ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilAuthProviderShibboleth.php
Go to the documentation of this file.
1 <?php
2 
3 /******************************************************************************
4  *
5  * This file is part of ILIAS, a powerful learning management system.
6  *
7  * ILIAS is licensed with the GPL-3.0, you should have received a copy
8  * of said license along with the source code.
9  *
10  * If this is not the case or you just want to try ILIAS, you'll find
11  * us at:
12  * https://www.ilias.de
13  * https://github.com/ILIAS-eLearning
14  *
15  *****************************************************************************/
20 class ilAuthProviderShibboleth extends ilAuthProvider
21 {
22  public function doAuthentication(ilAuthStatus $status): bool
23  {
24  global $DIC; // for backwards compatibility of hook environment variables
25  $ilias = $DIC['ilias'];
26  $ilSetting = $DIC['ilSetting'];
27  $shibServerData = shibServerData::getInstance();
28 
29  if ($shibServerData->getLogin() !== '' && $shibServerData->getLogin() !== '0') {
30  $shibUser = shibUser::buildInstance($shibServerData);
31  // for backword compatibility of hook environment variables
32  $userObj = &$shibUser; // For shib_data_conv included Script
33  $newUser = $shibUser->isNew(); // For shib_data_conv included Script
34  if ($shibUser->isNew()) {
35  $shibUser->createFields();
36  $shibUser->setPref('hits_per_page', $ilSetting->get('hits_per_page'));
37 
38  // Modify user data before creating the user
39  // Include custom code that can be used to further modify
40  // certain Shibboleth user attributes
41  if (
42  $ilias->getSetting('shib_data_conv') &&
43  $ilias->getSetting('shib_data_conv', '') !== '' &&
44  is_readable($ilias->getSetting('shib_data_conv'))
45  ) {
47  include($ilias->getSetting('shib_data_conv'));
48  }
49  $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shibUser);
50  $shibUser->create();
51  $shibUser->saveAsNew();
52  $shibUser->updateOwner();
53  $shibUser->writePrefs();
54  $shibUser = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shibUser);
55  ilShibbolethRoleAssignmentRules::doAssignments($shibUser->getId(), $_SERVER);
56  } else {
57  $shibUser->updateFields();
58  // Include custom code that can be used to further modify
59  // certain Shibboleth user attributes
60  if (
61  $ilias->getSetting('shib_data_conv') &&
62  $ilias->getSetting('shib_data_conv') !== '' &&
63  is_readable($ilias->getSetting('shib_data_conv'))
64  ) {
66  include($ilias->getSetting('shib_data_conv'));
67  }
68  // $shibUser->update();
69  $shibUser = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shibUser);
70  $shibUser->update();
71  $shibUser = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shibUser);
72  ilShibbolethRoleAssignmentRules::updateAssignments($shibUser->getId(), $_SERVER);
73  }
74 
75  $settings = new ilShibbolethSettings();
76 
77  if (!$newUser || !$settings->adminMustActivate()) {
78  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
79  $status->setAuthenticatedUserId(ilObjUser::_lookupId($shibUser->getLogin()));
80  } elseif ($settings->adminMustActivate()) {
81  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
82  $status->setReason('err_inactive');
83  }
84  } else {
85  $this->getLogger()->info('Shibboleth authentication failed.');
86  $this->handleAuthenticationFail($status, 'err_wrong_login');
87  return false;
88  }
89 
90  return true;
91  }
92 }
ILIAS\LTI\ToolProvider\$settings
array $settings
Setting values (LTI parameters, custom parameters and local parameters).
Definition: System.php:200
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilShibbolethRoleAssignmentRules\doAssignments
static doAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:91
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
$DIC
global $DIC
Definition: feed.php:28
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:27
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilShibbolethRoleAssignmentRules\updateAssignments
static updateAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:59
shibUser\buildInstance
static buildInstance(shibServerData $shibServerData)
Definition: class.shibUser.php:28
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilAuthProviderShibboleth
Shibboleth authentication provider.
Definition: class.ilAuthProviderShibboleth.php:20
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:27
ilShibbolethSettings
Class ilShibbolethSettings.
Definition: class.ilShibbolethSettings.php:27