static utility functions used to manage authentication modes More...

Collaboration diagram for ilAuthUtils:

Static Public Member Functions
static	isAuthenticationForced ()
	Check if authentication is should be forced. More...

static	handleForcedAuthentication ()

static	_getAuthMode ($a_auth_mode, $a_db_handler='')

static	_getAuthModeName ($a_auth_key)

static	_getActiveAuthModes ()

static	_getAllAuthModes ()

static	_generateLogin ($a_login)
	generate free login by starting with a default string and adding postfix numbers More...

static	_hasMultipleAuthenticationMethods ()

static	_getMultipleAuthModeOptions ($lng)

static	_isExternalAccountEnabled ()
	Check if an external account name is required. More...

static	_allowPasswordModificationByAuthMode ($a_auth_mode)
	Allow password modification. More...

static	_needsExternalAccountByAuthMode ($a_auth_mode)
	Check if chosen auth mode needs an external account entry. More...

static	isLocalPasswordEnabledForAuthMode ($a_authmode)
	Check if local password validation is enabled for a specific auth_mode. More...

static	isPasswordModificationEnabled ($a_authmode)
	Check if password modification is enabled. More...

static	supportsLocalPasswordValidation ($a_authmode)
	Check if local password validation is supported. More...

static	getAuthPlugins ()
	Get active enabled auth plugins. More...

static	getAuthModeTranslation ($a_auth_key, $auth_name='')

Data Fields
const	LOCAL_PWV_FULL = 1

const	LOCAL_PWV_NO = 2

const	LOCAL_PWV_USER = 3

Detailed Description

static utility functions used to manage authentication modes

Author: Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Version: $Id$

Definition at line 66 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode ( $a_auth_mode )

static

Allow password modification.

public

Parameters

int auth_mode

Definition at line 567 of file class.ilAuthUtils.php.

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

     {
         switch ((int) $a_auth_mode) {
             case AUTH_LDAP:
             case AUTH_RADIUS:
             case AUTH_ECS:
             case AUTH_PROVIDER_LTI:
             case AUTH_OPENID_CONNECT:
                 return false;
             default:
                 return true;
         }
     }

Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin ( $a_login )

static

generate free login by starting with a default string and adding postfix numbers

Definition at line 374 of file class.ilAuthUtils.php.

References $DIC, and $ilDB.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderLTI\createUser(), ilAuthProviderECS\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

     {
         global $DIC;
 
         $ilDB = $DIC['ilDB'];
         
         // Check if username already exists
         $found = false;
         $postfix = 0;
         $c_login = $a_login;
         while (!$found) {
             $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
                 $ilDB->quote($c_login));
             if ($r->numRows() > 0) {
                 $postfix++;
                 $c_login = $a_login . $postfix;
             } else {
                 $found = true;
             }
         }
         
         return $c_login;
     }

Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )

static

Definition at line 258 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilECSServerSettings\getInstance(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), ilObjUserGUI\getValues(), and ilUserTableGUI\initFilter().

     {
         global $DIC;
 
         $ilias = $DIC['ilias'];
         $ilSetting = $DIC['ilSetting'];
         
         $modes = array(
                         'default' => $ilSetting->get("auth_mode"),
                         'local' => AUTH_LOCAL
                         );
         include_once('Services/LDAP/classes/class.ilLDAPServer.php');
         foreach (ilLDAPServer::_getActiveServerList() as $sid) {
             $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
         }
         
         include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
         foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
             $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
         }
 
         if (ilOpenIdConnectSettings::getInstance()->getActive()) {
             $modes['oidc'] = AUTH_OPENID_CONNECT;
         }
 
         if ($ilSetting->get("radius_active")) {
             $modes['radius'] = AUTH_RADIUS;
         }
         if ($ilSetting->get("shib_active")) {
             $modes['shibboleth'] = AUTH_SHIBBOLETH;
         }
         if ($ilSetting->get("script_active")) {
             $modes['script'] = AUTH_SCRIPT;
         }
         if ($ilSetting->get("cas_active")) {
             $modes['cas'] = AUTH_CAS;
         }
         if ($ilSetting->get("soap_auth_active")) {
             $modes['soap'] = AUTH_SOAP;
         }
         if ($ilSetting->get("apache_active")) {
             $modes['apache'] = AUTH_APACHE;
         }
                 
         include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
         if (ilECSServerSettings::getInstance()->activeServerExists()) {
             $modes['ecs'] = AUTH_ECS;
         }
 
         require_once 'Services/Saml/classes/class.ilSamlIdp.php';
         foreach (ilSamlIdp::getActiveIdpList() as $idp) {
             $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
         }
 
         // begin-path auth_plugin
         foreach (self::getAuthPlugins() as $pl) {
             foreach ($pl->getAuthIds() as $auth_id) {
                 if ($pl->isAuthActive($auth_id)) {
                     $modes[$pl->getAuthName($auth_id)] = $auth_id;
                 }
             }
         }
         // end-path auth_plugin
         return $modes;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )

static

Definition at line 324 of file class.ilAuthUtils.php.

References $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

     {
         $modes = array(
             AUTH_LOCAL,
             AUTH_LDAP,
             AUTH_SHIBBOLETH,
             AUTH_SAML,
             AUTH_CAS,
             AUTH_SOAP,
             AUTH_RADIUS,
             AUTH_ECS,
             AUTH_PROVIDER_LTI,
             AUTH_OPENID_CONNECT,
             AUTH_APACHE
         );
         $ret = array();
         foreach ($modes as $mode) {
             if ($mode == AUTH_PROVIDER_LTI) {
                 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
                     $id = AUTH_PROVIDER_LTI . '_' . $sid;
                     $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                 }
                 continue;
             }
 
             // multi ldap implementation
             if ($mode == AUTH_LDAP) {
                 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
                     $id = AUTH_LDAP . '_' . $ldap_id;
                     $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                 }
                 continue;
             } elseif ($mode == AUTH_SAML) {
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 foreach (ilSamlIdp::getAllIdps() as $idp) {
                     $id = AUTH_SAML . '_' . $idp->getIdpId();
                     $ret[$id] = ilAuthUtils::_getAuthModeName($id);
                 }
                 continue;
             }
             $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
         }
         return $ret;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode	(	$a_auth_mode,
		$a_db_handler = `''`
	)

static

Definition at line 121 of file class.ilAuthUtils.php.

References $DIC, $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilLDAPServer\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

     {
         global $DIC;
 
         $ilDB = $DIC['ilDB'];
         $ilSetting = $DIC['ilSetting'];
 
         $db = &$ilDB;
         
         if ($a_db_handler != '') {
             $db = &$a_db_handler;
         }
 
         // begin-patch ldap_multiple
         if (strpos($a_auth_mode, '_') !== false) {
             $auth_arr = explode('_', $a_auth_mode);
             $auth_switch = $auth_arr[0];
         } else {
             $auth_switch = $a_auth_mode;
         }
         switch ($auth_switch) {
             case "local":
                 return AUTH_LOCAL;
                 break;
                 
             case "ldap":
                 // begin-patch ldap_multiple
                 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
                 // end-patch ldap_multiple
                 
             case 'lti':
                 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
                 
             case "radius":
                 return AUTH_RADIUS;
                 break;
                 
             case "script":
                 return AUTH_SCRIPT;
                 break;
                 
             case "shibboleth":
                 return AUTH_SHIBBOLETH;
                 break;
 
             case 'oidc':
                 return AUTH_OPENID_CONNECT;
                 break;
 
             case 'saml':
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
 
             case "cas":
                 return AUTH_CAS;
                 break;
 
             case "soap":
                 return AUTH_SOAP;
                 break;
                 
             case 'ecs':
                 return AUTH_ECS;
 
             case 'apache':
                 return AUTH_APACHE;
 
             default:
                 return $ilSetting->get("auth_mode");
                 break;
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName ( $a_auth_key )

static

Definition at line 196 of file class.ilAuthUtils.php.

References $DIC, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilLDAPServer\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilObjUserGUI\getValues(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

     {
         global $DIC;
 
         $ilias = $DIC['ilias'];
 
         // begin-patch ldap_multiple
         switch ((int) $a_auth_key) {
             case AUTH_LOCAL:
                 return "local";
                 break;
                 
             case AUTH_LDAP:
                 // begin-patch ldap_multiple
                 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                 return ilLDAPServer::getAuthModeByKey($a_auth_key);
                 // end-patch ldap_multiple
                 
             case AUTH_PROVIDER_LTI:
                 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
                 
             case AUTH_RADIUS:
                 return "radius";
                 break;
 
             case AUTH_CAS:
                 return "cas";
                 break;
 
             case AUTH_SCRIPT:
                 return "script";
                 break;
                 
             case AUTH_SHIBBOLETH:
                 return "shibboleth";
                 break;
 
             case AUTH_SAML:
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 return ilSamlIdp::getAuthModeByKey($a_auth_key);
 
             case AUTH_SOAP:
                 return "soap";
                 break;
                 
             case AUTH_ECS:
                 return 'ecs';
 
             case AUTH_APACHE:
                 return 'apache';
 
             case AUTH_OPENID_CONNECT:
                 return 'oidc';
                 break;
 
             default:
                 return "default";
                 break;
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions ( $lng )

static

Definition at line 434 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, $lng, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

     {
         global $DIC;
 
         $ilSetting = $DIC['ilSetting'];
         
         // in the moment only ldap is activated as additional authentication method
         include_once('Services/LDAP/classes/class.ilLDAPServer.php');
         
         $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
 
         
         // begin-patch ldap_multiple
         foreach (ilLDAPServer::_getActiveServerList() as $sid) {
             $server = ilLDAPServer::getInstanceByServerId($sid);
             $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
         }
         // end-patch ldap_multiple
         
         include_once('Services/Radius/classes/class.ilRadiusSettings.php');
         $rad_settings = ilRadiusSettings::_getInstance();
         if ($rad_settings->isActive()) {
             $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
         }
 
         if ($ilSetting->get('apache_active')) {
             global $DIC;
 
             $lng = $DIC['lng'];
             $apache_settings = new ilSetting('apache_auth');
             $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
             $options[AUTH_APACHE]['hide_in_ui'] = true;
         }
 
         if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
             $default = AUTH_LDAP;
         } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
             $default = AUTH_RADIUS;
         } else {
             $default = AUTH_LOCAL;
         }
         
         $default = $ilSetting->get('default_auth_mode', $default);
         $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
         
         
         // begin-patch auth_plugin
         $pls = ilAuthUtils::getAuthPlugins();
         foreach ($pls as $pl) {
             $auths = $pl->getAuthIds();
             foreach ($auths as $auth_id) {
                 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
                 if ($pl_auth_option) {
                     $options = $options + $pl_auth_option;
                 }
             }
         }
         // end-patch auth_plugins
 
         if (array_key_exists($default, $options)) {
             $options[$default]['checked'] = true;
         }
 
         return $options ? $options : array();
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )

static

Definition at line 398 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

     {
         include_once('Services/Radius/classes/class.ilRadiusSettings.php');
         
         $rad_settings = ilRadiusSettings::_getInstance();
         if ($rad_settings->isActive()) {
             return true;
         }
         include_once('Services/LDAP/classes/class.ilLDAPServer.php');
 
         if (count(ilLDAPServer::_getActiveServerList())) {
             return true;
         }
 
         global $DIC;
 
         $ilSetting = $DIC['ilSetting'];
 
         if ($ilSetting->get('apache_active')) {
             return true;
         }
         
         // begin-patch auth_plugin
         foreach (ilAuthUtils::getAuthPlugins() as $pl) {
             foreach ($pl->getAuthIds() as $auth_id) {
                 if ($pl->getMultipleAuthModeOptions($auth_id)) {
                     return true;
                 }
             }
         }
         // end-patch auth_plugin
         
         
         return false;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )

static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

public

Parameters

Definition at line 509 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\getValues(), and ilObjUserGUI\saveObject().

     {
         global $DIC;
 
         $ilSetting = $DIC['ilSetting'];
         
         if ($ilSetting->get("cas_active")) {
             return true;
         }
         if ($ilSetting->get("soap_auth_active")) {
             return true;
         }
         if ($ilSetting->get("shib_active")) {
             return true;
         }
         if ($ilSetting->get('radius_active')) {
             return true;
         }
         include_once('Services/LDAP/classes/class.ilLDAPServer.php');
         if (count(ilLDAPServer::_getActiveServerList())) {
             return true;
         }
         
         include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
         if (count(ilAuthProviderLTI::getActiveAuthModes())) {
             return true;
         }
         
         require_once 'Services/Saml/classes/class.ilSamlIdp.php';
         if (count(ilSamlIdp::getActiveIdpList()) > 0) {
             return true;
         }
 
         if (ilOpenIdConnectSettings::getInstance()->getActive()) {
             return true;
         }
 
         // begin-path auth_plugin
         foreach (self::getAuthPlugins() as $pl) {
             foreach ($pl->getAuthIds() as $auth_id) {
                 if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
                     return true;
                 }
             }
         }
         // end-path auth_plugin
         
         return false;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode ( $a_auth_mode )

static

Check if chosen auth mode needs an external account entry.

public

Parameters

int auth_mode

Definition at line 589 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

     {
         switch ($a_auth_mode) {
             case AUTH_LOCAL:
             case AUTH_APACHE:
                 return false;
             default:
                 return true;
         }
     }

Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation	(	$a_auth_key,
		$auth_name = `''`
	)

static

Parameters

string	$a_auth_key
string	$auth_name

Definition at line 771 of file class.ilAuthUtils.php.

References $DIC, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), ilObjUserGUI\getValues(), and ilUserTableGUI\initFilter().

     {
         global $DIC;
 
         $lng = $DIC['lng'];
         
         switch ((int) $a_auth_key) {
             case AUTH_LDAP:
                 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
                 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
                 $server = ilLDAPServer::getInstanceByServerId($sid);
                 return $server->getName();
                 
             case AUTH_PROVIDER_LTI:
                 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
                 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
                 return ilAuthProviderLTI::lookupConsumer($sid);
                 
 
             case AUTH_SAML:
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
                 $idp = ilSamlIdp::getInstanceByIdpId($idp_id);
                 return $idp->getEntityId();
 
             default:
                 $lng->loadLanguageModule('auth');
                 if (!empty($auth_name)) {
                     return $lng->txt('auth_' . $auth_name);
                 } else {
                 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
         }
     }
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )

static

Get active enabled auth plugins.

Returns: ilAuthDefinition

Definition at line 747 of file class.ilAuthUtils.php.

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

     {
         $pls = $GLOBALS['DIC']['ilPluginAdmin']->getActivePluginsForSlot(
             IL_COMP_SERVICE,
             'Authentication',
             'authhk'
         );
         $pl_objs = array();
         foreach ($pls as $pl) {
             $pl_objs[] = $GLOBALS['DIC']['ilPluginAdmin']->getPluginObject(
                 IL_COMP_SERVICE,
                 'Authentication',
                 'authhk',
                 $pl
             );
         }
         return $pl_objs;
     }

Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )

static

Definition at line 83 of file class.ilAuthUtils.php.

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

     {
         if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
             include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
             $credentials = new ilAuthFrontendCredentials();
             $credentials->setUsername($_GET['ecs_login']);
             $credentials->setAuthMode(AUTH_ECS);
             
             include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
             $provider_factory = new ilAuthProviderFactory();
             $providers = $provider_factory->getProviders($credentials);
             
             include_once './Services/Authentication/classes/class.ilAuthStatus.php';
             $status = ilAuthStatus::getInstance();
             
             include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
             $frontend_factory = new ilAuthFrontendFactory();
             $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
             $frontend = $frontend_factory->getFrontend(
                 $GLOBALS['DIC']['ilAuthSession'],
                 $status,
                 $credentials,
                 $providers
             );
             
             $frontend->authenticate();
             
             switch ($status->getStatus()) {
                 case ilAuthStatus::STATUS_AUTHENTICATED:
                     return;
                     
                 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
                     ilInitialisation::goToPublicSection();
                     return;
             }
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )

static

Check if authentication is should be forced.

Definition at line 75 of file class.ilAuthUtils.php.

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

     {
         if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
             return true;
         }
         return false;
     }

Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode ( $a_authmode )

static

Check if local password validation is enabled for a specific auth_mode.

Parameters

int $a_authmode

Returns: bool

Definition at line 622 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

     {
         global $DIC;
 
         $ilSetting = $DIC->settings();
 
         switch ((int) $a_authmode) {
             // always enabled
             case AUTH_LOCAL:
             case AUTH_APACHE:
                 return true;
 
             // No local passwords for these auth modes
             case AUTH_LDAP:
             case AUTH_RADIUS:
             case AUTH_ECS:
             case AUTH_SCRIPT:
             case AUTH_PROVIDER_LTI:
             case AUTH_OPENID_CONNECT:
                 return false;
 
             case AUTH_SAML:
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
                 return $idp->isActive() && $idp->allowLocalAuthentication();
 
             case AUTH_SHIBBOLETH:
                 return $ilSetting->get("shib_auth_allow_local");
             case AUTH_SOAP:
                 return $ilSetting->get("soap_auth_allow_local");
             case AUTH_CAS:
                 return $ilSetting->get("cas_allow_local");
 
         }
         return false;
     }

Here is the call graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled ( $a_authmode )

static

Check if password modification is enabled.

Parameters

int $a_authmode

Returns: bool

Definition at line 666 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

     {
         global $DIC;
 
         $ilSetting = $DIC['ilSetting'];
 
         if (self::isPasswordModificationHidden()) {
             return false;
         }
         
         // begin-patch ldap_multiple
         // cast to int
         switch ((int) $a_authmode) {
             // No local passwords for these auth modes
             case AUTH_LDAP:
             case AUTH_RADIUS:
             case AUTH_ECS:
             case AUTH_SCRIPT:
             case AUTH_PROVIDER_LTI:
             case AUTH_OPENID_CONNECT:
                 return false;
 
             case AUTH_SAML:
                 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
                 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
                 return $idp->isActive() && $idp->allowLocalAuthentication();
             
             // Always for and local
             case AUTH_LOCAL:
             case AUTH_APACHE:
                 return true;
 
             // Read setting:
             case AUTH_SHIBBOLETH:
                 return $ilSetting->get("shib_auth_allow_local");
             case AUTH_SOAP:
                 return $ilSetting->get("soap_auth_allow_local");
             case AUTH_CAS:
                 return $ilSetting->get("cas_allow_local");
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation ( $a_authmode )

static

Check if local password validation is supported.

Parameters

object $a_authmode

Returns

Definition at line 713 of file class.ilAuthUtils.php.

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired().

     {
         // begin-patch ldap_multiple
         // cast to int
         switch ((int) $a_authmode) {
             case AUTH_LDAP:
             case AUTH_LOCAL:
             case AUTH_RADIUS:
                 return ilAuthUtils::LOCAL_PWV_FULL;
             
             case AUTH_SHIBBOLETH:
             case AUTH_OPENID_CONNECT:
             case AUTH_SAML:
             case AUTH_SOAP:
             case AUTH_CAS:
                 if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
                     return ilAuthUtils::LOCAL_PWV_NO;
                 }
                 return ilAuthUtils::LOCAL_PWV_USER;
                 
             case AUTH_PROVIDER_LTI:
             case AUTH_ECS:
             case AUTH_SCRIPT:
             case AUTH_APACHE:
             default:
                 return ilAuthUtils::LOCAL_PWV_USER;
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 68 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 69 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file:

Services/Authentication/classes/class.ilAuthUtils.php

Static Public Member Functions

Data Fields

Detailed Description

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

◆ _generateLogin()

◆ _getActiveAuthModes()

◆ _getAllAuthModes()

◆ _getAuthMode()

◆ _getAuthModeName()

◆ _getMultipleAuthModeOptions()

◆ _hasMultipleAuthenticationMethods()

◆ _isExternalAccountEnabled()

◆ _needsExternalAccountByAuthMode()

◆ getAuthModeTranslation()

◆ getAuthPlugins()

◆ handleForcedAuthentication()

◆ isAuthenticationForced()

◆ isLocalPasswordEnabledForAuthMode()

◆ isPasswordModificationEnabled()

◆ supportsLocalPasswordValidation()

Field Documentation

◆ LOCAL_PWV_FULL

◆ LOCAL_PWV_NO

◆ LOCAL_PWV_USER