ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
Public Member Functions | Private Member Functions | Private Attributes
ilAuthProviderOpenIdConnect Class Reference

Class ilAuthProviderOpenIdConnect. More...

+ Inheritance diagram for ilAuthProviderOpenIdConnect:
+ Collaboration diagram for ilAuthProviderOpenIdConnect:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 ilAuthProviderOpenIdConnect constructor. More...
 
 handleLogout ()
 Handle logout event. More...
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Private Member Functions

 handleUpdate (ilAuthStatus $status, $user_info)
 
 initClient ()
 

Private Attributes

 $settings = null
 
 $lng = null
 

Additional Inherited Members

- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Detailed Description

Class ilAuthProviderOpenIdConnect.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 13 of file class.ilAuthProviderOpenIdConnect.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderOpenIdConnect::__construct ( ilAuthCredentials  $credentials)

ilAuthProviderOpenIdConnect constructor.

Parameters
ilAuthCredentials$credentials

Reimplemented from ilAuthProvider.

Definition at line 27 of file class.ilAuthProviderOpenIdConnect.php.

28 {
29 global $DIC;
30 parent::__construct($credentials);
31 $this->settings = ilOpenIdConnectSettings::getInstance();
32 $this->lng = $DIC->language();
33 }
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:146
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:30
settings
settings()
Definition: settings.php:2
$DIC
$DIC
Definition: xapitoken.php:46

References ilAuthProvider\$credentials, $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilOpenIdConnectSettings\getInstance(), and settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderOpenIdConnect::doAuthentication ( \ilAuthStatus  $status)

Do authentication.

Parameters
\ilAuthStatus$statusAuthentication status
Returns
bool

Implements ilAuthProviderInterface.

Definition at line 62 of file class.ilAuthProviderOpenIdConnect.php.

63 {
64 try {
65 $oidc = $this->initClient();
66 $oidc->setRedirectURL(ILIAS_HTTP_PATH . '/openidconnect.php');
67
68 $this->getLogger()->debug(
69 'Redirect url is: ' .
70 $oidc->getRedirectURL()
71 );
72
73 $oidc->setResponseTypes(
74 [
75 'id_token'
76 ]
77 );
78 $oidc->addScope(
79 [
80 'openid',
81 'profile',
82 'email',
83 'roles'
84 ]
85 );
86
87
88 $oidc->addAuthParam(['response_mode' => 'form_post']);
89 switch ($this->settings->getLoginPromptType()) {
90 case ilOpenIdConnectSettings::LOGIN_ENFORCE:
91 $oidc->addAuthParam(['prompt' => 'login']);
92 break;
93 }
94 $oidc->setAllowImplicitFlow(true);
95
96 $oidc->authenticate();
97 // user is authenticated, otherwise redirected to authorization endpoint or exception
98 $this->getLogger()->dump($_REQUEST, \ilLogLevel::DEBUG);
99
100 $claims = $oidc->getVerifiedClaims(null);
101 $this->getLogger()->dump($claims, \ilLogLevel::DEBUG);
102 $status = $this->handleUpdate($status, $claims);
103
104 // @todo : provide a general solution for all authentication methods
105 $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
106
107 if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
108 $token = $oidc->requestClientCredentialsToken();
109 ilSession::set('oidc_auth_token', $token->access_token);
110 }
111 return true;
112 } catch (Exception $e) {
113 $this->getLogger()->warning($e->getMessage());
114 $this->getLogger()->warning($e->getCode());
115 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
116 $status->setTranslatedReason($this->lng->txt("auth_oidc_failed"));
117 return false;
118 }
119 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthProviderOpenIdConnect\handleUpdate
handleUpdate(ilAuthStatus $status, $user_info)
Definition: class.ilAuthProviderOpenIdConnect.php:126
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:430
$token
$token
Definition: xapitoken.php:57

References $_GET, Vendor\Package\$e, ilAuthProvider\$status, $token, ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), handleUpdate(), ILIAS_HTTP_PATH, initClient(), ilOpenIdConnectSettings\LOGIN_ENFORCE, ilOpenIdConnectSettings\LOGOUT_SCOPE_GLOBAL, ilSession\set(), settings(), and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ handleLogout()

ilAuthProviderOpenIdConnect::handleLogout ( )

Handle logout event.

Definition at line 38 of file class.ilAuthProviderOpenIdConnect.php.

39 {
40 if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL) {
41 return false;
42 }
43
44 $auth_token = ilSession::get('oidc_auth_token');
45 $this->getLogger()->debug('Using token: ' . $auth_token);
46
47 if (strlen($auth_token)) {
48 ilSession::set('oidc_auth_token', '');
49 $oidc = $this->initClient();
50 $oidc->signOut(
51 $auth_token,
52 ILIAS_HTTP_PATH . '/logout.php'
53 );
54 }
55 }
ilSession\get
static get($a_var)
Get a value.
Definition: class.ilSession.php:441

References ilSession\get(), ilAuthProvider\getLogger(), ILIAS_HTTP_PATH, initClient(), ilOpenIdConnectSettings\LOGOUT_SCOPE_LOCAL, ilSession\set(), and settings().

+ Here is the call graph for this function:

◆ handleUpdate()

ilAuthProviderOpenIdConnect::handleUpdate ( ilAuthStatus  $status,
  $user_info 
)
private
Parameters
ilAuthStatus$status
array$user_info

Definition at line 126 of file class.ilAuthProviderOpenIdConnect.php.

127 {
128 if (!is_object($user_info)) {
129 $this->getLogger()->error('Received invalid user credentials: ');
130 $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
131 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
132 $status->setReason('err_wrong_login');
133 return false;
134 }
135
136 $uid_field = $this->settings->getUidField();
137 $ext_account = $user_info->$uid_field;
138
139 $this->getLogger()->debug('Authenticated external account: ' . $ext_account);
140
141
142 $int_account = ilObjUser::_checkExternalAuthAccount(
143 ilOpenIdConnectUserSync::AUTH_MODE,
144 $ext_account
145 );
146
147 try {
148 $sync = new ilOpenIdConnectUserSync($this->settings, $user_info);
149 if (!is_string($ext_account)) {
150 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
151 $status->setReason('err_wrong_login');
152 return $status;
153 }
154 $sync->setExternalAccount($ext_account);
155 $sync->setInternalAccount($int_account);
156 $sync->updateUser();
157
158 $user_id = $sync->getUserId();
159 ilSession::set('used_external_auth', true);
160 $status->setAuthenticatedUserId($user_id);
161 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
162
163 // @todo : provide a general solution for all authentication methods
164 $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
165 } catch (ilOpenIdConnectSyncForbiddenException $e) {
166 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
167 $status->setReason('err_wrong_login');
168 }
169
170 return $status;
171 }
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3600
ilOpenIdConnectUserSync
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectUserSync.php:11

References $_GET, Vendor\Package\$e, ilAuthProvider\$status, ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilOpenIdConnectUserSync\AUTH_MODE, ilLogLevel\ERROR, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilSession\set(), settings(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by doAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initClient()

ilAuthProviderOpenIdConnect::initClient ( )
private
Returns
OpenIDConnectClient

Definition at line 176 of file class.ilAuthProviderOpenIdConnect.php.

176 : OpenIDConnectClient
177 {
178 $oidc = new OpenIDConnectClient(
179 $this->settings->getProvider(),
180 $this->settings->getClientId(),
181 $this->settings->getSecret()
182 );
183 return $oidc;
184 }

References settings().

Referenced by doAuthentication(), and handleLogout().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $lng

ilAuthProviderOpenIdConnect::$lng = null
private

Definition at line 20 of file class.ilAuthProviderOpenIdConnect.php.

◆ $settings

ilAuthProviderOpenIdConnect::$settings = null
private

Definition at line 18 of file class.ilAuthProviderOpenIdConnect.php.

The documentation for this class was generated from the following file: