AUTH_LDAP:
721 case AUTH_LOCAL:
722 case AUTH_RADIUS:
723 return ilAuthUtils::LOCAL_PWV_FULL;
724
725 case AUTH_SHIBBOLETH:
726 case AUTH_OPENID_CONNECT:
727 case AUTH_SAML:
728 case AUTH_SOAP:
729 case AUTH_CAS:
730 if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
731 return ilAuthUtils::LOCAL_PWV_NO;
732 }
733 return ilAuthUtils::LOCAL_PWV_USER;
734
735 case AUTH_PROVIDER_LTI:
736 case AUTH_ECS:
737 case AUTH_SCRIPT:
738 case AUTH_APACHE:
739 default:
740 return ilAuthUtils::LOCAL_PWV_USER;
741 }
742 }
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:668

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 71 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 72 of file class.ilAuthUtils.php.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: