ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilSamlIdp.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
25 class ilSamlIdp
26 {
27  protected ilDBInterface $db;
29  private static array $instances = [];
30  protected int $idp_id;
31  protected bool $is_active = false;
32  protected bool $allow_local_auth = false;
33  protected int $default_role_id = 0;
34  protected string $uid_claim = '';
35  protected string $login_claim = '';
36  protected bool $sync_status = false;
37  protected string $entity_id = '';
38  protected bool $account_migration_status = false;
40  protected static array $idp_as_data = [];
41 
42  public function __construct(int $a_idp_id = 0)
43  {
44  $this->db = $GLOBALS['DIC']->database();
45  $this->idp_id = $a_idp_id;
46 
47  if ($this->idp_id > 0) {
48  $this->read();
49  }
50  }
51 
52  public static function getFirstActiveIdp(): self
53  {
54  $idps = self::getActiveIdpList();
55  if (count($idps) > 0) {
56  return current($idps);
57  }
58 
59  throw new ilSamlException('No active SAML IDP found');
60  }
61 
62  public static function getInstanceByIdpId(int $a_idp_id): self
63  {
64  if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
65  self::$instances[$a_idp_id] = new self($a_idp_id);
66  }
67 
68  return self::$instances[$a_idp_id];
69  }
70 
71  private function read(): void
72  {
73  $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->getIdpId(), 'integer');
74  $res = $this->db->query($query);
75  while ($record = $this->db->fetchAssoc($res)) {
76  $this->bindDbRecord($record);
77  return;
78  }
79 
80  throw new ilException('Could not find idp');
81  }
82 
83  public function persist(): void
84  {
85  if (!$this->getIdpId()) {
86  $this->setIdpId($this->db->nextId('saml_idp_settings'));
87  }
88 
89  $this->db->replace(
90  'saml_idp_settings',
91  [
92  'idp_id' => ['integer', $this->getIdpId()]
93  ],
94  [
95  'is_active' => ['integer', (int) $this->isActive()],
96  'default_role_id' => ['integer', $this->getDefaultRoleId()],
97  'uid_claim' => ['text', $this->getUidClaim()],
98  'login_claim' => ['text', $this->getLoginClaim()],
99  'entity_id' => ['text', $this->getEntityId()],
100  'sync_status' => ['integer', (int) $this->isSynchronizationEnabled()],
101  'allow_local_auth' => ['integer', (int) $this->allowLocalAuthentication()],
102  'account_migr_status' => ['integer', (int) $this->isAccountMigrationEnabled()]
103  ]
104  );
105  }
106 
111  public function delete(): void
112  {
113  $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->getIdpId());
114  $mapping->delete();
115 
116  $this->db->manipulateF(
117  'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
118  array('text', 'text'),
119  array('default', ilAuthUtils::AUTH_SAML . '_' . $this->getIdpId())
120  );
121 
122  $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote(
123  $this->getIdpId(),
124  'integer'
125  ));
126  }
127 
131  public function toArray(): array
132  {
133  return [
134  'idp_id' => $this->getIdpId(),
135  'is_active' => $this->isActive(),
136  'default_role_id' => $this->getDefaultRoleId(),
137  'uid_claim' => $this->getUidClaim(),
138  'login_claim' => $this->getLoginClaim(),
139  'sync_status' => $this->isSynchronizationEnabled(),
140  'account_migr_status' => $this->isAccountMigrationEnabled(),
141  'allow_local_auth' => $this->allowLocalAuthentication(),
142  'entity_id' => $this->getEntityId()
143  ];
144  }
145 
149  public function bindDbRecord(array $record): void
150  {
151  $this->setIdpId((int) $record['idp_id']);
152  $this->setActive((bool) $record['is_active']);
153  $this->setDefaultRoleId((int) $record['default_role_id']);
154  $this->setUidClaim((string) $record['uid_claim']);
155  $this->setLoginClaim((string) $record['login_claim']);
156  $this->setSynchronizationStatus((bool) $record['sync_status']);
157  $this->setAccountMigrationStatus((bool) $record['account_migr_status']);
158  $this->setLocalLocalAuthenticationStatus((bool) $record['allow_local_auth']);
159  $this->setEntityId((string) $record['entity_id']);
160  }
161 
162  public function bindForm(ilPropertyFormGUI $form): void
163  {
164  $this->setDefaultRoleId((int) $form->getInput('default_role_id'));
165  $this->setUidClaim((string) $form->getInput('uid_claim'));
166  $this->setLoginClaim((string) $form->getInput('login_claim'));
167  $this->setSynchronizationStatus((bool) $form->getInput('sync_status'));
168  $this->setLocalLocalAuthenticationStatus((bool) $form->getInput('allow_local_auth'));
169  $this->setAccountMigrationStatus((bool) $form->getInput('account_migr_status'));
170 
172  $metadata = $form->getItemByPostVar('metadata');
173  $this->setEntityId($metadata->getValue());
174  }
175 
176  public static function isAuthModeSaml(string $a_auth_mode): bool
177  {
178  if ('' === $a_auth_mode) {
179  return false;
180  }
181 
182  $auth_arr = explode('_', $a_auth_mode);
183  return (
184  count($auth_arr) === 2 &&
185  (int) $auth_arr[0] === ilAuthUtils::AUTH_SAML &&
186  is_string($auth_arr[1]) && $auth_arr[1] !== ''
187  );
188  }
189 
190  public static function getIdpIdByAuthMode(string $a_auth_mode): ?int
191  {
192  if (self::isAuthModeSaml($a_auth_mode)) {
193  $auth_arr = explode('_', $a_auth_mode);
194  return (int) $auth_arr[1];
195  }
196 
197  return null;
198  }
199 
200  public static function geIdpIdByEntityId(string $entityId): int
201  {
202  foreach (self::getAllIdps() as $idp) {
203  if ($idp->isActive() && $idp->getEntityId() === $entityId) {
204  return $idp->getIdpId();
205  }
206  }
207 
208  return 0;
209  }
210 
214  public static function getActiveIdpList(): array
215  {
216  $idps = [];
217 
218  foreach (self::getAllIdps() as $idp) {
219  if ($idp->isActive()) {
220  $idps[] = $idp;
221  }
222  }
223 
224  return $idps;
225  }
226 
230  public static function getAllIdps(): array
231  {
232  global $DIC;
233 
234  $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
235 
236  $idps = [];
237  while ($row = $DIC->database()->fetchAssoc($res)) {
238  $idp = new self();
239  $idp->bindDbRecord($row);
240 
241  $idps[] = $idp;
242  }
243 
244  return $idps;
245  }
246 
247  public static function getAuthModeByKey(string $a_auth_key): string
248  {
249  $auth_arr = explode('_', $a_auth_key);
250  if (count((array) $auth_arr) > 1) {
251  return 'saml_' . $auth_arr[1];
252  }
253 
254  return 'saml';
255  }
256 
257  public static function getKeyByAuthMode(string $a_auth_mode): string
258  {
259  $auth_arr = explode('_', $a_auth_mode);
260  if (count((array) $auth_arr) > 1) {
261  return ilAuthUtils::AUTH_SAML . '_' . $auth_arr[1];
262  }
263 
264  return (string) ilAuthUtils::AUTH_SAML;
265  }
266 
267  public function getEntityId(): string
268  {
269  return $this->entity_id;
270  }
271 
272  public function setEntityId(string $entity_id): void
273  {
274  $this->entity_id = $entity_id;
275  }
276 
277  public function isActive(): bool
278  {
279  return $this->is_active;
280  }
281 
282  public function setActive(bool $is_active): void
283  {
284  $this->is_active = $is_active;
285  }
286 
287  public function getIdpId(): int
288  {
289  return $this->idp_id;
290  }
291 
292  public function setIdpId(int $idp_id): void
293  {
294  $this->idp_id = $idp_id;
295  }
296 
297  public function allowLocalAuthentication(): bool
298  {
299  return $this->allow_local_auth;
300  }
301 
302  public function setLocalLocalAuthenticationStatus(bool $status): void
303  {
304  $this->allow_local_auth = $status;
305  }
306 
307  public function getDefaultRoleId(): int
308  {
309  return $this->default_role_id;
310  }
311 
312  public function setDefaultRoleId(int $role_id): void
313  {
314  $this->default_role_id = $role_id;
315  }
316 
317  public function setUidClaim(string $claim): void
318  {
319  $this->uid_claim = $claim;
320  }
321 
322  public function getUidClaim(): string
323  {
324  return $this->uid_claim;
325  }
326 
327  public function setLoginClaim(string $claim): void
328  {
329  $this->login_claim = $claim;
330  }
331 
332  public function getLoginClaim(): string
333  {
334  return $this->login_claim;
335  }
336 
337  public function isSynchronizationEnabled(): bool
338  {
339  return $this->sync_status;
340  }
341 
342  public function setSynchronizationStatus(bool $sync): void
343  {
344  $this->sync_status = $sync;
345  }
346 
347  public function isAccountMigrationEnabled(): bool
348  {
349  return $this->account_migration_status;
350  }
351 
352  public function setAccountMigrationStatus(bool $status): void
353  {
354  $this->account_migration_status = $status;
355  }
356 }
ilSamlIdp\bindDbRecord
bindDbRecord(array $record)
Definition: class.ilSamlIdp.php:149
$res
$res
Definition: ltiservices.php:69
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:176
ilSamlException
Class ilSamlException.
Definition: class.ilSamlException.php:25
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar(string $a_post_var)
Definition: class.ilPropertyFormGUI.php:250
ilSamlIdp\setActive
setActive(bool $is_active)
Definition: class.ilSamlIdp.php:282
ilSamlIdp\setDefaultRoleId
setDefaultRoleId(int $role_id)
Definition: class.ilSamlIdp.php:312
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:62
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:190
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilSamlIdp\setEntityId
setEntityId(string $entity_id)
Definition: class.ilSamlIdp.php:272
$DIC
global $DIC
Definition: feed.php:28
ilSamlIdp\setLocalLocalAuthenticationStatus
setLocalLocalAuthenticationStatus(bool $status)
Definition: class.ilSamlIdp.php:302
ilSamlIdp\setUidClaim
setUidClaim(string $claim)
Definition: class.ilSamlIdp.php:317
ilExternalAuthUserAttributeMapping
Class ilExternalAuthUserAttributeMapping.
Definition: class.ilExternalAuthUserAttributeMapping.php:25
ilSamlIdp\setLoginClaim
setLoginClaim(string $claim)
Definition: class.ilSamlIdp.php:327
ilSamlIdp\$idp_as_data
static array $idp_as_data
Definition: class.ilSamlIdp.php:40
ilSamlIdp\$instances
static array $instances
Definition: class.ilSamlIdp.php:29
ilSamlIdp\__construct
__construct(int $a_idp_id=0)
Definition: class.ilSamlIdp.php:42
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ilSamlIdp\$default_role_id
int $default_role_id
Definition: class.ilSamlIdp.php:33
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:230
ilSamlIdp\$login_claim
string $login_claim
Definition: class.ilSamlIdp.php:35
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:257
ilSamlIdp\$uid_claim
string $uid_claim
Definition: class.ilSamlIdp.php:34
ilSamlIdp
Class ilSamlIdp.
Definition: class.ilSamlIdp.php:25
ilSamlIdp\setAccountMigrationStatus
setAccountMigrationStatus(bool $status)
Definition: class.ilSamlIdp.php:352
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:247
ilSamlIdp\$entity_id
string $entity_id
Definition: class.ilSamlIdp.php:37
ilSamlIdp\isAccountMigrationEnabled
isAccountMigrationEnabled()
Definition: class.ilSamlIdp.php:347
ilSamlIdp\setIdpId
setIdpId(int $idp_id)
Definition: class.ilSamlIdp.php:292
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:200
$entityId
if($source===null) if(!($source instanceof SP)) $entityId
Definition: metadata.php:105
ilSamlIdp\$allow_local_auth
bool $allow_local_auth
Definition: class.ilSamlIdp.php:32
ilSamlIdp\allowLocalAuthentication
allowLocalAuthentication()
Definition: class.ilSamlIdp.php:297
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:214
ilSamlIdp\$db
ilDBInterface $db
Definition: class.ilSamlIdp.php:27
ilSamlIdp\isSynchronizationEnabled
isSynchronizationEnabled()
Definition: class.ilSamlIdp.php:337
ilSamlIdp\setSynchronizationStatus
setSynchronizationStatus(bool $sync)
Definition: class.ilSamlIdp.php:342
ilSamlIdp\$account_migration_status
bool $account_migration_status
Definition: class.ilSamlIdp.php:38
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:52