ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php declare(strict_types=1);
2/* Copyright (c) 1998-2016 ILIAS open source, Extended GPL, see docs/LICENSE */
3
8class ilSamlIdp
9{
11 protected $db;
13 private static $instances = [];
15 protected $idp_id;
17 protected $is_active = false;
19 protected $allow_local_auth = false;
21 protected $default_role_id = 0;
23 protected $uid_claim = '';
25 protected $login_claim = '';
27 protected $sync_status = false;
29 protected $entity_id = '';
31 protected $account_migration_status = false;
33 protected static $idp_as_data = [];
34
38 public function __construct(int $a_idp_id = 0)
39 {
40 $this->db = $GLOBALS['DIC']->database();
41 $this->idp_id = $a_idp_id;
42
43 if ($this->idp_id > 0) {
44 $this->read();
45 }
46 }
47
52 public static function getFirstActiveIdp() : self
53 {
54 $idps = self::getActiveIdpList();
55 if (count($idps) > 0) {
56 return current($idps);
57 }
58
59 throw new ilSamlException('No active SAML IDP found');
60 }
61
66 public static function getInstanceByIdpId(int $a_idp_id) : self
67 {
68 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
69 self::$instances[$a_idp_id] = new self($a_idp_id);
70 }
71
72 return self::$instances[$a_idp_id];
73 }
74
78 private function read() : void
79 {
80 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
81 $res = $this->db->query($query);
82 while ($record = $this->db->fetchAssoc($res)) {
83 $this->bindDbRecord($record);
84 return;
85 }
86
87 throw new ilException('Could not find idp');
88 }
89
93 public function persist() : void
94 {
95 if (!$this->getIdpId()) {
96 $this->setIdpId((int) $this->db->nextId('saml_idp_settings'));
97 }
98
99 $this->db->replace(
100 'saml_idp_settings',
101 [
102 'idp_id' => ['integer', $this->getIdpId()]
103 ],
104 [
105 'is_active' => ['integer', (int) $this->isActive()],
106 'default_role_id' => ['integer', $this->getDefaultRoleId()],
107 'uid_claim' => ['text', $this->getUidClaim()],
108 'login_claim' => ['text', $this->getLoginClaim()],
109 'entity_id' => ['text', $this->getEntityId()],
110 'sync_status' => ['integer', (int) $this->isSynchronizationEnabled()],
111 'allow_local_auth' => ['integer', (int) $this->allowLocalAuthentication()],
112 'account_migr_status' => ['integer', (int) $this->isAccountMigrationEnabled()]
113 ]
114 );
115 }
116
120 public function delete() : void
121 {
122 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
123 $mapping->delete();
124
125 $this->db->manipulateF(
126 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
127 array('text', 'text'),
128 array('default', AUTH_SAML . '_' . $this->getIdpId())
129 );
130
131 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote(
132 $this->getIdpId(),
133 'integer'
134 ));
135 }
136
140 public function toArray() : array
141 {
142 return [
143 'idp_id' => $this->getIdpId(),
144 'is_active' => $this->isActive(),
145 'default_role_id' => $this->getDefaultRoleId(),
146 'uid_claim' => $this->getUidClaim(),
147 'login_claim' => $this->getLoginClaim(),
148 'sync_status' => $this->isSynchronizationEnabled(),
149 'account_migr_status' => $this->isAccountMigrationEnabled(),
150 'allow_local_auth' => $this->allowLocalAuthentication(),
151 'entity_id' => $this->getEntityId()
152 ];
153 }
154
158 public function bindDbRecord(array $record) : void
159 {
160 $this->setIdpId((int) $record['idp_id']);
161 $this->setActive((bool) $record['is_active']);
162 $this->setDefaultRoleId((int) $record['default_role_id']);
163 $this->setUidClaim((string) $record['uid_claim']);
164 $this->setLoginClaim((string) $record['login_claim']);
165 $this->setSynchronizationStatus((bool) $record['sync_status']);
166 $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
167 $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
168 $this->setEntityId((string) $record['entity_id']);
169 }
170
174 public function bindForm(ilPropertyFormGUI $form)
175 {
176 $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
177 $this->setUidClaim((string) $form->getInput('uid_claim'));
178 $this->setLoginClaim((string) $form->getInput('login_claim'));
179 $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
180 $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
181 $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
182
186 $metadata = $form->getItemByPostVar('metadata');
187 $this->setEntityId((string) $metadata->getIdpMetadataParser()->getEntityId());
188 }
189
194 public static function isAuthModeSaml(string $a_auth_mode) : bool
195 {
196 if (!$a_auth_mode) {
197 $GLOBALS['DIC']->logger()->auth()->write(__METHOD__ . ': No auth mode given..............');
198 return false;
199 }
200
201 $auth_arr = explode('_', $a_auth_mode);
202 return (
203 count($auth_arr) === 2 &&
204 (int) $auth_arr[0] === (int) AUTH_SAML &&
205 strlen($auth_arr[1]) > 0
206 );
207 }
208
213 public static function getIdpIdByAuthMode(string $a_auth_mode) : ?int
214 {
215 if (self::isAuthModeSaml($a_auth_mode)) {
216 $auth_arr = explode('_', $a_auth_mode);
217 return (int) $auth_arr[1];
218 }
219
220 return null;
221 }
222
227 public static function geIdpIdByEntityId($entityId)
228 {
229 foreach (self::getAllIdps() as $idp) {
230 if ($idp->isActive() && $idp->getEntityId() === $entityId) {
231 return $idp->getIdpId();
232 }
233 }
234
235 return 0;
236 }
237
241 public static function getActiveIdpList() : array
242 {
243 $idps = [];
244
245 foreach (self::getAllIdps() as $idp) {
246 if ($idp->isActive()) {
247 $idps[] = $idp;
248 }
249 }
250
251 return $idps;
252 }
253
257 public static function getAllIdps() : array
258 {
259 global $DIC;
260
261 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
262
263 $idps = [];
264 while ($row = $DIC->database()->fetchAssoc($res)) {
265 $idp = new self();
266 $idp->bindDbRecord($row);
267
268 $idps[] = $idp;
269 }
270
271 return $idps;
272 }
273
278 public static function getAuthModeByKey(string $a_auth_key) : string
279 {
280 $auth_arr = explode('_', $a_auth_key);
281 if (count((array) $auth_arr) > 1) {
282 return 'saml_' . $auth_arr[1];
283 }
284
285 return 'saml';
286 }
287
292 public static function getKeyByAuthMode(string $a_auth_mode) : string
293 {
294 $auth_arr = explode('_', $a_auth_mode);
295 if (count((array) $auth_arr) > 1) {
296 return AUTH_SAML . '_' . $auth_arr[1];
297 }
298
299 return (string) AUTH_SAML;
300 }
301
305 public function getEntityId() : string
306 {
307 return $this->entity_id;
308 }
309
313 public function setEntityId(string $entity_id) : void
314 {
315 $this->entity_id = $entity_id;
316 }
317
321 public function isActive() : bool
322 {
323 return $this->is_active;
324 }
325
329 public function setActive(bool $is_active) : void
330 {
331 $this->is_active = $is_active;
332 }
333
337 public function getIdpId() : int
338 {
339 return $this->idp_id;
340 }
341
345 public function setIdpId(int $idp_id) : void
346 {
347 $this->idp_id = $idp_id;
348 }
349
353 public function allowLocalAuthentication() : bool
354 {
355 return $this->allow_local_auth;
356 }
357
361 public function setLocalLocalAuthenticationStatus(bool $status) : void
362 {
363 $this->allow_local_auth = $status;
364 }
365
369 public function getDefaultRoleId() : int
370 {
371 return $this->default_role_id;
372 }
373
377 public function setDefaultRoleId(int $role_id) : void
378 {
379 $this->default_role_id = $role_id;
380 }
381
385 public function setUidClaim(string $claim) : void
386 {
387 $this->uid_claim = $claim;
388 }
389
393 public function getUidClaim() : string
394 {
395 return $this->uid_claim;
396 }
397
401 public function setLoginClaim(string $claim) : void
402 {
403 $this->login_claim = $claim;
404 }
405
409 public function getLoginClaim() : string
410 {
411 return $this->login_claim;
412 }
413
417 public function isSynchronizationEnabled() : bool
418 {
419 return $this->sync_status;
420 }
421
425 public function setSynchronizationStatus(bool $sync) : void
426 {
427 $this->sync_status = $sync;
428 }
429
433 public function isAccountMigrationEnabled() : bool
434 {
435 return $this->account_migration_status;
436 }
437
441 public function setAccountMigrationStatus(bool $status) : void
442 {
443 $this->account_migration_status = $status;
444 }
445}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_SAML
const AUTH_SAML
Definition: class.ilAuthUtils.php:18
ilException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilException.php:28
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilPropertyFormGUI\getInput
getInput($a_post_var, $ensureValidation=true)
Returns the value of a HTTP-POST variable, identified by the passed id.
Definition: class.ilPropertyFormGUI.php:580
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar($a_post_var)
Get Item by POST variable.
Definition: class.ilPropertyFormGUI.php:356
ilSamlException
Class ilSamlException.
Definition: class.ilSamlException.php:8
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:9
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:241
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus(bool $status)
Definition: class.ilSamlIdp.php:361
ilSamlIdp\setUidClaim
setUidClaim(string $claim)
Definition: class.ilSamlIdp.php:385
ilSamlIdp\$instances
static $instances
Definition: class.ilSamlIdp.php:13
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:213
ilSamlIdp\setLoginClaim
setLoginClaim(string $claim)
Definition: class.ilSamlIdp.php:401
ilSamlIdp\setDefaultRoleId
setDefaultRoleId(int $role_id)
Definition: class.ilSamlIdp.php:377
ilSamlIdp\__construct
__construct(int $a_idp_id=0)
Definition: class.ilSamlIdp.php:38
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:278
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:194
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId($entityId)
Definition: class.ilSamlIdp.php:227
ilSamlIdp\setIdpId
setIdpId(int $idp_id)
Definition: class.ilSamlIdp.php:345
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:433
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:52
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:417
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus(bool $sync)
Definition: class.ilSamlIdp.php:425
ilSamlIdp\$idp_as_data
static $idp_as_data
Definition: class.ilSamlIdp.php:33
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus(bool $status)
Definition: class.ilSamlIdp.php:441
ilSamlIdp\setActive
setActive(bool $is_active)
Definition: class.ilSamlIdp.php:329
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:257
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:292
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:353
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:158
ilSamlIdp\setEntityId
setEntityId(string $entity_id)
Definition: class.ilSamlIdp.php:313
$DIC
global $DIC
Definition: goto.php:24
$entityId
if( $source===null) if(!($source instanceof SP)) $entityId
Definition: metadata.php:88
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15