ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilAuthProviderCAS.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
5include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
6
13class ilAuthProviderCAS extends ilAuthProvider implements ilAuthProviderInterface
14{
18 private $settings = null;
19
24 public function __construct(ilAuthCredentials $credentials)
25 {
26 global $DIC;
27
28 parent::__construct($credentials);
29 include_once './Services/CAS/classes/class.ilCASSettings.php';
30 $this->settings = ilCASSettings::getInstance();
31 }
32
36 protected function getSettings()
37 {
38 return $this->settings;
39 }
40
44 public function doAuthentication(\ilAuthStatus $status)
45 {
46 include_once './Services/CAS/lib/CAS.php';
47 global $phpCAS;
48
49 $this->getLogger()->debug('Starting cas authentication attempt... ');
50
51 try {
52 phpCAS::setDebug(false);
53 phpCAS::setVerbose(true);
54 phpCAS::client(
55 CAS_VERSION_2_0,
56 $this->getSettings()->getServer(),
57 (int) $this->getSettings()->getPort(),
58 $this->getSettings()->getUri()
59 );
60
61 phpCAS::setNoCasServerValidation();
62 phpCAS::forceAuthentication();
63 } catch (Exception $e) {
64 $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
65 $this->handleAuthenticationFail($status, 'err_wrong_login');
66 return false;
67 }
68
69 if (!strlen(phpCAS::getUser())) {
70 return $this->handleAuthenticationFail($status, 'err_wrong_login');
71 }
72 $this->getCredentials()->setUsername(phpCAS::getUser());
73
74 // check and handle ldap data sources
75 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
76 if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
77 return $this->handleLDAPDataSource($status);
78 }
79
80 // Check account available
81 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
82 if (strlen($local_user)) {
83 $this->getLogger()->debug('CAS authentication successful.');
84 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
85 $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
86 return true;
87 }
88
89 if (!$this->getSettings()->isUserCreationEnabled()) {
90 $this->getLogger()->debug('User creation disabled. No valid local account found');
91 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
92 return false;
93 }
94
95
96 include_once './Services/CAS/classes/class.ilCASAttributeToUser.php';
97 $importer = new ilCASAttributeToUser($this->getSettings());
98 $new_name = $importer->create($this->getCredentials()->getUsername());
99
100 if (!strlen($new_name)) {
101 $this->getLogger()->debug('User creation failed.');
102 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
103 return false;
104 }
105
106 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107 $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
108 return true;
109 }
110
115 protected function handleLDAPDataSource(\ilAuthStatus $status)
116 {
117 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
118 $server = ilLDAPServer::getInstanceByServerId(
119 ilLDAPServer::getDataSource(AUTH_CAS)
120 );
121
122 $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());
123
124 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
125 $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
126 $sync->setExternalAccount($this->getCredentials()->getUsername());
127 $sync->setUserData(array());
128 $sync->forceCreation(true);
129
130 try {
131 $internal_account = $sync->sync();
132 } catch (UnexpectedValueException $e) {
133 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
134 $this->handleAuthenticationFail($status, 'err_wrong_login');
135 return false;
136 } catch (ilLDAPSynchronisationFailedException $e) {
137 $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
138 return false;
139 } catch (ilLDAPSynchronisationForbiddenException $e) {
140 // No syncronisation allowed => create Error
141 $this->getLogger()->warning('User creation disabled. No valid local account found');
142 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
143 return false;
144 } catch (ilLDAPAccountMigrationRequiredException $e) {
145
146 // No syncronisation allowed => create Error
147 $this->getLogger()->warning('User creation disabled. No valid local account found');
148 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
149 return false;
150 }
151 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
152 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
153 return true;
154 }
155}
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
ilAuthProviderCAS
CAS authentication provider.
Definition: class.ilAuthProviderCAS.php:14
ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(\ilAuthStatus $status)
Handle user data synchonization by ldap data source.
Definition: class.ilAuthProviderCAS.php:115
ilAuthProviderCAS\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.bool
Definition: class.ilAuthProviderCAS.php:44
ilAuthProviderCAS\__construct
__construct(ilAuthCredentials $credentials)
ilAuthProviderCAS constructor.
Definition: class.ilAuthProviderCAS.php:24
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:12
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:12
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:11
ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:40
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:324
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:308
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:11
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3600
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:831
$server
$server
Definition: dummy_client.php:12
phpCAS\getUser
static getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1199
phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1118
phpCAS\setNoCasServerValidation
static setNoCasServerValidation()
Set no SSL validation for the CAS server.
Definition: CAS.php:1663
phpCAS\setDebug
static setDebug($filename='')
Set/unset debug mode.
Definition: CAS.php:462
phpCAS\setVerbose
static setVerbose($verbose)
Enable verbose errors messages in the website output This is a security relevant since internal statu...
Definition: CAS.php:503
phpCAS\client
static client( $server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:345
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:12
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:12
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:30
settings
settings()
Definition: settings.php:2
$DIC
$DIC
Definition: xapitoken.php:46