ILIAS  release_8 Revision v8.24
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
25class ilSamlIdp
26{
27 protected ilDBInterface $db;
29 private static array $instances = [];
30 protected int $idp_id;
31 protected bool $is_active = false;
32 protected bool $allow_local_auth = false;
33 protected int $default_role_id = 0;
34 protected string $uid_claim = '';
35 protected string $login_claim = '';
36 protected bool $sync_status = false;
37 protected string $entity_id = '';
38 protected bool $account_migration_status = false;
40 protected static array $idp_as_data = [];
41
42 public function __construct(int $a_idp_id = 0)
43 {
44 $this->db = $GLOBALS['DIC']->database();
45 $this->idp_id = $a_idp_id;
46
47 if ($this->idp_id > 0) {
48 $this->read();
49 }
50 }
51
52 public static function getFirstActiveIdp(): self
53 {
54 $idps = self::getActiveIdpList();
55 if (count($idps) > 0) {
56 return current($idps);
57 }
58
59 throw new ilSamlException('No active SAML IDP found');
60 }
61
62 public static function getInstanceByIdpId(int $a_idp_id): self
63 {
64 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
65 self::$instances[$a_idp_id] = new self($a_idp_id);
66 }
67
68 return self::$instances[$a_idp_id];
69 }
70
71 private function read(): void
72 {
73 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
74 $res = $this->db->query($query);
75 while ($record = $this->db->fetchAssoc($res)) {
76 $this->bindDbRecord($record);
77 return;
78 }
79
80 throw new ilException('Could not find idp');
81 }
82
83 public function persist(): void
84 {
85 if (!$this->getIdpId()) {
86 $this->setIdpId($this->db->nextId('saml_idp_settings'));
87 }
88
89 $this->db->replace(
90 'saml_idp_settings',
91 [
92 'idp_id' => ['integer', $this->getIdpId()]
93 ],
94 [
95 'is_active' => ['integer', (int) $this->isActive()],
96 'default_role_id' => ['integer', $this->getDefaultRoleId()],
97 'uid_claim' => ['text', $this->getUidClaim()],
98 'login_claim' => ['text', $this->getLoginClaim()],
99 'entity_id' => ['text', $this->getEntityId()],
100 'sync_status' => ['integer', (int) $this->isSynchronizationEnabled()],
101 'allow_local_auth' => ['integer', (int) $this->allowLocalAuthentication()],
102 'account_migr_status' => ['integer', (int) $this->isAccountMigrationEnabled()]
103 ]
104 );
105 }
106
111 public function delete(): void
112 {
113 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
114 $mapping->delete();
115
116 $this->db->manipulateF(
117 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
118 array('text', 'text'),
119 array('default', ilAuthUtils::AUTH_SAML . '_' . $this->getIdpId())
120 );
121
122 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote(
123 $this->getIdpId(),
124 'integer'
125 ));
126 }
127
131 public function toArray(): array
132 {
133 return [
134 'idp_id' => $this->getIdpId(),
135 'is_active' => $this->isActive(),
136 'default_role_id' => $this->getDefaultRoleId(),
137 'uid_claim' => $this->getUidClaim(),
138 'login_claim' => $this->getLoginClaim(),
139 'sync_status' => $this->isSynchronizationEnabled(),
140 'account_migr_status' => $this->isAccountMigrationEnabled(),
141 'allow_local_auth' => $this->allowLocalAuthentication(),
142 'entity_id' => $this->getEntityId()
143 ];
144 }
145
149 public function bindDbRecord(array $record): void
150 {
151 $this->setIdpId((int) $record['idp_id']);
152 $this->setActive((bool) $record['is_active']);
153 $this->setDefaultRoleId((int) $record['default_role_id']);
154 $this->setUidClaim((string) $record['uid_claim']);
155 $this->setLoginClaim((string) $record['login_claim']);
156 $this->setSynchronizationStatus((bool) $record['sync_status']);
157 $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
158 $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
159 $this->setEntityId((string) $record['entity_id']);
160 }
161
162 public function bindForm(ilPropertyFormGUI $form): void
163 {
164 $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
165 $this->setUidClaim((string) $form->getInput('uid_claim'));
166 $this->setLoginClaim((string) $form->getInput('login_claim'));
167 $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
168 $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
169 $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
170
172 $metadata = $form->getItemByPostVar('metadata');
173 $this->setEntityId($metadata->getValue());
174 }
175
176 public static function isAuthModeSaml(string $a_auth_mode): bool
177 {
178 if ('' === $a_auth_mode) {
179 return false;
180 }
181
182 $auth_arr = explode('_', $a_auth_mode);
183 return (
184 count($auth_arr) === 2 &&
185 (int) $auth_arr[0] === ilAuthUtils::AUTH_SAML &&
186 is_string($auth_arr[1]) && $auth_arr[1] !== ''
187 );
188 }
189
190 public static function getIdpIdByAuthMode(string $a_auth_mode): ?int
191 {
192 if (self::isAuthModeSaml($a_auth_mode)) {
193 $auth_arr = explode('_', $a_auth_mode);
194 return (int) $auth_arr[1];
195 }
196
197 return null;
198 }
199
200 public static function geIdpIdByEntityId(string $entityId): int
201 {
202 foreach (self::getAllIdps() as $idp) {
203 if ($idp->isActive() && $idp->getEntityId() === $entityId) {
204 return $idp->getIdpId();
205 }
206 }
207
208 return 0;
209 }
210
214 public static function getActiveIdpList(): array
215 {
216 $idps = [];
217
218 foreach (self::getAllIdps() as $idp) {
219 if ($idp->isActive()) {
220 $idps[] = $idp;
221 }
222 }
223
224 return $idps;
225 }
226
230 public static function getAllIdps(): array
231 {
232 global $DIC;
233
234 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
235
236 $idps = [];
237 while ($row = $DIC->database()->fetchAssoc($res)) {
238 $idp = new self();
239 $idp->bindDbRecord($row);
240
241 $idps[] = $idp;
242 }
243
244 return $idps;
245 }
246
247 public static function getAuthModeByKey(string $a_auth_key): string
248 {
249 $auth_arr = explode('_', $a_auth_key);
250 if (count((array) $auth_arr) > 1) {
251 return 'saml_' . $auth_arr[1];
252 }
253
254 return 'saml';
255 }
256
257 public static function getKeyByAuthMode(string $a_auth_mode): string
258 {
259 $auth_arr = explode('_', $a_auth_mode);
260 if (count((array) $auth_arr) > 1) {
261 return ilAuthUtils::AUTH_SAML . '_' . $auth_arr[1];
262 }
263
264 return (string) ilAuthUtils::AUTH_SAML;
265 }
266
267 public function getEntityId(): string
268 {
269 return $this->entity_id;
270 }
271
272 public function setEntityId(string $entity_id): void
273 {
274 $this->entity_id = $entity_id;
275 }
276
277 public function isActive(): bool
278 {
279 return $this->is_active;
280 }
281
282 public function setActive(bool $is_active): void
283 {
284 $this->is_active = $is_active;
285 }
286
287 public function getIdpId(): int
288 {
289 return $this->idp_id;
290 }
291
292 public function setIdpId(int $idp_id): void
293 {
294 $this->idp_id = $idp_id;
295 }
296
297 public function allowLocalAuthentication(): bool
298 {
299 return $this->allow_local_auth;
300 }
301
302 public function setLocalLocalAuthenticationStatus(bool $status): void
303 {
304 $this->allow_local_auth = $status;
305 }
306
307 public function getDefaultRoleId(): int
308 {
309 return $this->default_role_id;
310 }
311
312 public function setDefaultRoleId(int $role_id): void
313 {
314 $this->default_role_id = $role_id;
315 }
316
317 public function setUidClaim(string $claim): void
318 {
319 $this->uid_claim = $claim;
320 }
321
322 public function getUidClaim(): string
323 {
324 return $this->uid_claim;
325 }
326
327 public function setLoginClaim(string $claim): void
328 {
329 $this->login_claim = $claim;
330 }
331
332 public function getLoginClaim(): string
333 {
334 return $this->login_claim;
335 }
336
337 public function isSynchronizationEnabled(): bool
338 {
339 return $this->sync_status;
340 }
341
342 public function setSynchronizationStatus(bool $sync): void
343 {
344 $this->sync_status = $sync;
345 }
346
347 public function isAccountMigrationEnabled(): bool
348 {
349 return $this->account_migration_status;
350 }
351
352 public function setAccountMigrationStatus(bool $status): void
353 {
354 $this->account_migration_status = $status;
355 }
356}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilException.php:26
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:31
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar(string $a_post_var)
Definition: class.ilPropertyFormGUI.php:250
ilSamlException
Class ilSamlException.
Definition: class.ilSamlException.php:26
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:26
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:214
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:200
ilSamlIdp\$instances
static array $instances
Definition: class.ilSamlIdp.php:29
ilSamlIdp\$account_migration_status
bool $account_migration_status
Definition: class.ilSamlIdp.php:38
ilSamlIdp\$db
ilDBInterface $db
Definition: class.ilSamlIdp.php:27
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus(bool $status)
Definition: class.ilSamlIdp.php:302
ilSamlIdp\setUidClaim
setUidClaim(string $claim)
Definition: class.ilSamlIdp.php:317
ilSamlIdp\$uid_claim
string $uid_claim
Definition: class.ilSamlIdp.php:34
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:190
ilSamlIdp\$allow_local_auth
bool $allow_local_auth
Definition: class.ilSamlIdp.php:32
ilSamlIdp\setLoginClaim
setLoginClaim(string $claim)
Definition: class.ilSamlIdp.php:327
ilSamlIdp\setDefaultRoleId
setDefaultRoleId(int $role_id)
Definition: class.ilSamlIdp.php:312
ilSamlIdp\__construct
__construct(int $a_idp_id=0)
Definition: class.ilSamlIdp.php:42
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:247
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:176
ilSamlIdp\$idp_as_data
static array $idp_as_data
Definition: class.ilSamlIdp.php:40
ilSamlIdp\setIdpId
setIdpId(int $idp_id)
Definition: class.ilSamlIdp.php:292
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:347
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:62
ilSamlIdp\$entity_id
string $entity_id
Definition: class.ilSamlIdp.php:37
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:52
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:337
ilSamlIdp\$default_role_id
int $default_role_id
Definition: class.ilSamlIdp.php:33
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus(bool $sync)
Definition: class.ilSamlIdp.php:342
ilSamlIdp\$login_claim
string $login_claim
Definition: class.ilSamlIdp.php:35
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus(bool $status)
Definition: class.ilSamlIdp.php:352
ilSamlIdp\setActive
setActive(bool $is_active)
Definition: class.ilSamlIdp.php:282
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:230
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:257
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:297
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:149
ilSamlIdp\setEntityId
setEntityId(string $entity_id)
Definition: class.ilSamlIdp.php:272
$DIC
global $DIC
Definition: feed.php:28
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:27
$res
$res
Definition: ltiservices.php:69
$entityId
if( $source===null) if(!($source instanceof SP)) $entityId
Definition: metadata.php:105
$query
$query
Definition: proxy_ylocal.php:13