ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Private Member Functions | Private Attributes
ilAuthProviderOpenIdConnect Class Reference

Class ilAuthProviderOpenIdConnect. More...

+ Inheritance diagram for ilAuthProviderOpenIdConnect:
+ Collaboration diagram for ilAuthProviderOpenIdConnect:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 ilAuthProviderOpenIdConnect constructor. More...
 
 handleLogout ()
 Handle logout event. More...
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 

Data Fields

const OIDC_AUTH_IDTOKEN = "oidc_auth_idtoken"
 
- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Private Member Functions

 handleUpdate (ilAuthStatus $status, $user_info)
 
 initClient ()
 

Private Attributes

 $settings = null
 
 $lng = null
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Detailed Description

Class ilAuthProviderOpenIdConnect.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 13 of file class.ilAuthProviderOpenIdConnect.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderOpenIdConnect::__construct ( ilAuthCredentials  $credentials)

ilAuthProviderOpenIdConnect constructor.

Parameters
ilAuthCredentials$credentials

Definition at line 28 of file class.ilAuthProviderOpenIdConnect.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilOpenIdConnectSettings\getInstance(), and settings().

29  {
30  global $DIC;
31  parent::__construct($credentials);
32  $this->settings = ilOpenIdConnectSettings::getInstance();
33  $this->lng = $DIC->language();
34  }
settings
settings()
Definition: settings.php:2
ilOpenIdConnectSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilOpenIdConnectSettings.php:163
$DIC
global $DIC
Definition: goto.php:24
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:40
+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderOpenIdConnect::doAuthentication ( \ilAuthStatus  $status)

Do authentication.

Parameters
\ilAuthStatus$statusAuthentication status
Returns
bool

Implements ilAuthProviderInterface.

Definition at line 68 of file class.ilAuthProviderOpenIdConnect.php.

References $_GET, Vendor\Package\$e, $token, ilProxySettings\_getInstance(), ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), handleUpdate(), initClient(), ilOpenIdConnectSettings\LOGIN_ENFORCE, ilOpenIdConnectSettings\LOGOUT_SCOPE_GLOBAL, ilSession\set(), ilAuthStatus\setStatus(), settings(), ilAuthStatus\setTranslatedReason(), and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

69  {
70  try {
71  $oidc = $this->initClient();
72  $oidc->setRedirectURL(ILIAS_HTTP_PATH . '/openidconnect.php');
73 
74  $proxy = ilProxySettings::_getInstance();
75  if ($proxy->isActive()) {
76  $host = $proxy->getHost();
77  $port = $proxy->getPort();
78  if ($port) {
79  $host .= ":" . $port;
80  }
81  $oidc->setHttpProxy($host);
82  }
83 
84  $this->getLogger()->debug(
85  'Redirect url is: ' .
86  $oidc->getRedirectURL()
87  );
88 
89  $oidc->addScope($this->settings->getAllScopes());
90  switch ($this->settings->getLoginPromptType()) {
91  case ilOpenIdConnectSettings::LOGIN_ENFORCE:
92  $oidc->addAuthParam(['prompt' => 'login']);
93  break;
94  }
95 
96  $oidc->authenticate();
97  // user is authenticated, otherwise redirected to authorization endpoint or exception
98  $this->getLogger()->dump($_REQUEST, \ilLogLevel::DEBUG);
99 
100  $claims = $oidc->getVerifiedClaims(null);
101  $this->getLogger()->dump($claims, \ilLogLevel::DEBUG);
102  $status = $this->handleUpdate($status, $claims);
103 
104  // @todo : provide a general solution for all authentication methods
105  $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
106 
107  if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
108  $token = $oidc->requestUserInfo();
109  ilSession::set(self::OIDC_AUTH_IDTOKEN, $oidc->getIdToken());
110  }
111  return true;
112  } catch (Exception $e) {
113  $this->getLogger()->warning($e->getMessage());
114  $this->getLogger()->warning($e->getCode());
115  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
116  $status->setTranslatedReason($this->lng->txt("auth_oidc_failed"));
117  return false;
118  }
119  }
settings
settings()
Definition: settings.php:2
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:440
$token
$token
Definition: xapitoken.php:52
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProviderOpenIdConnect\handleUpdate
handleUpdate(ilAuthStatus $status, $user_info)
Definition: class.ilAuthProviderOpenIdConnect.php:126
ilProxySettings\_getInstance
static _getInstance()
Getter for unique instance.
Definition: class.ilProxySettings.php:93
+ Here is the call graph for this function:

◆ handleLogout()

ilAuthProviderOpenIdConnect::handleLogout ( )

Handle logout event.

Definition at line 39 of file class.ilAuthProviderOpenIdConnect.php.

References Vendor\Package\$e, ilSession\get(), ilAuthProvider\getLogger(), initClient(), ilOpenIdConnectSettings\LOGOUT_SCOPE_LOCAL, ilSession\set(), and settings().

40  {
41  if ($this->settings->getLogoutScope() == ilOpenIdConnectSettings::LOGOUT_SCOPE_LOCAL) {
42  return false;
43  }
44 
45  $id_token = ilSession::get(self::OIDC_AUTH_IDTOKEN);
46  $this->getLogger()->debug('Logging out with token: ' . $id_token);
47 
48 
49  if (is_string($id_token) && $id_token !== '') {
50  ilSession::set(self::OIDC_AUTH_IDTOKEN, '');
51  $oidc = $this->initClient();
52  try {
53  $oidc->signOut(
54  $id_token,
55  ILIAS_HTTP_PATH . '/logout.php'
56  );
57  } catch (\Jumbojett\OpenIDConnectClientException $e) {
58  $this->getLogger()->warning("Logging out of OIDC provider failed with: " . $e->getMessage());
59  }
60  }
61  }
settings
settings()
Definition: settings.php:2
ilSession\get
static get($a_var)
Get a value.
Definition: class.ilSession.php:451
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:440
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
+ Here is the call graph for this function:

◆ handleUpdate()

ilAuthProviderOpenIdConnect::handleUpdate ( ilAuthStatus  $status,
  $user_info 
)
private
Parameters
ilAuthStatus$status
array$user_info

Definition at line 126 of file class.ilAuthProviderOpenIdConnect.php.

References $_GET, Vendor\Package\$e, ilAuthProvider\$status, ilAuthProvider\$user_id, ilObjUser\_checkExternalAuthAccount(), ilOpenIdConnectUserSync\AUTH_MODE, ilLogLevel\ERROR, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setReason(), ilAuthStatus\setStatus(), settings(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by doAuthentication().

127  {
128  if (!is_object($user_info)) {
129  $this->getLogger()->error('Received invalid user credentials: ');
130  $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
131  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
132  $status->setReason('err_wrong_login');
133  return false;
134  }
135 
136  $uid_field = $this->settings->getUidField();
137  $ext_account = $user_info->$uid_field;
138 
139  $this->getLogger()->debug('Authenticated external account: ' . $ext_account);
140 
141 
142  $int_account = ilObjUser::_checkExternalAuthAccount(
143  ilOpenIdConnectUserSync::AUTH_MODE,
144  $ext_account
145  );
146 
147  try {
148  $sync = new ilOpenIdConnectUserSync($this->settings, $user_info);
149  if (!is_string($ext_account)) {
150  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
151  $status->setReason('err_wrong_login');
152  return $status;
153  }
154  $sync->setExternalAccount($ext_account);
155  $sync->setInternalAccount($int_account);
156  $sync->updateUser();
157 
158  $user_id = $sync->getUserId();
159  ilSession::set('used_external_auth', true);
160  $status->setAuthenticatedUserId($user_id);
161  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
162 
163  // @todo : provide a general solution for all authentication methods
164  $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();
165  } catch (ilOpenIdConnectSyncForbiddenException $e) {
166  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
167  $status->setReason('err_wrong_login');
168  }
169 
170  return $status;
171  }
settings
settings()
Definition: settings.php:2
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilSession\set
static set($a_var, $a_val)
Set a value.
Definition: class.ilSession.php:440
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\setReason
setReason($a_reason)
Set reason.
Definition: class.ilAuthStatus.php:81
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3568
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilOpenIdConnectUserSync
Class ilOpenIdConnectSettingsGUI.
Definition: class.ilOpenIdConnectUserSync.php:10
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initClient()

ilAuthProviderOpenIdConnect::initClient ( )
private
Returns
OpenIDConnectClient

Definition at line 176 of file class.ilAuthProviderOpenIdConnect.php.

References settings().

Referenced by doAuthentication(), and handleLogout().

176  : OpenIDConnectClient
177  {
178  $oidc = new OpenIDConnectClient(
179  $this->settings->getProvider(),
180  $this->settings->getClientId(),
181  $this->settings->getSecret()
182  );
183  return $oidc;
184  }
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $lng

ilAuthProviderOpenIdConnect::$lng = null
private

Definition at line 21 of file class.ilAuthProviderOpenIdConnect.php.

◆ $settings

ilAuthProviderOpenIdConnect::$settings = null
private

Definition at line 19 of file class.ilAuthProviderOpenIdConnect.php.

◆ OIDC_AUTH_IDTOKEN

const ilAuthProviderOpenIdConnect::OIDC_AUTH_IDTOKEN = "oidc_auth_idtoken"

Definition at line 15 of file class.ilAuthProviderOpenIdConnect.php.

The documentation for this class was generated from the following file: