ilAuthProviderOpenIdConnect Class Reference

Class ilAuthProviderOpenIdConnect. More...

Inheritance diagram for ilAuthProviderOpenIdConnect:

Collaboration diagram for ilAuthProviderOpenIdConnect:

Public Member Functions
	__construct (ilAuthCredentials $credentials)
	ilAuthProviderOpenIdConnect constructor. More...
	handleLogout ()
	Handle logout event. More...
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...
Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...
	getLogger ()
	Get logger. More...
	getCredentials ()

Private Member Functions
	handleUpdate (ilAuthStatus $status, $user_info)
	initClient ()

Private Attributes
	$settings = null
	$lng = null

Additional Inherited Members
Data Fields inherited from ilAuthProvider
const	STATUS_UNDEFINED = 0
const	STATUS_AUTHENTICATION_SUCCESS = 1
const	STATUS_AUTHENTICATION_FAILED = 2
const	STATUS_MIGRATION = 3
Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, $a_reason)
	Handle failed authentication. More...

Detailed Description

Class ilAuthProviderOpenIdConnect.

Author

Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 13 of file class.ilAuthProviderOpenIdConnect.php.

Constructor & Destructor Documentation

__construct()

ilAuthProviderOpenIdConnect::__construct

(

ilAuthCredentials

$credentials

)

ilAuthProviderOpenIdConnect constructor.

Parameters

ilAuthCredentials

$credentials

Definition at line 27 of file class.ilAuthProviderOpenIdConnect.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilOpenIdConnectSettings\getInstance(), and settings().

    {
        global $DIC;
        parent::__construct($credentials);
        $this->settings = ilOpenIdConnectSettings::getInstance();
        $this->lng = $DIC->language();
    }

Here is the call graph for this function:

Member Function Documentation

doAuthentication()

ilAuthProviderOpenIdConnect::doAuthentication

(

\ilAuthStatus

$status

)

Do authentication.

Parameters

\ilAuthStatus

$status

Authentication status

Returns

bool

Implements ilAuthProviderInterface.

Definition at line 62 of file class.ilAuthProviderOpenIdConnect.php.

References $_GET, Vendor\Package\$e, $token, ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), handleUpdate(), ILIAS_HTTP_PATH, initClient(), ilOpenIdConnectSettings\LOGIN_ENFORCE, ilOpenIdConnectSettings\LOGOUT_SCOPE_GLOBAL, ilSession\set(), ilAuthStatus\setStatus(), settings(), ilAuthStatus\setTranslatedReason(), and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

    {
        try {
            $oidc = $this->initClient();
            $oidc->setRedirectURL(ILIAS_HTTP_PATH . '/openidconnect.php');

            $this->getLogger()->debug(
                'Redirect url is: ' .
                $oidc->getRedirectURL()
            );

            $oidc->setResponseTypes(
                [
                    'id_token'
                ]
            );
            $oidc->addScope(
                [
                    'openid',
                    'profile',
                    'email',
                    'roles'
                ]
            );


            $oidc->addAuthParam(['response_mode' => 'form_post']);
            switch ($this->settings->getLoginPromptType()) {
                case ilOpenIdConnectSettings::LOGIN_ENFORCE:
                    $oidc->addAuthParam(['prompt' => 'login']);
                    break;
            }
            $oidc->setAllowImplicitFlow(true);

            $oidc->authenticate();
            // user is authenticated, otherwise redirected to authorization endpoint or exception
            $this->getLogger()->dump($_REQUEST, \ilLogLevel::DEBUG);

            $claims = $oidc->getVerifiedClaims(null);
            $this->getLogger()->dump($claims, \ilLogLevel::DEBUG);
            $status = $this->handleUpdate($status, $claims);

            // @todo : provide a general solution for all authentication methods
            $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();

            if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
                $token = $oidc->requestClientCredentialsToken();
                ilSession::set('oidc_auth_token', $token->access_token);
            }
            return true;
        } catch (Exception $e) {
            $this->getLogger()->warning($e->getMessage());
            $this->getLogger()->warning($e->getCode());
            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
            $status->setTranslatedReason($this->lng->txt("auth_oidc_failed"));
            return false;
        }
    }

Here is the call graph for this function:

handleLogout()

ilAuthProviderOpenIdConnect::handleLogout

(

)

Handle logout event.

Definition at line 38 of file class.ilAuthProviderOpenIdConnect.php.

References ilSession\get(), ilAuthProvider\getLogger(), ILIAS_HTTP_PATH, initClient(), ilOpenIdConnectSettings\LOGOUT_SCOPE_LOCAL, ilSession\set(), and settings().

    {
        if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL) {
            return false;
        }

        $auth_token = ilSession::get('oidc_auth_token');
        $this->getLogger()->debug('Using token: ' . $auth_token);

        if (strlen($auth_token)) {
            ilSession::set('oidc_auth_token', '');
            $oidc = $this->initClient();
            $oidc->signOut(
                $auth_token,
                ILIAS_HTTP_PATH . '/logout.php'
            );
        }
    }

Here is the call graph for this function:

handleUpdate()

ilAuthProviderOpenIdConnect::handleUpdate ( ilAuthStatus  $status,   $user_info  )

private

Parameters

ilAuthStatus	$status
array	$user_info

Definition at line 126 of file class.ilAuthProviderOpenIdConnect.php.

References $_GET, Vendor\Package\$e, ilAuthProvider\$status, ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilOpenIdConnectUserSync\AUTH_MODE, ilLogLevel\ERROR, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setReason(), ilAuthStatus\setStatus(), settings(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by doAuthentication().

    {
        if (!is_object($user_info)) {
            $this->getLogger()->error('Received invalid user credentials: ');
            $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
            $status->setReason('err_wrong_login');
            return false;
        }

        $uid_field = $this->settings->getUidField();
        $ext_account = $user_info->$uid_field;

        $this->getLogger()->debug('Authenticated external account: ' . $ext_account);


        $int_account = ilObjUser::_checkExternalAuthAccount(
            ilOpenIdConnectUserSync::AUTH_MODE,
            $ext_account
        );

        try {
            $sync = new ilOpenIdConnectUserSync($this->settings, $user_info);
            if (!is_string($ext_account)) {
                $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
                $status->setReason('err_wrong_login');
                return $status;
            }
            $sync->setExternalAccount($ext_account);
            $sync->setInternalAccount($int_account);
            $sync->updateUser();

            $user_id = $sync->getUserId();
            ilSession::set('used_external_auth', true);
            $status->setAuthenticatedUserId($user_id);
            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);

            // @todo : provide a general solution for all authentication methods
            $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
        } catch (ilOpenIdConnectSyncForbiddenException $e) {
            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
            $status->setReason('err_wrong_login');
        }

        return $status;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

initClient()

ilAuthProviderOpenIdConnect::initClient ( )

private

Returns

OpenIDConnectClient

Definition at line 176 of file class.ilAuthProviderOpenIdConnect.php.

References settings().

Referenced by doAuthentication(), and handleLogout().

                                  : OpenIDConnectClient
    {
        $oidc = new OpenIDConnectClient(
            $this->settings->getProvider(),
            $this->settings->getClientId(),
            $this->settings->getSecret()
        );
        return $oidc;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

$lng

ilAuthProviderOpenIdConnect::$lng = null

private

Definition at line 20 of file class.ilAuthProviderOpenIdConnect.php.

$settings

ilAuthProviderOpenIdConnect::$settings = null

private

Definition at line 18 of file class.ilAuthProviderOpenIdConnect.php.

---

The documentation for this class was generated from the following file:

• Services/OpenIdConnect/classes/class.ilAuthProviderOpenIdConnect.php