ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilSamlIdp.php
Go to the documentation of this file.
1 <?php declare(strict_types=1);
2 /* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
8 class ilSamlIdp
9 {
11  protected $db;
13  private static $instances = [];
15  protected $idp_id;
17  protected $is_active = false;
19  protected $allow_local_auth = false;
21  protected $default_role_id = 0;
23  protected $uid_claim = '';
25  protected $login_claim = '';
27  protected $sync_status = false;
29  protected $entity_id = '';
31  protected $account_migration_status = false;
33  protected static $idp_as_data = [];
34 
38  public function __construct(int $a_idp_id = 0)
39  {
40  $this->db = $GLOBALS['DIC']->database();
41  $this->idp_id = $a_idp_id;
42 
43  if ($this->idp_id > 0) {
44  $this->read();
45  }
46  }
47 
52  public static function getFirstActiveIdp() : self
53  {
54  $idps = self::getActiveIdpList();
55  if (count($idps) > 0) {
56  return current($idps);
57  }
58 
59  throw new ilSamlException('No active SAML IDP found');
60  }
61 
66  public static function getInstanceByIdpId(int $a_idp_id) : self
67  {
68  if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
69  self::$instances[$a_idp_id] = new self($a_idp_id);
70  }
71 
72  return self::$instances[$a_idp_id];
73  }
74 
78  private function read() : void
79  {
80  $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
81  $res = $this->db->query($query);
82  while ($record = $this->db->fetchAssoc($res)) {
83  $this->bindDbRecord($record);
84  return;
85  }
86 
87  throw new ilException('Could not find idp');
88  }
89 
93  public function persist() : void
94  {
95  if (!$this->getIdpId()) {
96  $this->setIdpId((int) $this->db->nextId('saml_idp_settings'));
97  }
98 
99  $this->db->replace(
100  'saml_idp_settings',
101  [
102  'idp_id' => ['integer', $this->getIdpId()]
103  ],
104  [
105  'is_active' => ['integer', (int) $this->isActive()],
106  'default_role_id' => ['integer', $this->getDefaultRoleId()],
107  'uid_claim' => ['text', $this->getUidClaim()],
108  'login_claim' => ['text', $this->getLoginClaim()],
109  'entity_id' => ['text', $this->getEntityId()],
110  'sync_status' => ['integer', (int) $this->isSynchronizationEnabled()],
111  'allow_local_auth' => ['integer', (int) $this->allowLocalAuthentication()],
112  'account_migr_status' => ['integer', (int) $this->isAccountMigrationEnabled()]
113  ]
114  );
115  }
116 
120  public function delete() : void
121  {
122  $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
123  $mapping->delete();
124 
125  $this->db->manipulateF(
126  'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
127  array('text', 'text'),
128  array('default', AUTH_SAML . '_' . $this->getIdpId())
129  );
130 
131  $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote(
132  $this->getIdpId(),
133  'integer'
134  ));
135  }
136 
140  public function toArray() : array
141  {
142  return [
143  'idp_id' => $this->getIdpId(),
144  'is_active' => $this->isActive(),
145  'default_role_id' => $this->getDefaultRoleId(),
146  'uid_claim' => $this->getUidClaim(),
147  'login_claim' => $this->getLoginClaim(),
148  'sync_status' => $this->isSynchronizationEnabled(),
149  'account_migr_status' => $this->isAccountMigrationEnabled(),
150  'allow_local_auth' => $this->allowLocalAuthentication(),
151  'entity_id' => $this->getEntityId()
152  ];
153  }
154 
158  public function bindDbRecord(array $record) : void
159  {
160  $this->setIdpId((int) $record['idp_id']);
161  $this->setActive((bool) $record['is_active']);
162  $this->setDefaultRoleId((int) $record['default_role_id']);
163  $this->setUidClaim((string) $record['uid_claim']);
164  $this->setLoginClaim((string) $record['login_claim']);
165  $this->setSynchronizationStatus((bool) $record['sync_status']);
166  $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
167  $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
168  $this->setEntityId((string) $record['entity_id']);
169  }
170 
174  public function bindForm(ilPropertyFormGUI $form)
175  {
176  $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
177  $this->setUidClaim((string) $form->getInput('uid_claim'));
178  $this->setLoginClaim((string) $form->getInput('login_claim'));
179  $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
180  $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
181  $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
182 
186  $metadata = $form->getItemByPostVar('metadata');
187  $this->setEntityId((string) $metadata->getIdpMetadataParser()->getEntityId());
188  }
189 
194  public static function isAuthModeSaml(string $a_auth_mode) : bool
195  {
196  if (!$a_auth_mode) {
197  $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
198  return false;
199  }
200 
201  $auth_arr = explode('_', $a_auth_mode);
202  return (
203  count($auth_arr) === 2 &&
204  (int) $auth_arr[0] === (int) AUTH_SAML &&
205  strlen($auth_arr[1]) > 0
206  );
207  }
208 
213  public static function getIdpIdByAuthMode(string $a_auth_mode) : ?int
214  {
215  if (self::isAuthModeSaml($a_auth_mode)) {
216  $auth_arr = explode('_', $a_auth_mode);
217  return (int) $auth_arr[1];
218  }
219 
220  return null;
221  }
222 
227  public static function geIdpIdByEntityId($entityId)
228  {
229  foreach (self::getAllIdps() as $idp) {
230  if ($idp->isActive() && $idp->getEntityId() === $entityId) {
231  return $idp->getIdpId();
232  }
233  }
234 
235  return 0;
236  }
237 
241  public static function getActiveIdpList() : array
242  {
243  $idps = [];
244 
245  foreach (self::getAllIdps() as $idp) {
246  if ($idp->isActive()) {
247  $idps[] = $idp;
248  }
249  }
250 
251  return $idps;
252  }
253 
257  public static function getAllIdps() : array
258  {
259  global $DIC;
260 
261  $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
262 
263  $idps = [];
264  while ($row = $DIC->database()->fetchAssoc($res)) {
265  $idp = new self();
266  $idp->bindDbRecord($row);
267 
268  $idps[] = $idp;
269  }
270 
271  return $idps;
272  }
273 
278  public static function getAuthModeByKey(string $a_auth_key) : string
279  {
280  $auth_arr = explode('_', $a_auth_key);
281  if (count((array) $auth_arr) > 1) {
282  return 'saml_' . $auth_arr[1];
283  }
284 
285  return 'saml';
286  }
287 
292  public static function getKeyByAuthMode(string $a_auth_mode) : string
293  {
294  $auth_arr = explode('_', $a_auth_mode);
295  if (count((array) $auth_arr) > 1) {
296  return AUTH_SAML . '_' . $auth_arr[1];
297  }
298 
299  return (string) AUTH_SAML;
300  }
301 
305  public function getEntityId() : string
306  {
307  return $this->entity_id;
308  }
309 
313  public function setEntityId(string $entity_id) : void
314  {
315  $this->entity_id = $entity_id;
316  }
317 
321  public function isActive() : bool
322  {
323  return $this->is_active;
324  }
325 
329  public function setActive(bool $is_active) : void
330  {
331  $this->is_active = $is_active;
332  }
333 
337  public function getIdpId() : int
338  {
339  return $this->idp_id;
340  }
341 
345  public function setIdpId(int $idp_id) : void
346  {
347  $this->idp_id = $idp_id;
348  }
349 
353  public function allowLocalAuthentication() : bool
354  {
355  return $this->allow_local_auth;
356  }
357 
361  public function setLocalLocalAuthenticationStatus(bool $status) : void
362  {
363  $this->allow_local_auth = $status;
364  }
365 
369  public function getDefaultRoleId() : int
370  {
371  return $this->default_role_id;
372  }
373 
377  public function setDefaultRoleId(int $role_id) : void
378  {
379  $this->default_role_id = $role_id;
380  }
381 
385  public function setUidClaim(string $claim) : void
386  {
387  $this->uid_claim = $claim;
388  }
389 
393  public function getUidClaim() : string
394  {
395  return $this->uid_claim;
396  }
397 
401  public function setLoginClaim(string $claim) : void
402  {
403  $this->login_claim = $claim;
404  }
405 
409  public function getLoginClaim() : string
410  {
411  return $this->login_claim;
412  }
413 
417  public function isSynchronizationEnabled() : bool
418  {
419  return $this->sync_status;
420  }
421 
425  public function setSynchronizationStatus(bool $sync) : void
426  {
427  $this->sync_status = $sync;
428  }
429 
433  public function isAccountMigrationEnabled() : bool
434  {
435  return $this->account_migration_status;
436  }
437 
441  public function setAccountMigrationStatus(bool $status) : void
442  {
443  $this->account_migration_status = $status;
444  }
445 }
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:158
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId($entityId)
Definition: class.ilSamlIdp.php:227
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:194
ilSamlException
Class ilSamlException.
Definition: class.ilSamlException.php:7
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar($a_post_var)
Get Item by POST variable.
Definition: class.ilPropertyFormGUI.php:356
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
ilSamlIdp\setActive
setActive(bool $is_active)
Definition: class.ilSamlIdp.php:329
ilSamlIdp\setDefaultRoleId
setDefaultRoleId(int $role_id)
Definition: class.ilSamlIdp.php:377
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:20
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:213
ilSamlIdp\setEntityId
setEntityId(string $entity_id)
Definition: class.ilSamlIdp.php:313
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus(bool $status)
Definition: class.ilSamlIdp.php:361
ilSamlIdp\setUidClaim
setUidClaim(string $claim)
Definition: class.ilSamlIdp.php:385
ilExternalAuthUserAttributeMapping
Class ilExternalAuthUserAttributeMapping.
Definition: class.ilExternalAuthUserAttributeMapping.php:10
ilSamlIdp\setLoginClaim
setLoginClaim(string $claim)
Definition: class.ilSamlIdp.php:401
ilSamlIdp\$instances
static $instances
Definition: class.ilSamlIdp.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilSamlIdp\__construct
__construct(int $a_idp_id=0)
Definition: class.ilSamlIdp.php:38
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ilPropertyFormGUI\getInput
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Definition: class.ilPropertyFormGUI.php:580
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:257
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:292
ilSamlIdp\$idp_as_data
static $idp_as_data
Definition: class.ilSamlIdp.php:33
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:8
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus(bool $status)
Definition: class.ilSamlIdp.php:441
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:278
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:433
$DIC
$DIC
Definition: xapitoken.php:46
ilSamlIdp\setIdpId
setIdpId(int $idp_id)
Definition: class.ilSamlIdp.php:345
$entityId
if($source===null) if(!($source instanceof SP)) $entityId
Definition: metadata.php:88
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:353
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:241
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:417
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus(bool $sync)
Definition: class.ilSamlIdp.php:425
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:52