ILIAS  release_7 Revision v7.30-3-g800a261c036
Static Public Member Functions | Data Fields
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthMode ($a_auth_mode, $a_db_handler='')
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin ($a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions ($lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation ($a_auth_key, $auth_name='')
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 66 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

@access public

Parameters
intauth_mode

Definition at line 567 of file class.ilAuthUtils.php.

568 {
569 switch ((int) $a_auth_mode) {
570 case AUTH_LDAP:
571 case AUTH_RADIUS:
572 case AUTH_ECS:
573 case AUTH_PROVIDER_LTI:
574 case AUTH_OPENID_CONNECT:
575 return false;
576 default:
577 return true;
578 }
579 }
AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:20
AUTH_ECS
const AUTH_ECS
Definition: class.ilAuthUtils.php:15
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
AUTH_RADIUS
const AUTH_RADIUS
Definition: class.ilAuthUtils.php:9
AUTH_PROVIDER_LTI
const AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:28

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, and AUTH_RADIUS.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\updateObject().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin (   $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 374 of file class.ilAuthUtils.php.

375 {
376 global $DIC;
377
378 $ilDB = $DIC['ilDB'];
379
380 // Check if username already exists
381 $found = false;
382 $postfix = 0;
383 $c_login = $a_login;
384 while (!$found) {
385 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
386 $ilDB->quote($c_login));
387 if ($r->numRows() > 0) {
388 $postfix++;
389 $c_login = $a_login . $postfix;
390 } else {
391 $found = true;
392 }
393 }
394
395 return $c_login;
396 }
$DIC
global $DIC
Definition: goto.php:24
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $DIC, and $ilDB.

Referenced by ilCASAttributeToUser\create(), ilRadiusAttributeToUser\create(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static

Definition at line 258 of file class.ilAuthUtils.php.

259 {
260 global $DIC;
261
262 $ilias = $DIC['ilias'];
263 $ilSetting = $DIC['ilSetting'];
264
265 $modes = array(
266 'default' => $ilSetting->get("auth_mode"),
267 'local' => AUTH_LOCAL
268 );
269 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
270 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
271 $modes['ldap_' . $sid] = (AUTH_LDAP . '_' . $sid);
272 }
273
274 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
275 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
276 $modes['lti_' . $sid] = (AUTH_PROVIDER_LTI . '_' . $sid);
277 }
278
279 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
280 $modes['oidc'] = AUTH_OPENID_CONNECT;
281 }
282
283 if ($ilSetting->get("radius_active")) {
284 $modes['radius'] = AUTH_RADIUS;
285 }
286 if ($ilSetting->get("shib_active")) {
287 $modes['shibboleth'] = AUTH_SHIBBOLETH;
288 }
289 if ($ilSetting->get("script_active")) {
290 $modes['script'] = AUTH_SCRIPT;
291 }
292 if ($ilSetting->get("cas_active")) {
293 $modes['cas'] = AUTH_CAS;
294 }
295 if ($ilSetting->get("soap_auth_active")) {
296 $modes['soap'] = AUTH_SOAP;
297 }
298 if ($ilSetting->get("apache_active")) {
299 $modes['apache'] = AUTH_APACHE;
300 }
301
302 include_once './Services/WebServices/ECS/classes/class.ilECSServerSettings.php';
303 if (ilECSServerSettings::getInstance()->activeServerExists()) {
304 $modes['ecs'] = AUTH_ECS;
305 }
306
307 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
308 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
309 $modes['saml_' . $idp->getIdpId()] = AUTH_SAML . '_' . $idp->getIdpId();
310 }
311
312 // begin-path auth_plugin
313 foreach (self::getAuthPlugins() as $pl) {
314 foreach ($pl->getAuthIds() as $auth_id) {
315 if ($pl->isAuthActive($auth_id)) {
316 $modes[$pl->getAuthName($auth_id)] = $auth_id;
317 }
318 }
319 }
320 // end-path auth_plugin
321 return $modes;
322 }
AUTH_SHIBBOLETH
const AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:11
AUTH_APACHE
const AUTH_APACHE
Definition: class.ilAuthUtils.php:17
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:18
AUTH_LOCAL
const AUTH_LOCAL
Definition: class.ilAuthUtils.php:7
AUTH_SCRIPT
const AUTH_SCRIPT
Definition: class.ilAuthUtils.php:10
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
AUTH_SOAP
const AUTH_SOAP
Definition: class.ilAuthUtils.php:13
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:54
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:109
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:163
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:241
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilOpenIdConnectSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjAuthSettingsGUI\authSettingsObject(), ilSoapAdministration\getNIC(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static

Definition at line 324 of file class.ilAuthUtils.php.

325 {
326 $modes = array(
327 AUTH_LOCAL,
328 AUTH_LDAP,
329 AUTH_SHIBBOLETH,
330 AUTH_SAML,
331 AUTH_CAS,
332 AUTH_SOAP,
333 AUTH_RADIUS,
334 AUTH_ECS,
335 AUTH_PROVIDER_LTI,
336 AUTH_OPENID_CONNECT,
337 AUTH_APACHE
338 );
339 $ret = array();
340 foreach ($modes as $mode) {
341 if ($mode == AUTH_PROVIDER_LTI) {
342 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
343 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
344 $id = AUTH_PROVIDER_LTI . '_' . $sid;
345 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
346 }
347 continue;
348 }
349
350 // multi ldap implementation
351 if ($mode == AUTH_LDAP) {
352 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
353 $id = AUTH_LDAP . '_' . $ldap_id;
354 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
355 }
356 continue;
357 } elseif ($mode == AUTH_SAML) {
358 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
359 foreach (ilSamlIdp::getAllIdps() as $idp) {
360 $id = AUTH_SAML . '_' . $idp->getIdpId();
361 $ret[$id] = ilAuthUtils::_getAuthModeName($id);
362 }
363 continue;
364 }
365 $ret[$mode] = ilAuthUtils::_getAuthModeName($mode);
366 }
367 return $ret;
368 }
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:196
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:206
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:257
$ret
$ret
Definition: parser.php:6

References $ret, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode (   $a_auth_mode,
  $a_db_handler = '' 
)
static

Definition at line 121 of file class.ilAuthUtils.php.

122 {
123 global $DIC;
124
125 $ilDB = $DIC['ilDB'];
126 $ilSetting = $DIC['ilSetting'];
127
128 $db = &$ilDB;
129
130 if ($a_db_handler != '') {
131 $db = &$a_db_handler;
132 }
133
134 // begin-patch ldap_multiple
135 if (strpos($a_auth_mode, '_') !== false) {
136 $auth_arr = explode('_', $a_auth_mode);
137 $auth_switch = $auth_arr[0];
138 } else {
139 $auth_switch = $a_auth_mode;
140 }
141 switch ($auth_switch) {
142 case "local":
143 return AUTH_LOCAL;
144 break;
145
146 case "ldap":
147 // begin-patch ldap_multiple
148 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
149 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
150 // end-patch ldap_multiple
151
152 case 'lti':
153 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
154 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
155
156 case "radius":
157 return AUTH_RADIUS;
158 break;
159
160 case "script":
161 return AUTH_SCRIPT;
162 break;
163
164 case "shibboleth":
165 return AUTH_SHIBBOLETH;
166 break;
167
168 case 'oidc':
169 return AUTH_OPENID_CONNECT;
170 break;
171
172 case 'saml':
173 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
174 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
175
176 case "cas":
177 return AUTH_CAS;
178 break;
179
180 case "soap":
181 return AUTH_SOAP;
182 break;
183
184 case 'ecs':
185 return AUTH_ECS;
186
187 case 'apache':
188 return AUTH_APACHE;
189
190 default:
191 return $ilSetting->get("auth_mode");
192 break;
193 }
194 }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:377
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:292

References $DIC, $ilDB, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_RADIUS, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static

Definition at line 196 of file class.ilAuthUtils.php.

197 {
198 global $DIC;
199
200 $ilias = $DIC['ilias'];
201
202 // begin-patch ldap_multiple
203 switch ((int) $a_auth_key) {
204 case AUTH_LOCAL:
205 return "local";
206 break;
207
208 case AUTH_LDAP:
209 // begin-patch ldap_multiple
210 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
211 return ilLDAPServer::getAuthModeByKey($a_auth_key);
212 // end-patch ldap_multiple
213
214 case AUTH_PROVIDER_LTI:
215 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
216 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
217
218 case AUTH_RADIUS:
219 return "radius";
220 break;
221
222 case AUTH_CAS:
223 return "cas";
224 break;
225
226 case AUTH_SCRIPT:
227 return "script";
228 break;
229
230 case AUTH_SHIBBOLETH:
231 return "shibboleth";
232 break;
233
234 case AUTH_SAML:
235 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
236 return ilSamlIdp::getAuthModeByKey($a_auth_key);
237
238 case AUTH_SOAP:
239 return "soap";
240 break;
241
242 case AUTH_ECS:
243 return 'ecs';
244
245 case AUTH_APACHE:
246 return 'apache';
247
248 case AUTH_OPENID_CONNECT:
249 return 'oidc';
250 break;
251
252 default:
253 return "default";
254 break;
255 }
256 }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:363
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:413
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:278

References $DIC, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by ilSoapInstallationInfoXMLWriter\__buildClient(), ilObjUser\_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilECSMappingUtils\getAuthModeSelection(), ilSoapAdministration\getNIC(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions (   $lng)
static

Definition at line 434 of file class.ilAuthUtils.php.

435 {
436 global $DIC;
437
438 $ilSetting = $DIC['ilSetting'];
439
440 // in the moment only ldap is activated as additional authentication method
441 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
442
443 $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
444
445
446 // begin-patch ldap_multiple
447 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
448 $server = ilLDAPServer::getInstanceByServerId($sid);
449 $options[AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
450 }
451 // end-patch ldap_multiple
452
453 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
454 $rad_settings = ilRadiusSettings::_getInstance();
455 if ($rad_settings->isActive()) {
456 $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
457 }
458
459 if ($ilSetting->get('apache_active')) {
460 global $DIC;
461
462 $lng = $DIC['lng'];
463 $apache_settings = new ilSetting('apache_auth');
464 $options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
465 $options[AUTH_APACHE]['hide_in_ui'] = true;
466 }
467
468 if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
469 $default = AUTH_LDAP;
470 } elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
471 $default = AUTH_RADIUS;
472 } else {
473 $default = AUTH_LOCAL;
474 }
475
476 $default = $ilSetting->get('default_auth_mode', $default);
477 $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
478
479
480 // begin-patch auth_plugin
481 $pls = ilAuthUtils::getAuthPlugins();
482 foreach ($pls as $pl) {
483 $auths = $pl->getAuthIds();
484 foreach ($auths as $auth_id) {
485 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
486 if ($pl_auth_option) {
487 $options = $options + $pl_auth_option;
488 }
489 }
490 }
491 // end-patch auth_plugins
492
493 if (array_key_exists($default, $options)) {
494 $options[$default]['checked'] = true;
495 }
496
497 return $options ? $options : array();
498 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:747
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilRadiusSettings\_getInstance
static _getInstance()
singleton get instance
Definition: class.ilRadiusSettings.php:74
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
$server
$server
Definition: dummy_client.php:12
$lng
$lng
Definition: save_question_post_data.php:23

References $DIC, $ilSetting, $lng, $server, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, AUTH_RADIUS, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 398 of file class.ilAuthUtils.php.

399 {
400 include_once('Services/Radius/classes/class.ilRadiusSettings.php');
401
402 $rad_settings = ilRadiusSettings::_getInstance();
403 if ($rad_settings->isActive()) {
404 return true;
405 }
406 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
407
408 if (count(ilLDAPServer::_getActiveServerList())) {
409 return true;
410 }
411
412 global $DIC;
413
414 $ilSetting = $DIC['ilSetting'];
415
416 if ($ilSetting->get('apache_active')) {
417 return true;
418 }
419
420 // begin-patch auth_plugin
421 foreach (ilAuthUtils::getAuthPlugins() as $pl) {
422 foreach ($pl->getAuthIds() as $auth_id) {
423 if ($pl->getMultipleAuthModeOptions($auth_id)) {
424 return true;
425 }
426 }
427 }
428 // end-patch auth_plugin
429
430
431 return false;
432 }

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilRadiusSettings\_getInstance(), and getAuthPlugins().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if Radius,LDAP, CAS or SOAP is active

@access public

Parameters

Definition at line 509 of file class.ilAuthUtils.php.

510 {
511 global $DIC;
512
513 $ilSetting = $DIC['ilSetting'];
514
515 if ($ilSetting->get("cas_active")) {
516 return true;
517 }
518 if ($ilSetting->get("soap_auth_active")) {
519 return true;
520 }
521 if ($ilSetting->get("shib_active")) {
522 return true;
523 }
524 if ($ilSetting->get('radius_active')) {
525 return true;
526 }
527 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
528 if (count(ilLDAPServer::_getActiveServerList())) {
529 return true;
530 }
531
532 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
533 if (count(ilAuthProviderLTI::getActiveAuthModes())) {
534 return true;
535 }
536
537 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
538 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
539 return true;
540 }
541
542 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
543 return true;
544 }
545
546 // begin-path auth_plugin
547 foreach (self::getAuthPlugins() as $pl) {
548 foreach ($pl->getAuthIds() as $auth_id) {
549 if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
550 return true;
551 }
552 }
553 }
554 // end-path auth_plugin
555
556 return false;
557 }
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:390

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

@access public

Parameters
intauth_mode

Definition at line 589 of file class.ilAuthUtils.php.

590 {
591 switch ($a_auth_mode) {
592 case AUTH_LOCAL:
593 case AUTH_APACHE:
594 return false;
595 default:
596 return true;
597 }
598 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation (   $a_auth_key,
  $auth_name = '' 
)
static
Parameters
string$a_auth_key
string$auth_name

Definition at line 771 of file class.ilAuthUtils.php.

772 {
773 global $DIC;
774
775 $lng = $DIC['lng'];
776
777 switch ((int) $a_auth_key) {
778 case AUTH_LDAP:
779 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
780 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
781 $server = ilLDAPServer::getInstanceByServerId($sid);
782 return $server->getName();
783
784 case AUTH_PROVIDER_LTI:
785 include_once './Services/LTI/classes/InternalProvider/class.ilAuthProviderLTI.php';
786 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
787 return ilAuthProviderLTI::lookupConsumer($sid);
788
789
790 case AUTH_SAML:
791 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
792 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
793 $idp = ilSamlIdp::getInstanceByIdpId($idp_id);
794 return $idp->getEntityId();
795
796 default:
797 $lng->loadLanguageModule('auth');
798 if (!empty($auth_name)) {
799 return $lng->txt('auth_' . $auth_name);
800 } else {
801 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
802 }
803 }
804}
ilAuthProviderLTI\lookupConsumer
static lookupConsumer($a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:425
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:439
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:400
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:213
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66

References $DIC, $lng, $server, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Returns
ilAuthDefinition

Definition at line 747 of file class.ilAuthUtils.php.

748 {
749 $pls = $GLOBALS['DIC']['ilPluginAdmin']->getActivePluginsForSlot(
750 IL_COMP_SERVICE,
751 'Authentication',
752 'authhk'
753 );
754 $pl_objs = array();
755 foreach ($pls as $pl) {
756 $pl_objs[] = $GLOBALS['DIC']['ilPluginAdmin']->getPluginObject(
757 IL_COMP_SERVICE,
758 'Authentication',
759 'authhk',
760 $pl
761 );
762 }
763 return $pl_objs;
764 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6

References $GLOBALS, and IL_COMP_SERVICE.

Referenced by _getMultipleAuthModeOptions(), _hasMultipleAuthenticationMethods(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 83 of file class.ilAuthUtils.php.

84 {
85 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
86 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
87 $credentials = new ilAuthFrontendCredentials();
88 $credentials->setUsername($_GET['ecs_login']);
89 $credentials->setAuthMode(AUTH_ECS);
90
91 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
92 $provider_factory = new ilAuthProviderFactory();
93 $providers = $provider_factory->getProviders($credentials);
94
95 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
96 $status = ilAuthStatus::getInstance();
97
98 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
99 $frontend_factory = new ilAuthFrontendFactory();
100 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
101 $frontend = $frontend_factory->getFrontend(
102 $GLOBALS['DIC']['ilAuthSession'],
103 $status,
104 $credentials,
105 $providers
106 );
107
108 $frontend->authenticate();
109
110 switch ($status->getStatus()) {
111 case ilAuthStatus::STATUS_AUTHENTICATED:
112 return;
113
114 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
115 ilInitialisation::goToPublicSection();
116 return;
117 }
118 }
119 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:942

References $_GET, $GLOBALS, AUTH_ECS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 75 of file class.ilAuthUtils.php.

76 {
77 if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
78 return true;
79 }
80 return false;
81 }

References $_GET.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int$a_authmode
Returns
bool

Definition at line 622 of file class.ilAuthUtils.php.

623 {
624 global $DIC;
625
626 $ilSetting = $DIC->settings();
627
628 switch ((int) $a_authmode) {
629 // always enabled
630 case AUTH_LOCAL:
631 case AUTH_APACHE:
632 return true;
633
634 // No local passwords for these auth modes
635 case AUTH_LDAP:
636 case AUTH_RADIUS:
637 case AUTH_ECS:
638 case AUTH_SCRIPT:
639 case AUTH_PROVIDER_LTI:
640 case AUTH_OPENID_CONNECT:
641 return false;
642
643 case AUTH_SAML:
644 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
645 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
646 return $idp->isActive() && $idp->allowLocalAuthentication();
647
648 case AUTH_SHIBBOLETH:
649 return $ilSetting->get("shib_auth_allow_local");
650 case AUTH_SOAP:
651 return $ilSetting->get("soap_auth_allow_local");
652 case AUTH_CAS:
653 return $ilSetting->get("cas_allow_local");
654
655 }
656 return false;
657 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

+ Here is the call graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int$a_authmode
Returns
bool

Definition at line 666 of file class.ilAuthUtils.php.

667 {
668 global $DIC;
669
670 $ilSetting = $DIC['ilSetting'];
671
672 if (self::isPasswordModificationHidden()) {
673 return false;
674 }
675
676 // begin-patch ldap_multiple
677 // cast to int
678 switch ((int) $a_authmode) {
679 // No local passwords for these auth modes
680 case AUTH_LDAP:
681 case AUTH_RADIUS:
682 case AUTH_ECS:
683 case AUTH_SCRIPT:
684 case AUTH_PROVIDER_LTI:
685 case AUTH_OPENID_CONNECT:
686 return false;
687
688 case AUTH_SAML:
689 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
690 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($a_authmode));
691 return $idp->isActive() && $idp->allowLocalAuthentication();
692
693 // Always for and local
694 case AUTH_LOCAL:
695 case AUTH_APACHE:
696 return true;
697
698 // Read setting:
699 case AUTH_SHIBBOLETH:
700 return $ilSetting->get("shib_auth_allow_local");
701 case AUTH_SOAP:
702 return $ilSetting->get("soap_auth_allow_local");
703 case AUTH_CAS:
704 return $ilSetting->get("cas_allow_local");
705 }
706 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPersonalSettingsGUI\allowPasswordChange(), and supportsLocalPasswordValidation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
object$a_authmode
Returns

Definition at line 713 of file class.ilAuthUtils.php.

714 {
715 // begin-patch ldap_multiple
716 // cast to int
717 switch ((int) $a_authmode) {
718 case AUTH_LDAP:
719 case AUTH_LOCAL:
720 case AUTH_RADIUS:
721 return ilAuthUtils::LOCAL_PWV_FULL;
722
723 case AUTH_SHIBBOLETH:
724 case AUTH_OPENID_CONNECT:
725 case AUTH_SAML:
726 case AUTH_SOAP:
727 case AUTH_CAS:
728 if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
729 return ilAuthUtils::LOCAL_PWV_NO;
730 }
731 return ilAuthUtils::LOCAL_PWV_USER;
732
733 case AUTH_PROVIDER_LTI:
734 case AUTH_ECS:
735 case AUTH_SCRIPT:
736 case AUTH_APACHE:
737 default:
738 return ilAuthUtils::LOCAL_PWV_USER;
739 }
740 }
ilAuthUtils\isPasswordModificationEnabled
static isPasswordModificationEnabled($a_authmode)
Check if password modification is enabled.
Definition: class.ilAuthUtils.php:666

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_RADIUS, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, isPasswordModificationEnabled(), LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 68 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 69 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by ilWebDAVUtil\isLocalPasswordInstructionRequired(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: