ilAuthProviderCAS Class Reference

CAS authentication provider. More...

Inheritance diagram for ilAuthProviderCAS:

Collaboration diagram for ilAuthProviderCAS:

Public Member Functions
	__construct (ilAuthCredentials $credentials)
	doAuthentication (ilAuthStatus $status)
Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...
	getLogger ()
	Get logger. More...
	getCredentials ()
Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

Protected Member Functions
	getSettings ()
	handleLDAPDataSource (ilAuthStatus $status)
Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
	Handle failed authentication. More...

Private Attributes
ilCASSettings	$settings

Detailed Description

CAS authentication provider.

Author

Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 25 of file class.ilAuthProviderCAS.php.

Constructor & Destructor Documentation

__construct()

ilAuthProviderCAS::__construct

(

ilAuthCredentials

$credentials

)

Definition at line 29 of file class.ilAuthProviderCAS.php.

References ILIAS\GlobalScreen\Provider\__construct(), ilCASSettings\getInstance(), and ILIAS\Repository\settings().

    {
        parent::__construct($credentials);
        $this->settings = ilCASSettings::getInstance();
    }

Here is the call graph for this function:

Member Function Documentation

doAuthentication()

ilAuthProviderCAS::doAuthentication

(

ilAuthStatus

$status

)

Definition at line 40 of file class.ilAuthProviderCAS.php.

References Vendor\Package\$e, ilObjUser\_checkExternalAuthAccount(), ilUtil\_getHttpPath(), ilObjUser\_lookupId(), ilAuthUtils\AUTH_CAS, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getSettings(), ilAuthProvider\handleAuthenticationFail(), handleLDAPDataSource(), ilLDAPServer\isDataSourceActive(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

                                                          : bool
    {
        $this->getLogger()->debug('Starting cas authentication attempt... ');

        try {
            // Uncomment the following line to get trace-level loggin by CAS
            //phpCAS::setLogger($this->getLogger());
            // Caution: If you set this to "true", there might be output
            // and the redirect won't work and you get an ILIAS Whoopsy
            // Though, you may need to for debugging other issues.
            phpCAS::setVerbose(false);
            $this->getLogger()->debug('Create client... ');
            phpCAS::client(
                CAS_VERSION_2_0,
                $this->getSettings()->getServer(),
                $this->getSettings()->getPort(),
                $this->getSettings()->getUri(),
                ilUtil::_getHttpPath()
            );

            phpCAS::setNoCasServerValidation();
            $this->getLogger()->debug('Fore CAS auth... ');
            phpCAS::forceAuthentication();
            $this->getLogger()->debug('Fore CAS auth done.');
        } catch (Exception $e) {
            $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'err_wrong_login');
            return false;
        }

        if (phpCAS::getUser() === '') {
            $this->getLogger()->debug('CAS user is empty.');
            return $this->handleAuthenticationFail($status, 'err_wrong_login');
        }
        $this->getCredentials()->setUsername(phpCAS::getUser());
        $this->getLogger()->debug('user name set to CAS user.');

        // check and handle ldap data sources
        if (ilLDAPServer::isDataSourceActive(ilAuthUtils::AUTH_CAS)) {
            return $this->handleLDAPDataSource($status);
        }

        // Check account available
        $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
        if ($local_user !== '' && $local_user !== null) {
            $this->getLogger()->debug('CAS authentication successful.');
            $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
            $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
            return true;
        }

        if (!$this->getSettings()->isUserCreationEnabled()) {
            $this->getLogger()->debug('User creation disabled. No valid local account found');
            $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
            return false;
        }

        $importer = new ilCASAttributeToUser($this->getSettings());
        $new_name = $importer->create($this->getCredentials()->getUsername());

        if ($new_name === '') {
            $this->getLogger()->debug('User creation failed.');
            $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
            return false;
        }

        $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
        $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
        return true;
    }

Here is the call graph for this function:

getSettings()

ilAuthProviderCAS::getSettings ( )

protected

Definition at line 35 of file class.ilAuthProviderCAS.php.

References $settings.

Referenced by doAuthentication().

                                    : ilCASSettings
    {
        return $this->settings;
    }

Here is the caller graph for this function:

handleLDAPDataSource()

ilAuthProviderCAS::handleLDAPDataSource ( ilAuthStatus  $status )

protected

Definition at line 111 of file class.ilAuthProviderCAS.php.

References Vendor\Package\$e, $server, ilObjUser\_lookupId(), ilAuthUtils\AUTH_CAS, ilAuthProvider\getCredentials(), ilLDAPServer\getDataSource(), ilLDAPServer\getInstanceByServerId(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilLDAPUserSynchronisation\setExternalAccount(), ilAuthStatus\setStatus(), and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by doAuthentication().

                                                                 : bool
    {
        $server = ilLDAPServer::getInstanceByServerId(
            ilLDAPServer::getDataSource(ilAuthUtils::AUTH_CAS)
        );

        $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());

        $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
        $sync->setExternalAccount($this->getCredentials()->getUsername());
        $sync->setUserData(array());
        $sync->forceCreation(true);

        try {
            $internal_account = $sync->sync();
        } catch (UnexpectedValueException $e) {
            $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'err_wrong_login');
            return false;
        } catch (ilLDAPSynchronisationFailedException $e) {
            $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
            return false;
        } catch (ilLDAPSynchronisationForbiddenException|ilLDAPAccountMigrationRequiredException $e) {
            // No syncronisation allowed => create Error
            $this->getLogger()->warning('User creation disabled. No valid local account found');
            $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
            return false;
        }
        $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
        $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

$settings

ilCASSettings ilAuthProviderCAS::$settings

private

Definition at line 27 of file class.ilAuthProviderCAS.php.

Referenced by getSettings().

---

The documentation for this class was generated from the following file:

• Services/CAS/classes/class.ilAuthProviderCAS.php