ILIAS  release_8 Revision v8.24
Static Public Member Functions | Data Fields | Private Attributes
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthMode (?string $a_auth_mode)
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin (string $a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions (ilLanguage $lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation (string $a_auth_key, string $auth_name='')
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 
const AUTH_LOCAL = 1
 
const AUTH_LDAP = 2
 
const AUTH_SCRIPT = 4
 
const AUTH_SHIBBOLETH = 5
 
const AUTH_CAS = 6
 
const AUTH_SOAP = 7
 
const AUTH_HTTP = 8
 
const AUTH_ECS = 9
 
const AUTH_APACHE = 11
 
const AUTH_SAML = 12
 
const AUTH_OPENID_CONNECT = 15
 
const AUTH_PROVIDER_LTI = 22
 

Private Attributes

const AUTH_INACTIVE = 18
 
const AUTH_MULTIPLE = 20
 
const AUTH_SESSION = 21
 
const AUTH_SOAP_NO_ILIAS_USER = -100
 
const AUTH_LDAP_NO_ILIAS_USER = -200
 
const AUTH_APACHE_FAILED = -500
 
const AUTH_SAML_FAILED = -501
 
const AUTH_MODE_INACTIVE = -1000
 
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
 
const AUTH_CAS_NO_ILIAS_USER = -90
 
const AUTH_USER_WRONG_IP = -600
 
const AUTH_USER_INACTIVE = -601
 
const AUTH_USER_TIME_LIMIT_EXCEEDED = -602
 
const AUTH_USER_SIMULTANEOUS_LOGIN = -603
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Definition at line 26 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

Parameters
int|stringauth_mode

Definition at line 531 of file class.ilAuthUtils.php.

531 : bool
532 {
533 switch ((int) $a_auth_mode) {
534 case self::AUTH_LDAP:
535 case self::AUTH_ECS:
536 case self::AUTH_PROVIDER_LTI:
537 case self::AUTH_OPENID_CONNECT:
538 return false;
539 default:
540 return true;
541 }
542 }
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, and AUTH_PROVIDER_LTI.

Referenced by ilPasswordInputGUI\checkInput().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin ( string  $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 370 of file class.ilAuthUtils.php.

370 : string
371 {
372 global $DIC;
373
374 $ilDB = $DIC['ilDB'];
375
376 // Check if username already exists
377 $found = false;
378 $postfix = 0;
379 $c_login = $a_login;
380 while (!$found) {
381 $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
382 $ilDB->quote($c_login));
383 if ($r->numRows() > 0) {
384 $postfix++;
385 $c_login = $a_login . $postfix;
386 } else {
387 $found = true;
388 }
389 }
390
391 return $c_login;
392 }
$DIC
global $DIC
Definition: feed.php:28

References $DIC, and $ilDB.

Referenced by ilCASAttributeToUser\create(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static
Returns
array<string, int|string>

Definition at line 258 of file class.ilAuthUtils.php.

258 : array
259 {
260 global $DIC;
261
262 $ilSetting = $DIC['ilSetting'];
263
264 $modes = [
265 'default' => $ilSetting->get("auth_mode"),
266 'local' => self::AUTH_LOCAL
267 ];
268
269 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
270 $modes['ldap_' . $sid] = (self::AUTH_LDAP . '_' . $sid);
271 }
272
273 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
274 $modes['lti_' . $sid] = (self::AUTH_PROVIDER_LTI . '_' . $sid);
275 }
276
277 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
278 $modes['oidc'] = self::AUTH_OPENID_CONNECT;
279 }
280
281 if ($ilSetting->get("shib_active")) {
282 $modes['shibboleth'] = self::AUTH_SHIBBOLETH;
283 }
284 if ($ilSetting->get("script_active")) {
285 $modes['script'] = self::AUTH_SCRIPT;
286 }
287 if ($ilSetting->get("cas_active")) {
288 $modes['cas'] = self::AUTH_CAS;
289 }
290 if ($ilSetting->get("soap_auth_active")) {
291 $modes['soap'] = self::AUTH_SOAP;
292 }
293 if ($ilSetting->get("apache_active")) {
294 $modes['apache'] = self::AUTH_APACHE;
295 }
296
297 if (ilECSServerSettings::getInstance()->activeServerExists()) {
298 $modes['ecs'] = self::AUTH_ECS;
299 }
300
301 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
302 $idpId = $idp->getIdpId();
303 $modes['saml_' . $idpId] = self::AUTH_SAML . '_' . $idpId;
304 }
305
306 // begin-path auth_plugin
307 foreach (self::getAuthPlugins() as $pl) {
308 foreach ($pl->getAuthIds() as $auth_id) {
309 if ($pl->isAuthActive($auth_id)) {
310 $modes[$pl->getAuthName($auth_id)] = $auth_id;
311 }
312 }
313 }
314 // end-path auth_plugin
315 return $modes;
316 }
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:57
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:214
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilOpenIdConnectSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static
Returns
array<int|string, string>

Definition at line 321 of file class.ilAuthUtils.php.

321 : array
322 {
323 $modes = array(
324 self::AUTH_LOCAL,
325 self::AUTH_LDAP,
326 self::AUTH_SHIBBOLETH,
327 self::AUTH_SAML,
328 self::AUTH_CAS,
329 self::AUTH_SOAP,
330 self::AUTH_ECS,
331 self::AUTH_PROVIDER_LTI,
332 self::AUTH_OPENID_CONNECT,
333 self::AUTH_APACHE
334 );
335 $ret = array();
336 foreach ($modes as $mode) {
337 if ($mode === self::AUTH_PROVIDER_LTI) {
338 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
339 $id = self::AUTH_PROVIDER_LTI . '_' . $sid;
340 $ret[$id] = self::_getAuthModeName($id);
341 }
342 continue;
343 }
344
345 // multi ldap implementation
346 if ($mode === self::AUTH_LDAP) {
347 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
348 $id = self::AUTH_LDAP . '_' . $ldap_id;
349 $ret[$id] = self::_getAuthModeName($id);
350 }
351 continue;
352 }
353
354 if ($mode === self::AUTH_SAML) {
355 foreach (ilSamlIdp::getAllIdps() as $idp) {
356 $id = self::AUTH_SAML . '_' . $idp->getIdpId();
357 $ret[$id] = self::_getAuthModeName($id);
358 }
359 continue;
360 }
361 $ret[$mode] = self::_getAuthModeName($mode);
362 }
363 return $ret;
364 }
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:205
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:230

References $id, _getAuthModeName(), ilLDAPServer\_getServerList(), ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode ( ?string  $a_auth_mode)
static
Returns
string|int|null

Definition at line 140 of file class.ilAuthUtils.php.

141 {
142 global $DIC;
143
144 $ilSetting = $DIC['ilSetting'];
145
146 if (null === $a_auth_mode) {
147 return $ilSetting->get("auth_mode");
148 }
149
150 if (strpos($a_auth_mode, '_') !== false) {
151 $auth_arr = explode('_', $a_auth_mode);
152 $auth_switch = $auth_arr[0];
153 } else {
154 $auth_switch = $a_auth_mode;
155 }
156 switch ($auth_switch) {
157 case "local":
158 return self::AUTH_LOCAL;
159 break;
160
161 case "ldap":
162 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
163
164 case 'lti':
165 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
166
167 case "script":
168 return self::AUTH_SCRIPT;
169 break;
170
171 case "shibboleth":
172 return self::AUTH_SHIBBOLETH;
173 break;
174
175 case 'oidc':
176 return self::AUTH_OPENID_CONNECT;
177 break;
178
179 case 'saml':
180 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
181
182 case "cas":
183 return self::AUTH_CAS;
184 break;
185
186 case "soap":
187 return self::AUTH_SOAP;
188 break;
189
190 case 'ecs':
191 return self::AUTH_ECS;
192
193 case 'apache':
194 return self::AUTH_APACHE;
195
196 default:
197 return $ilSetting->get("auth_mode");
198 break;
199 }
200 }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:55
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:428
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:257

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), and ilObjUser\getAuthMode().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static
Parameters
$a_auth_keyint|string

Definition at line 205 of file class.ilAuthUtils.php.

205 : string
206 {
207 switch ((int) $a_auth_key) {
208 case self::AUTH_LOCAL:
209 return "local";
210 break;
211
212 case self::AUTH_LDAP:
213 // begin-patch ldap_multiple
214 return ilLDAPServer::getAuthModeByKey($a_auth_key);
215 // end-patch ldap_multiple
216
217 case self::AUTH_PROVIDER_LTI:
218 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
219
220 case self::AUTH_CAS:
221 return "cas";
222 break;
223
224 case self::AUTH_SCRIPT:
225 return "script";
226 break;
227
228 case self::AUTH_SHIBBOLETH:
229 return "shibboleth";
230 break;
231
232 case self::AUTH_SAML:
233 return ilSamlIdp::getAuthModeByKey($a_auth_key);
234
235 case self::AUTH_SOAP:
236 return "soap";
237 break;
238
239 case self::AUTH_ECS:
240 return 'ecs';
241
242 case self::AUTH_APACHE:
243 return 'apache';
244
245 case self::AUTH_OPENID_CONNECT:
246 return 'oidc';
247 break;
248
249 default:
250 return "default";
251 break;
252 }
253 }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:41
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:415
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:247

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by _getAllAuthModes(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), ilObjUserGUI\initForm(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions ( ilLanguage  $lng)
static
Parameters
ilLanguage$lng
Returns
array<int|string, string>

Definition at line 426 of file class.ilAuthUtils.php.

426 : array
427 {
428 global $DIC;
429
430 $ilSetting = $DIC['ilSetting'];
431 $options = [];
432 // in the moment only ldap is activated as additional authentication method
433
434 $options[self::AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
435
436
437 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
438 $server = ilLDAPServer::getInstanceByServerId($sid);
439 $options[self::AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
440 }
441
442 if ($ilSetting->get('apache_active')) {
443 global $DIC;
444
445 $lng = $DIC['lng'];
446 $apache_settings = new ilSetting('apache_auth');
447 $options[self::AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
448 $options[self::AUTH_APACHE]['hide_in_ui'] = true;
449 }
450
451 if ($ilSetting->get('auth_mode', (string) self::AUTH_LOCAL) === (string) self::AUTH_LDAP) {
452 $default = self::AUTH_LDAP;
453 } else {
454 $default = self::AUTH_LOCAL;
455 }
456
457 $default = $ilSetting->get('default_auth_mode', (string) $default);
458
459 // begin-patch auth_plugin
460 $pls = self::getAuthPlugins();
461 foreach ($pls as $pl) {
462 $auths = $pl->getAuthIds();
463 foreach ($auths as $auth_id) {
464 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
465 if ($pl_auth_option) {
466 $options += $pl_auth_option;
467 }
468 }
469 }
470 // end-patch auth_plugins
471
472 if (array_key_exists($default, $options)) {
473 $options[$default]['checked'] = true;
474 }
475
476 return $options;
477 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:662
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilSetting
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSetting.php:27
$server
$server
Definition: dummy_client.php:22
$lng
$lng
Definition: save_question_post_data.php:24

References $DIC, $ilSetting, $lng, $server, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 394 of file class.ilAuthUtils.php.

394 : bool
395 {
396 if (count(ilLDAPServer::_getActiveServerList())) {
397 return true;
398 }
399
400 global $DIC;
401
402 $ilSetting = $DIC['ilSetting'];
403
404 if ($ilSetting->get('apache_active')) {
405 return true;
406 }
407
408 // begin-patch auth_plugin
409 foreach (self::getAuthPlugins() as $pl) {
410 foreach ($pl->getAuthIds() as $auth_id) {
411 if ($pl->getMultipleAuthModeOptions($auth_id)) {
412 return true;
413 }
414 }
415 }
416 // end-patch auth_plugin
417
418
419 return false;
420 }

References $DIC, $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilStartUpGUI\doStandardAuthentication(), and ilStartUpGUI\initStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if LDAP, CAS or SOAP is active

Definition at line 483 of file class.ilAuthUtils.php.

483 : bool
484 {
485 global $DIC;
486
487 $ilSetting = $DIC['ilSetting'];
488
489 if ($ilSetting->get("cas_active")) {
490 return true;
491 }
492 if ($ilSetting->get("soap_auth_active")) {
493 return true;
494 }
495 if ($ilSetting->get("shib_active")) {
496 return true;
497 }
498 if (count(ilLDAPServer::_getActiveServerList())) {
499 return true;
500 }
501
502 if (count(ilAuthProviderLTI::getActiveAuthModes())) {
503 return true;
504 }
505
506 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
507 return true;
508 }
509
510 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
511 return true;
512 }
513
514 // begin-path auth_plugin
515 foreach (self::getAuthPlugins() as $pl) {
516 foreach ($pl->getAuthIds() as $auth_id) {
517 if ($pl->isAuthActive($auth_id) && $pl->isExternalAccountNameRequired($auth_id)) {
518 return true;
519 }
520 }
521 }
522 // end-path auth_plugin
523
524 return false;
525 }
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:68

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\initForm(), and ilObjUserGUI\saveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

Parameters
null | string | int$a_auth_modeauth_mode

Definition at line 549 of file class.ilAuthUtils.php.

549 : bool
550 {
551 switch ($a_auth_mode) {
552 case self::AUTH_LOCAL:
553 case self::AUTH_APACHE:
554 return false;
555 default:
556 return true;
557 }
558 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation ( string  $a_auth_key,
string  $auth_name = '' 
)
static

Definition at line 667 of file class.ilAuthUtils.php.

667 : ?string
668 {
669 global $DIC;
670
671 $lng = $DIC['lng'];
672
673 //TODO fix casting strings like 2_1 (auth_key for first ldap server) to int to get it to 2
674 switch ((int) $a_auth_key) {
675 case self::AUTH_LDAP:
676 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
677 return ilLDAPServer::getInstanceByServerId($sid)->getName();
678
679 case self::AUTH_PROVIDER_LTI:
680 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
681 return ilAuthProviderLTI::lookupConsumer($sid);
682
683
684 case self::AUTH_SAML:
685 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
686 return ilSamlIdp::getInstanceByIdpId($idp_id)->getEntityId();
687
688 default:
689 $lng->loadLanguageModule('auth');
690 if (!empty($auth_name)) {
691 return $lng->txt('auth_' . $auth_name);
692 }
693
694 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
695
696 }
697 }
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:118
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:106
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:402
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:190
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:62

References $DIC, $lng, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Definition at line 662 of file class.ilAuthUtils.php.

662 : \Iterator
663 {
664 return $GLOBALS['DIC']['component.factory']->getActivePluginsInSlot('authhk');
665 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64

References $GLOBALS.

Referenced by _getMultipleAuthModeOptions(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 100 of file class.ilAuthUtils.php.

100 : void
101 {
102 global $DIC;
103 $query_wrapper = $DIC->http()->wrapper()->query();
104 $string_refinery = $DIC->refinery()->kindlyTo()->string();
105 if ($query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url')) {
106 $credentials = new ilAuthFrontendCredentials();
107 $credentials->setUsername($query_wrapper->retrieve('ecs_login', $string_refinery));
108 $credentials->setAuthMode((string) self::AUTH_ECS);
109
110 $provider_factory = new ilAuthProviderFactory();
111 $providers = $provider_factory->getProviders($credentials);
112
113 $status = ilAuthStatus::getInstance();
114
115 $frontend_factory = new ilAuthFrontendFactory();
116 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
117 $frontend = $frontend_factory->getFrontend(
118 $GLOBALS['DIC']['ilAuthSession'],
119 $status,
120 $credentials,
121 $providers
122 );
123
124 $frontend->authenticate();
125
126 switch ($status->getStatus()) {
127 case ilAuthStatus::STATUS_AUTHENTICATED:
128 return;
129
130 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
131 ilInitialisation::goToPublicSection();
132 return;
133 }
134 }
135 }
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:989

References $DIC, $GLOBALS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 92 of file class.ilAuthUtils.php.

92 : bool
93 {
94 //TODO rework forced authentication concept
95 global $DIC;
96 $query_wrapper = $DIC->http()->wrapper()->query();
97 return $query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url');
98 }

References $DIC.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int | string$a_authmode
Returns
bool

Definition at line 578 of file class.ilAuthUtils.php.

578 : bool
579 {
580 global $DIC;
581
582 $ilSetting = $DIC->settings();
583
584 switch ((int) $a_authmode) {
585 // always enabled
586 case self::AUTH_LOCAL:
587 case self::AUTH_APACHE:
588 return true;
589
590 // No local passwords for these auth modes
591 case self::AUTH_LDAP:
592 case self::AUTH_ECS:
593 case self::AUTH_SCRIPT:
594 case self::AUTH_PROVIDER_LTI:
595 case self::AUTH_OPENID_CONNECT:
596 return false;
597
598 case self::AUTH_SAML:
599 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode((string) $a_authmode));
600 return $idp->isActive() && $idp->allowLocalAuthentication();
601
602 case self::AUTH_SHIBBOLETH:
603 return (bool) $ilSetting->get("shib_auth_allow_local", '0');
604 case self::AUTH_SOAP:
605 return (bool) $ilSetting->get("soap_auth_allow_local", '0');
606 case self::AUTH_CAS:
607 return (bool) $ilSetting->get("cas_allow_local", '0');
608
609 }
610 return false;
611 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by isPasswordModificationEnabled(), and ilPasswordAssistanceGUI\submitAssistanceForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int | string$a_authmode
Returns
bool

Definition at line 619 of file class.ilAuthUtils.php.

619 : bool
620 {
621 if (self::isPasswordModificationHidden()) {
622 return false;
623 }
624
625 return self::isLocalPasswordEnabledForAuthMode($a_authmode);
626 }
ilAuthUtils\isLocalPasswordEnabledForAuthMode
static isLocalPasswordEnabledForAuthMode($a_authmode)
Check if local password validation is enabled for a specific auth_mode.
Definition: class.ilAuthUtils.php:578

References isLocalPasswordEnabledForAuthMode().

Referenced by ilPersonalSettingsGUI\allowPasswordChange().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
null | string | int$a_authmode
Returns

Definition at line 633 of file class.ilAuthUtils.php.

633 : int
634 {
635 switch ((int) $a_authmode) {
636 case self::AUTH_LDAP:
637 case self::AUTH_LOCAL:
638 return self::LOCAL_PWV_FULL;
639
640 case self::AUTH_SHIBBOLETH:
641 case self::AUTH_OPENID_CONNECT:
642 case self::AUTH_SAML:
643 case self::AUTH_SOAP:
644 case self::AUTH_CAS:
645 if (!self::isPasswordModificationEnabled($a_authmode)) {
646 return self::LOCAL_PWV_NO;
647 }
648 return self::LOCAL_PWV_USER;
649
650 case self::AUTH_PROVIDER_LTI:
651 case self::AUTH_ECS:
652 case self::AUTH_SCRIPT:
653 case self::AUTH_APACHE:
654 default:
655 return self::LOCAL_PWV_USER;
656 }
657 }

References AUTH_APACHE, AUTH_CAS, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

+ Here is the caller graph for this function:

Field Documentation

◆ AUTH_APACHE

const ilAuthUtils::AUTH_APACHE = 11

Definition at line 42 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), _getMultipleAuthModeOptions(), _needsExternalAccountByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilStartUpGUI\doApacheAuthentication(), ilObjAuthSettingsGUI\getApacheAuthSettingsForm(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderApache\getTriggerAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), and supportsLocalPasswordValidation().

◆ AUTH_APACHE_FAILED

const ilAuthUtils::AUTH_APACHE_FAILED = -500
private

Definition at line 67 of file class.ilAuthUtils.php.

◆ AUTH_CAS

const ilAuthUtils::AUTH_CAS = 6

Definition at line 37 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\authSettingsObject(), ilAuthProviderCAS\doAuthentication(), ilStartUpGUI\doCasAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderCAS\handleLDAPDataSource(), ilCASSettingsGUI\initFormSettings(), ilPersonalSettingsGUI\initPasswordForm(), isLocalPasswordEnabledForAuthMode(), ilCASSettingsGUI\save(), ilStartUpGUI\showLoginForm(), and supportsLocalPasswordValidation().

◆ AUTH_CAS_NO_ILIAS_USER

const ilAuthUtils::AUTH_CAS_NO_ILIAS_USER = -90
private

Definition at line 80 of file class.ilAuthUtils.php.

◆ AUTH_ECS

const ilAuthUtils::AUTH_ECS = 9

Definition at line 40 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilAuthProviderFactory\getProviderByAuthMode(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_HTTP

const ilAuthUtils::AUTH_HTTP = 8

Definition at line 39 of file class.ilAuthUtils.php.

◆ AUTH_INACTIVE

const ilAuthUtils::AUTH_INACTIVE = 18
private

Definition at line 48 of file class.ilAuthUtils.php.

◆ AUTH_LDAP

const ilAuthUtils::AUTH_LDAP = 2

Definition at line 34 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getAuthModeName(), _getMultipleAuthModeOptions(), ilObjAuthSettingsGUI\authSettingsObject(), ilObjAuthSettingsGUI\getAuthModeTitle(), getAuthModeTranslation(), ilTermsOfServiceWithdrawalGUIHelper\getConsentWithdrawalConfirmation(), ilLDAPServer\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLDAP\getTriggerAuthMode(), ilAuthLoginPageEditorGUI\initLoginForm(), ilLDAPServer\isAuthModeLDAP(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), ilObjAuthSettingsGUI\setAuthModeObject(), supportsLocalPasswordValidation(), and ilPersonalProfileGUI\withdrawAcceptance().

◆ AUTH_LDAP_NO_ILIAS_USER

const ilAuthUtils::AUTH_LDAP_NO_ILIAS_USER = -200
private

Definition at line 61 of file class.ilAuthUtils.php.

◆ AUTH_LOCAL

const ilAuthUtils::AUTH_LOCAL = 1

Definition at line 33 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), _getMultipleAuthModeOptions(), _needsExternalAccountByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilStartUpGUI\doMigration(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilTermsOfServiceWithdrawalGUIHelper\getConsentWithdrawalConfirmation(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderSaml\handleSamlAuth(), ilObjAuthSettingsGUI\initAuthModeDetermination(), ilAuthLoginPageEditorGUI\initLoginForm(), ilPersonalSettingsGUI\initPasswordForm(), isLocalPasswordEnabledForAuthMode(), ilLTIViewGUI\logout(), ilAuthModeDetermination\read(), ilUserPasswordManager\resetLastPasswordChangeForLocalUsers(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), ilPersonalSettingsGUI\savePassword(), ilPasswordAssistanceGUI\submitAssistanceForm(), supportsLocalPasswordValidation(), and ilPersonalProfileGUI\withdrawAcceptance().

◆ AUTH_MODE_INACTIVE

const ilAuthUtils::AUTH_MODE_INACTIVE = -1000
private

Definition at line 73 of file class.ilAuthUtils.php.

◆ AUTH_MULTIPLE

const ilAuthUtils::AUTH_MULTIPLE = 20
private

Definition at line 51 of file class.ilAuthUtils.php.

◆ AUTH_OPENID_CONNECT

const ilAuthUtils::AUTH_OPENID_CONNECT = 15

Definition at line 45 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\authSettingsObject(), ilStartUpGUI\doOpenIdConnectAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_PROVIDER_LTI

const ilAuthUtils::AUTH_PROVIDER_LTI = 22

Definition at line 56 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getAuthModeName(), ilStartUpGUI\doLTIAuthentication(), getAuthModeTranslation(), ilAuthProviderLTI\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLTI\isAuthModeLTI(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_SAML

const ilAuthUtils::AUTH_SAML = 12

Definition at line 43 of file class.ilAuthUtils.php.

Referenced by _getAuthModeName(), ilObjAuthSettingsGUI\authSettingsObject(), ilSamlIdp\delete(), ilStartUpGUI\doLogout(), ilStartUpGUI\doSamlAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), getAuthModeTranslation(), ilSamlIdp\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderSaml\getTriggerAuthMode(), ilSamlIdp\isAuthModeSaml(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\setAuthModeObject(), ilPasswordAssistanceGUI\submitAssistanceForm(), and supportsLocalPasswordValidation().

◆ AUTH_SAML_FAILED

const ilAuthUtils::AUTH_SAML_FAILED = -501
private

Definition at line 70 of file class.ilAuthUtils.php.

◆ AUTH_SCRIPT

const ilAuthUtils::AUTH_SCRIPT = 4

Definition at line 35 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\getAuthModeTitle(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\saveScriptObject(), ilObjAuthSettingsGUI\setAuthModeObject(), and supportsLocalPasswordValidation().

◆ AUTH_SESSION

const ilAuthUtils::AUTH_SESSION = 21
private

Definition at line 54 of file class.ilAuthUtils.php.

◆ AUTH_SHIBBOLETH

const ilAuthUtils::AUTH_SHIBBOLETH = 5

Definition at line 36 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilStartUpGUI\doShibbolethAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilAuthProviderFactory\getProviderByAuthMode(), ilPersonalSettingsGUI\initPasswordForm(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\setAuthModeObject(), ilStartUpGUI\showLoginForm(), and supportsLocalPasswordValidation().

◆ AUTH_SOAP

const ilAuthUtils::AUTH_SOAP = 7

Definition at line 38 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilAuthProviderFactory\getProviderByAuthMode(), ilObjAuthSettingsGUI\initAuthModeDetermination(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), and supportsLocalPasswordValidation().

◆ AUTH_SOAP_NO_ILIAS_USER

const ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER = -100
private

Definition at line 59 of file class.ilAuthUtils.php.

◆ AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL

const ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
private

Definition at line 78 of file class.ilAuthUtils.php.

◆ AUTH_USER_INACTIVE

const ilAuthUtils::AUTH_USER_INACTIVE = -601
private

Definition at line 85 of file class.ilAuthUtils.php.

◆ AUTH_USER_SIMULTANEOUS_LOGIN

const ilAuthUtils::AUTH_USER_SIMULTANEOUS_LOGIN = -603
private

Definition at line 87 of file class.ilAuthUtils.php.

◆ AUTH_USER_TIME_LIMIT_EXCEEDED

const ilAuthUtils::AUTH_USER_TIME_LIMIT_EXCEEDED = -602
private

Definition at line 86 of file class.ilAuthUtils.php.

◆ AUTH_USER_WRONG_IP

const ilAuthUtils::AUTH_USER_WRONG_IP = -600
private

Definition at line 84 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 28 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 29 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 30 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu(), and supportsLocalPasswordValidation().

The documentation for this class was generated from the following file: