ILIAS  release_8 Revision v8.24
Public Member Functions | Protected Member Functions | Private Attributes
ilAuthProviderCAS Class Reference

CAS authentication provider. More...

+ Inheritance diagram for ilAuthProviderCAS:
+ Collaboration diagram for ilAuthProviderCAS:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 doAuthentication (ilAuthStatus $status)
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Protected Member Functions

 getSettings ()
 
 handleLDAPDataSource (ilAuthStatus $status)
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 Handle failed authentication. More...
 

Private Attributes

ilCASSettings $settings
 

Detailed Description

CAS authentication provider.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 25 of file class.ilAuthProviderCAS.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderCAS::__construct ( ilAuthCredentials  $credentials)

Constructor.

Reimplemented from ilAuthProvider.

Definition at line 29 of file class.ilAuthProviderCAS.php.

30 {
31 parent::__construct($credentials);
32 $this->settings = ilCASSettings::getInstance();
33 }
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:55
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:37

References ilAuthProvider\$credentials, ILIAS\GlobalScreen\Provider\__construct(), ilCASSettings\getInstance(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderCAS::doAuthentication ( ilAuthStatus  $status)

Definition at line 40 of file class.ilAuthProviderCAS.php.

40 : bool
41 {
42 $this->getLogger()->debug('Starting cas authentication attempt... ');
43
44 try {
45 // Uncomment the following line to get trace-level loggin by CAS
46 //phpCAS::setLogger($this->getLogger());
47 // Caution: If you set this to "true", there might be output
48 // and the redirect won't work and you get an ILIAS Whoopsy
49 // Though, you may need to for debugging other issues.
50 phpCAS::setVerbose(false);
51 $this->getLogger()->debug('Create client... ');
52 phpCAS::client(
53 CAS_VERSION_2_0,
54 $this->getSettings()->getServer(),
55 $this->getSettings()->getPort(),
56 $this->getSettings()->getUri(),
57 ilUtil::_getHttpPath()
58 );
59
60 phpCAS::setNoCasServerValidation();
61 $this->getLogger()->debug('Fore CAS auth... ');
62 phpCAS::forceAuthentication();
63 $this->getLogger()->debug('Fore CAS auth done.');
64 } catch (Exception $e) {
65 $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
66 $this->handleAuthenticationFail($status, 'err_wrong_login');
67 return false;
68 }
69
70 if (phpCAS::getUser() === '') {
71 $this->getLogger()->debug('CAS user is empty.');
72 return $this->handleAuthenticationFail($status, 'err_wrong_login');
73 }
74 $this->getCredentials()->setUsername(phpCAS::getUser());
75 $this->getLogger()->debug('user name set to CAS user.');
76
77 // check and handle ldap data sources
78 if (ilLDAPServer::isDataSourceActive(ilAuthUtils::AUTH_CAS)) {
79 return $this->handleLDAPDataSource($status);
80 }
81
82 // Check account available
83 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
84 if ($local_user !== '' && $local_user !== null) {
85 $this->getLogger()->debug('CAS authentication successful.');
86 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
87 $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
88 return true;
89 }
90
91 if (!$this->getSettings()->isUserCreationEnabled()) {
92 $this->getLogger()->debug('User creation disabled. No valid local account found');
93 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
94 return false;
95 }
96
97 $importer = new ilCASAttributeToUser($this->getSettings());
98 $new_name = $importer->create($this->getCredentials()->getUsername());
99
100 if ($new_name === '') {
101 $this->getLogger()->debug('User creation failed.');
102 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
103 return false;
104 }
105
106 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107 $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
108 return true;
109 }
ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderCAS.php:111
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:25
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:310
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1332

References Vendor\Package\$e, ilAuthProvider\$status, ilObjUser\_checkExternalAuthAccount(), ilUtil\_getHttpPath(), ilObjUser\_lookupId(), ilAuthUtils\AUTH_CAS, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilLDAPServer\isDataSourceActive(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

+ Here is the call graph for this function:

◆ getSettings()

ilAuthProviderCAS::getSettings ( )
protected

Definition at line 35 of file class.ilAuthProviderCAS.php.

35 : ilCASSettings
36 {
37 return $this->settings;
38 }

References $settings.

Referenced by doAuthentication().

+ Here is the caller graph for this function:

◆ handleLDAPDataSource()

ilAuthProviderCAS::handleLDAPDataSource ( ilAuthStatus  $status)
protected

Definition at line 111 of file class.ilAuthProviderCAS.php.

111 : bool
112 {
113 $server = ilLDAPServer::getInstanceByServerId(
114 ilLDAPServer::getDataSource(ilAuthUtils::AUTH_CAS)
115 );
116
117 $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());
118
119 $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
120 $sync->setExternalAccount($this->getCredentials()->getUsername());
121 $sync->setUserData(array());
122 $sync->forceCreation(true);
123
124 try {
125 $internal_account = $sync->sync();
126 } catch (UnexpectedValueException $e) {
127 $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
128 $this->handleAuthenticationFail($status, 'err_wrong_login');
129 return false;
130 } catch (ilLDAPSynchronisationFailedException $e) {
131 $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
132 return false;
133 } catch (ilLDAPSynchronisationForbiddenException|ilLDAPAccountMigrationRequiredException $e) {
134 // No syncronisation allowed => create Error
135 $this->getLogger()->warning('User creation disabled. No valid local account found');
136 $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
137 return false;
138 }
139 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
140 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
141 return true;
142 }
ilLDAPAccountMigrationRequiredException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPAccountMigrationRequiredException.php:25
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:326
ilLDAPSynchronisationFailedException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationFailedException.php:27
ilLDAPSynchronisationForbiddenException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationForbiddenException.php:25
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, cas,...
Definition: class.ilLDAPUserSynchronisation.php:27
$server
$server
Definition: dummy_client.php:22

References Vendor\Package\$e, $server, ilAuthProvider\$status, ilObjUser\_lookupId(), ilAuthUtils\AUTH_CAS, ilAuthProvider\getCredentials(), ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by doAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $settings

ilCASSettings ilAuthProviderCAS::$settings
private

Definition at line 27 of file class.ilAuthProviderCAS.php.

Referenced by getSettings().

The documentation for this class was generated from the following file: