ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Static Public Member Functions | Data Fields | Private Attributes
ilAuthUtils Class Reference
+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 
static handleForcedAuthentication ()
 
static _getAuthMode (?string $a_auth_mode)
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin (string $a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions (ilLanguage $lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 
static getAuthModeTranslation (string $a_auth_key, string $auth_name='')
 

Data Fields

const int LOCAL_PWV_FULL = 1
 
const int LOCAL_PWV_NO = 2
 
const int LOCAL_PWV_USER = 3
 
const int AUTH_LOCAL = 1
 
const int AUTH_LDAP = 2
 
const int AUTH_SCRIPT = 4
 
const int AUTH_SHIBBOLETH = 5
 
const int AUTH_SOAP = 7
 
const int AUTH_HTTP = 8
 
const int AUTH_ECS = 9
 
const int AUTH_APACHE = 11
 
const int AUTH_SAML = 12
 
const int AUTH_OPENID_CONNECT = 15
 
const int AUTH_PROVIDER_LTI = 22
 
const array REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']
 

Private Attributes

const int AUTH_INACTIVE = 18
 
const int AUTH_MULTIPLE = 20
 
const int AUTH_SESSION = 21
 
const int AUTH_SOAP_NO_ILIAS_USER = -100
 
const int AUTH_LDAP_NO_ILIAS_USER = -200
 
const int AUTH_APACHE_FAILED = -500
 
const int AUTH_SAML_FAILED = -501
 
const int AUTH_MODE_INACTIVE = -1000
 
const int AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
 
const int AUTH_USER_WRONG_IP = -600
 
const int AUTH_USER_INACTIVE = -601
 
const int AUTH_USER_TIME_LIMIT_EXCEEDED = -602
 
const int AUTH_USER_SIMULTANEOUS_LOGIN = -603
 

Detailed Description

Definition at line 23 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

Parameters
int | string$a_auth_mode

Definition at line 497 of file class.ilAuthUtils.php.

497 : bool
498 {
499 switch ((int) $a_auth_mode) {
500 case self::AUTH_LDAP:
501 case self::AUTH_ECS:
502 case self::AUTH_PROVIDER_LTI:
503 case self::AUTH_OPENID_CONNECT:
504 return false;
505 default:
506 return true;
507 }
508 }
ilAuthUtils\AUTH_ECS
const int AUTH_ECS
Definition: class.ilAuthUtils.php:35
ilAuthUtils\AUTH_LDAP
const int AUTH_LDAP
Definition: class.ilAuthUtils.php:30
ilAuthUtils\AUTH_OPENID_CONNECT
const int AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:38
ilAuthUtils\AUTH_PROVIDER_LTI
const int AUTH_PROVIDER_LTI
Definition: class.ilAuthUtils.php:45

References AUTH_ECS, AUTH_LDAP, AUTH_OPENID_CONNECT, and AUTH_PROVIDER_LTI.

Referenced by ilPasswordInputGUI\checkInput().

+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin ( string  $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 339 of file class.ilAuthUtils.php.

339 : string
340 {
341 global $DIC;
342
343 $ilDB = $DIC['ilDB'];
344
345 // Check if username already exists
346 $found = false;
347 $postfix = 0;
348 $c_login = $a_login;
349 while (!$found) {
350 $r = $ilDB->query(
351 'SELECT login FROM usr_data WHERE login = ' .
352 $ilDB->quote($c_login)
353 );
354 if ($r->numRows() > 0) {
355 $postfix++;
356 $c_login = $a_login . $postfix;
357 } else {
358 $found = true;
359 }
360 }
361
362 return $c_login;
363 }
$DIC
global $DIC
Definition: shib_login.php:26

References $DIC, and $ilDB.

Referenced by ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static
Returns
array<string, int|string>

Definition at line 231 of file class.ilAuthUtils.php.

231 : array
232 {
233 global $DIC;
234
235 $ilSetting = $DIC['ilSetting'];
236
237 $modes = [
238 'default' => $ilSetting->get('auth_mode'),
239 'local' => self::AUTH_LOCAL
240 ];
241
242 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
243 $modes['ldap_' . $sid] = (self::AUTH_LDAP . '_' . $sid);
244 }
245
246 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
247 $modes['lti_' . $sid] = (self::AUTH_PROVIDER_LTI . '_' . $sid);
248 }
249
250 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
251 $modes['oidc'] = self::AUTH_OPENID_CONNECT;
252 }
253
254 if ($ilSetting->get('shib_active')) {
255 $modes['shibboleth'] = self::AUTH_SHIBBOLETH;
256 }
257 if ($ilSetting->get('script_active')) {
258 $modes['script'] = self::AUTH_SCRIPT;
259 }
260 if ($ilSetting->get('soap_auth_active')) {
261 $modes['soap'] = self::AUTH_SOAP;
262 }
263 if ($ilSetting->get('apache_active')) {
264 $modes['apache'] = self::AUTH_APACHE;
265 }
266
267 if (ilECSServerSettings::getInstance()->activeServerExists()) {
268 $modes['ecs'] = self::AUTH_ECS;
269 }
270
271 foreach (ilSamlIdp::getActiveIdpList() as $idp) {
272 $idpId = $idp->getIdpId();
273 $modes['saml_' . $idpId] = self::AUTH_SAML . '_' . $idpId;
274 }
275
276 // begin-path auth_plugin
277 foreach (self::getAuthPlugins() as $pl) {
278 foreach ($pl->getAuthIds() as $auth_id) {
279 if ($pl->isAuthActive($auth_id)) {
280 $modes[$pl->getAuthName($auth_id)] = $auth_id;
281 }
282 }
283 }
284 // end-path auth_plugin
285 return $modes;
286 }
ilAuthUtils\AUTH_SHIBBOLETH
const int AUTH_SHIBBOLETH
Definition: class.ilAuthUtils.php:32
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilAuthUtils\AUTH_APACHE
const int AUTH_APACHE
Definition: class.ilAuthUtils.php:36
ilAuthUtils\AUTH_SOAP
const int AUTH_SOAP
Definition: class.ilAuthUtils.php:33
ilAuthUtils\AUTH_SCRIPT
const int AUTH_SCRIPT
Definition: class.ilAuthUtils.php:31
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:58
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:223
$ilSetting
global $ilSetting
Definition: privfeed.php:31

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilOpenIdConnectSettings\getInstance(), and ilECSServerSettings\getInstance().

Referenced by ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSMappingUtils\getAuthModeSelection(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static
Returns
array<int|string, string>

Definition at line 291 of file class.ilAuthUtils.php.

291 : array
292 {
293 $modes = [
294 self::AUTH_LOCAL,
295 self::AUTH_LDAP,
296 self::AUTH_SHIBBOLETH,
297 self::AUTH_SAML,
298 self::AUTH_SOAP,
299 self::AUTH_ECS,
300 self::AUTH_PROVIDER_LTI,
301 self::AUTH_OPENID_CONNECT,
302 self::AUTH_APACHE
303 ];
304 $ret = [];
305 foreach ($modes as $mode) {
306 if ($mode === self::AUTH_PROVIDER_LTI) {
307 foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
308 $id = self::AUTH_PROVIDER_LTI . '_' . $sid;
309 $ret[$id] = self::_getAuthModeName($id);
310 }
311 continue;
312 }
313
314 // multi ldap implementation
315 if ($mode === self::AUTH_LDAP) {
316 foreach (ilLDAPServer::_getServerList() as $ldap_id) {
317 $id = self::AUTH_LDAP . '_' . $ldap_id;
318 $ret[$id] = self::_getAuthModeName($id);
319 }
320 continue;
321 }
322
323 if ($mode === self::AUTH_SAML) {
324 foreach (ilSamlIdp::getAllIdps() as $idp) {
325 $id = self::AUTH_SAML . '_' . $idp->getIdpId();
326 $ret[$id] = self::_getAuthModeName($id);
327 }
328 continue;
329 }
330 $ret[$mode] = self::_getAuthModeName($mode);
331 }
332 return $ret;
333 }
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:182
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:238

References $id, _getAuthModeName(), ilLDAPServer\_getServerList(), AUTH_APACHE, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

+ Here is the call graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode ( ?string  $a_auth_mode)
static
Returns
string|int|null

Definition at line 121 of file class.ilAuthUtils.php.

122 {
123 global $DIC;
124
125 $ilSetting = $DIC['ilSetting'];
126
127 if ($a_auth_mode === null) {
128 return $ilSetting->get('auth_mode');
129 }
130
131 if (str_contains($a_auth_mode, '_')) {
132 $auth_arr = explode('_', $a_auth_mode);
133 $auth_switch = $auth_arr[0];
134 } else {
135 $auth_switch = $a_auth_mode;
136 }
137 switch ($auth_switch) {
138 case 'local':
139 return self::AUTH_LOCAL;
140 break;
141
142 case 'ldap':
143 return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
144
145 case 'lti':
146 return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
147
148 case 'script':
149 return self::AUTH_SCRIPT;
150 break;
151
152 case 'shibboleth':
153 return self::AUTH_SHIBBOLETH;
154 break;
155
156 case 'oidc':
157 return self::AUTH_OPENID_CONNECT;
158 break;
159
160 case 'saml':
161 return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
162
163 case 'soap':
164 return self::AUTH_SOAP;
165 break;
166
167 case 'ecs':
168 return self::AUTH_ECS;
169
170 case 'apache':
171 return self::AUTH_APACHE;
172
173 default:
174 return $ilSetting->get('auth_mode');
175 break;
176 }
177 }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:68
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:265

References $DIC, $ilSetting, AUTH_APACHE, AUTH_ECS, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getKeyByAuthMode(), ilAuthProviderLTI\getKeyByAuthMode(), and ilSamlIdp\getKeyByAuthMode().

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), and ilObjUser\getAuthMode().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static
Parameters
$a_auth_keyint|string

Definition at line 182 of file class.ilAuthUtils.php.

182 : string
183 {
184 switch ((int) $a_auth_key) {
185 case self::AUTH_LOCAL:
186 return 'local';
187 break;
188
189 case self::AUTH_LDAP:
190 // begin-patch ldap_multiple
191 return ilLDAPServer::getAuthModeByKey($a_auth_key);
192 // end-patch ldap_multiple
193
194 case self::AUTH_PROVIDER_LTI:
195 return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
196
197 case self::AUTH_SCRIPT:
198 return 'script';
199 break;
200
201 case self::AUTH_SHIBBOLETH:
202 return 'shibboleth';
203 break;
204
205 case self::AUTH_SAML:
206 return ilSamlIdp::getAuthModeByKey($a_auth_key);
207
208 case self::AUTH_SOAP:
209 return 'soap';
210 break;
211
212 case self::AUTH_ECS:
213 return 'ecs';
214
215 case self::AUTH_APACHE:
216 return 'apache';
217
218 case self::AUTH_OPENID_CONNECT:
219 return 'oidc';
220 break;
221
222 default:
223 return 'default';
224 break;
225 }
226 }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:54
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:414
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:255

References AUTH_APACHE, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilLDAPServer\getAuthModeByKey(), ilAuthProviderLTI\getAuthModeByKey(), and ilSamlIdp\getAuthModeByKey().

Referenced by _getAllAuthModes(), ilObjUserGUI\buildAuthModeInput(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilAuthFrontend\handleLoginAttempts(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), and ilUserImportParser\verifyEndTag().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions ( ilLanguage  $lng)
static
Returns
array<int|string, array{"txt": string, "checked"?: bool, "hide_in_ui"?: bool}>

Definition at line 395 of file class.ilAuthUtils.php.

395 : array
396 {
397 global $DIC;
398
399 $ilSetting = $DIC['ilSetting'];
400 $options = [];
401 // in the moment only ldap is activated as additional authentication method
402
403 $options[self::AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
404
405
406 foreach (ilLDAPServer::_getActiveServerList() as $sid) {
407 $server = ilLDAPServer::getInstanceByServerId($sid);
408 $options[self::AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
409 }
410
411 if ($ilSetting->get('apache_active')) {
412 global $DIC;
413
414 $lng = $DIC['lng'];
415 $apache_settings = new ilSetting('apache_auth');
416 $options[self::AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
417 $options[self::AUTH_APACHE]['hide_in_ui'] = true;
418 }
419
420 if ($ilSetting->get('auth_mode', (string) self::AUTH_LOCAL) === (string) self::AUTH_LDAP) {
421 $default = self::AUTH_LDAP;
422 } else {
423 $default = self::AUTH_LOCAL;
424 }
425
426 $default = $ilSetting->get('default_auth_mode', (string) $default);
427
428 // begin-patch auth_plugin
429 $pls = self::getAuthPlugins();
430 foreach ($pls as $pl) {
431 $auths = $pl->getAuthIds();
432 foreach ($auths as $auth_id) {
433 $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
434 if ($pl_auth_option) {
435 $options += $pl_auth_option;
436 }
437 }
438 }
439 // end-patch auth_plugins
440
441 if (array_key_exists($default, $options)) {
442 $options[$default]['checked'] = true;
443 }
444
445 return $options;
446 }
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Definition: class.ilAuthUtils.php:618
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
$lng
global $lng
Definition: privfeed.php:31
$server
$server
Definition: shib_login.php:28

References $DIC, $ilSetting, $lng, $server, ilLDAPServer\_getActiveServerList(), AUTH_APACHE, AUTH_LDAP, AUTH_LOCAL, getAuthPlugins(), and ilLDAPServer\getInstanceByServerId().

Referenced by ilStartUpGUI\buildStandardLoginForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 365 of file class.ilAuthUtils.php.

365 : bool
366 {
367 if (count(ilLDAPServer::_getActiveServerList())) {
368 return true;
369 }
370
371 global $DIC;
372
373 $ilSetting = $DIC['ilSetting'];
374
375 if ($ilSetting->get('apache_active')) {
376 return true;
377 }
378
379 // begin-patch auth_plugin
380 foreach (self::getAuthPlugins() as $pl) {
381 foreach ($pl->getAuthIds() as $auth_id) {
382 if ($pl->getMultipleAuthModeOptions($auth_id)) {
383 return true;
384 }
385 }
386 }
387 // end-patch auth_plugin
388
389 return false;
390 }

References $DIC, $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilStartUpGUI\buildStandardLoginForm(), and ilStartUpGUI\doStandardAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if LDAP or SOAP is active

Definition at line 452 of file class.ilAuthUtils.php.

452 : bool
453 {
454 global $DIC;
455
456 $ilSetting = $DIC['ilSetting'];
457
458 if ($ilSetting->get('soap_auth_active')) {
459 return true;
460 }
461 if ($ilSetting->get('shib_active')) {
462 return true;
463 }
464 if (count(ilLDAPServer::_getActiveServerList())) {
465 return true;
466 }
467
468 if (count(ilAuthProviderLTI::getActiveAuthModes())) {
469 return true;
470 }
471
472 if (count(ilSamlIdp::getActiveIdpList()) > 0) {
473 return true;
474 }
475
476 if (ilOpenIdConnectSettings::getInstance()->getActive()) {
477 return true;
478 }
479
480 // begin-path auth_plugin
481 foreach (self::getAuthPlugins() as $pl) {
482 foreach ($pl->getAuthIds() as $auth_id) {
483 if ($pl->isAuthActive($auth_id) && $pl->isExternalAccountNameRequired($auth_id)) {
484 return true;
485 }
486 }
487 }
488 // end-path auth_plugin
489
490 return false;
491 }
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:81

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\saveObject(), and ilObjUserGUI\updateObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

Parameters
null | string | int$a_auth_modeauth_mode

Definition at line 515 of file class.ilAuthUtils.php.

515 : bool
516 {
517 switch ($a_auth_mode) {
518 case self::AUTH_LOCAL:
519 case self::AUTH_APACHE:
520 return false;
521 default:
522 return true;
523 }
524 }

References AUTH_APACHE, and AUTH_LOCAL.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation ( string  $a_auth_key,
string  $auth_name = '' 
)
static

Definition at line 623 of file class.ilAuthUtils.php.

623 : ?string
624 {
625 global $DIC;
626
627 $lng = $DIC['lng'];
628
629 //TODO fix casting strings like 2_1 (auth_key for first ldap server) to int to get it to 2
630 switch ((int) $a_auth_key) {
631 case self::AUTH_LDAP:
632 $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
633 return ilLDAPServer::getInstanceByServerId($sid)->getName();
634
635 case self::AUTH_PROVIDER_LTI:
636 $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
637 return ilAuthProviderLTI::lookupConsumer($sid);
638
639
640 case self::AUTH_SAML:
641 $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
642 return ilSamlIdp::getInstanceByIdpId($idp_id)->getEntityId();
643
644 default:
645 $lng->loadLanguageModule('auth');
646 if (!empty($auth_name)) {
647 return $lng->txt('auth_' . $auth_name);
648 }
649
650 return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
651 }
652 }
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:131
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:119
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:199
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66

References $DIC, $lng, AUTH_LDAP, AUTH_PROVIDER_LTI, AUTH_SAML, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilLDAPServer\getServerIdByAuthMode(), ilAuthProviderLTI\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilObjUserGUI\buildAuthModeInput(), ilUserTableGUI\fillRow(), ilECSMappingUtils\getAuthModeSelection(), and ilUserTableGUI\initFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static
Returns
Iterator<int, ilAuthPlugin>

Definition at line 618 of file class.ilAuthUtils.php.

618 : Iterator
619 {
620 return $GLOBALS['DIC']['component.factory']->getActivePluginsInSlot('authhk');
621 }
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54

References $GLOBALS.

Referenced by _getMultipleAuthModeOptions(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthModeDetermination\read().

+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 82 of file class.ilAuthUtils.php.

82 : void
83 {
84 global $DIC;
85 $query_wrapper = $DIC->http()->wrapper()->query();
86 $string_refinery = $DIC->refinery()->kindlyTo()->string();
87 if ($query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url')) {
88 $credentials = new ilAuthFrontendCredentials();
89 $credentials->setUsername($query_wrapper->retrieve('ecs_login', $string_refinery));
90 $credentials->setAuthMode((string) self::AUTH_ECS);
91
92 $provider_factory = new ilAuthProviderFactory();
93 $providers = $provider_factory->getProviders($credentials);
94
95 $status = ilAuthStatus::getInstance();
96
97 $frontend_factory = new ilAuthFrontendFactory();
98 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
99 $frontend = $frontend_factory->getFrontend(
100 $GLOBALS['DIC']['ilAuthSession'],
101 $status,
102 $credentials,
103 $providers
104 );
105 $frontend->authenticate();
106
107 switch ($status->getStatus()) {
108 case ilAuthStatus::STATUS_AUTHENTICATED:
109 return;
110
111 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
112 ilInitialisation::goToPublicSection();
113 return;
114 }
115 }
116 }
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:909

References $DIC, $GLOBALS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Definition at line 74 of file class.ilAuthUtils.php.

74 : bool
75 {
76 //TODO rework forced authentication concept
77 global $DIC;
78 $query_wrapper = $DIC->http()->wrapper()->query();
79 return $query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url');
80 }

References $DIC.

Referenced by ilInitialisation\resumeUserSession().

+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int | string$a_authmode

Definition at line 540 of file class.ilAuthUtils.php.

540 : bool
541 {
542 global $DIC;
543
544 $ilSetting = $DIC->settings();
545
546 switch ((int) $a_authmode) {
547 // always enabled
548 case self::AUTH_LOCAL:
549 case self::AUTH_APACHE:
550 return true;
551
552 // No local passwords for these auth modes
553 case self::AUTH_LDAP:
554 case self::AUTH_ECS:
555 case self::AUTH_SCRIPT:
556 case self::AUTH_PROVIDER_LTI:
557 case self::AUTH_OPENID_CONNECT:
558 return false;
559
560 case self::AUTH_SAML:
561 $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode((string) $a_authmode));
562 return $idp->isActive() && $idp->allowLocalAuthentication();
563
564 case self::AUTH_SHIBBOLETH:
565 return (bool) $ilSetting->get('shib_auth_allow_local', '0');
566 case self::AUTH_SOAP:
567 return (bool) $ilSetting->get('soap_auth_allow_local', '0');
568 }
569 return false;
570 }

References $DIC, $ilSetting, AUTH_APACHE, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by isPasswordModificationEnabled(), and ilPasswordAssistanceGUI\submitAssistanceForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int | string$a_authmode

Definition at line 577 of file class.ilAuthUtils.php.

577 : bool
578 {
579 if (self::isPasswordModificationHidden()) {
580 return false;
581 }
582
583 return self::isLocalPasswordEnabledForAuthMode($a_authmode);
584 }
ilAuthUtils\isLocalPasswordEnabledForAuthMode
static isLocalPasswordEnabledForAuthMode($a_authmode)
Check if local password validation is enabled for a specific auth_mode.
Definition: class.ilAuthUtils.php:540

References isLocalPasswordEnabledForAuthMode().

Referenced by ILIAS\Authentication\Password\LocalUserPasswordManager\allowPasswordChange().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
null | string | int$a_authmode
Returns

Definition at line 591 of file class.ilAuthUtils.php.

591 : int
592 {
593 switch ((int) $a_authmode) {
594 case self::AUTH_LDAP:
595 case self::AUTH_LOCAL:
596 return self::LOCAL_PWV_FULL;
597
598 case self::AUTH_SHIBBOLETH:
599 case self::AUTH_OPENID_CONNECT:
600 case self::AUTH_SAML:
601 case self::AUTH_SOAP:
602 if (!self::isPasswordModificationEnabled($a_authmode)) {
603 return self::LOCAL_PWV_NO;
604 }
605 return self::LOCAL_PWV_USER;
606 case self::AUTH_PROVIDER_LTI:
607 case self::AUTH_ECS:
608 case self::AUTH_SCRIPT:
609 case self::AUTH_APACHE:
610 default:
611 return self::LOCAL_PWV_USER;
612 }
613 }
ilAuthUtils\LOCAL_PWV_USER
const int LOCAL_PWV_USER
Definition: class.ilAuthUtils.php:27
ilAuthUtils\LOCAL_PWV_NO
const int LOCAL_PWV_NO
Definition: class.ilAuthUtils.php:26
ilAuthUtils\LOCAL_PWV_FULL
const int LOCAL_PWV_FULL
Definition: class.ilAuthUtils.php:25

References AUTH_APACHE, AUTH_ECS, AUTH_LDAP, AUTH_LOCAL, AUTH_OPENID_CONNECT, AUTH_PROVIDER_LTI, AUTH_SAML, AUTH_SCRIPT, AUTH_SHIBBOLETH, AUTH_SOAP, LOCAL_PWV_FULL, LOCAL_PWV_NO, and LOCAL_PWV_USER.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

+ Here is the caller graph for this function:

Field Documentation

◆ AUTH_APACHE

const int ilAuthUtils::AUTH_APACHE = 11

Definition at line 36 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), _getMultipleAuthModeOptions(), _needsExternalAccountByAuthMode(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ILIAS\Authentication\Form\ApacheAuthSettingsForm\buildLdapEnableInput(), ilStartUpGUI\doApacheAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderApache\getTriggerAuthMode(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), and supportsLocalPasswordValidation().

◆ AUTH_APACHE_FAILED

const int ilAuthUtils::AUTH_APACHE_FAILED = -500
private

Definition at line 55 of file class.ilAuthUtils.php.

◆ AUTH_ECS

const int ilAuthUtils::AUTH_ECS = 9

Definition at line 35 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilAuthProviderFactory\getProviderByAuthMode(), ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_HTTP

const int ilAuthUtils::AUTH_HTTP = 8

Definition at line 34 of file class.ilAuthUtils.php.

◆ AUTH_INACTIVE

const int ilAuthUtils::AUTH_INACTIVE = 18
private

Definition at line 40 of file class.ilAuthUtils.php.

◆ AUTH_LDAP

const int ilAuthUtils::AUTH_LDAP = 2

Definition at line 30 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getAllAuthModes(), _getAuthModeName(), _getMultipleAuthModeOptions(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), getAuthModeTranslation(), ilLDAPServer\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLDAP\getTriggerAuthMode(), ilLDAPServer\isAuthModeLDAP(), ILIAS\LegalDocuments\ConsumerToolbox\User\isLDAPUser(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), supportsLocalPasswordValidation(), and ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\testIsLDAPUser().

◆ AUTH_LDAP_NO_ILIAS_USER

const int ilAuthUtils::AUTH_LDAP_NO_ILIAS_USER = -200
private

Definition at line 50 of file class.ilAuthUtils.php.

◆ AUTH_LOCAL

const int ilAuthUtils::AUTH_LOCAL = 1

Definition at line 29 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), _getMultipleAuthModeOptions(), _needsExternalAccountByAuthMode(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilAccountRegistrationGUI\createUser(), ilStartUpGUI\doMigration(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderCliFactory\getProviders(), ilAuthFrontend\handleLoginAttempts(), ilAuthProviderSaml\handleSamlAuth(), isLocalPasswordEnabledForAuthMode(), ilLTIViewGUI\logout(), ilAuthModeDetermination\read(), ILIAS\Authentication\Password\LocalUserPasswordManager\resetLastPasswordChangeForLocalUsers(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), ILIAS\Authentication\Setup\AbandonCASAuthModeUpdateObjective\step_1(), ilPasswordAssistanceGUI\submitAssistanceForm(), and supportsLocalPasswordValidation().

◆ AUTH_MODE_INACTIVE

const int ilAuthUtils::AUTH_MODE_INACTIVE = -1000
private

Definition at line 59 of file class.ilAuthUtils.php.

◆ AUTH_MULTIPLE

const int ilAuthUtils::AUTH_MULTIPLE = 20
private

Definition at line 42 of file class.ilAuthUtils.php.

◆ AUTH_OPENID_CONNECT

const int ilAuthUtils::AUTH_OPENID_CONNECT = 15

Definition at line 38 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), ilStartUpGUI\doOpenIdConnectAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_PROVIDER_LTI

const int ilAuthUtils::AUTH_PROVIDER_LTI = 22

Definition at line 45 of file class.ilAuthUtils.php.

Referenced by _allowPasswordModificationByAuthMode(), _getAllAuthModes(), _getAuthModeName(), ilStartUpGUI\doLTIAuthentication(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), getAuthModeTranslation(), ilAuthProviderLTI\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLTI\isAuthModeLTI(), ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount(), isLocalPasswordEnabledForAuthMode(), and supportsLocalPasswordValidation().

◆ AUTH_SAML

const int ilAuthUtils::AUTH_SAML = 12

Definition at line 37 of file class.ilAuthUtils.php.

Referenced by _getAllAuthModes(), _getAuthModeName(), ilSamlIdp\delete(), ilStartUpGUI\doSamlAuthentication(), getAuthModeTranslation(), ilSamlIdp\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderSaml\getTriggerAuthMode(), ilSamlAppEventListener\handleEvent(), ilSamlIdp\isAuthModeSaml(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\setAuthModeObject(), ilPasswordAssistanceGUI\submitAssistanceForm(), and supportsLocalPasswordValidation().

◆ AUTH_SAML_FAILED

const int ilAuthUtils::AUTH_SAML_FAILED = -501
private

Definition at line 57 of file class.ilAuthUtils.php.

◆ AUTH_SCRIPT

const int ilAuthUtils::AUTH_SCRIPT = 4

Definition at line 31 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\getAuthModeTitle(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\saveScriptObject(), ilObjAuthSettingsGUI\setAuthModeObject(), and supportsLocalPasswordValidation().

◆ AUTH_SESSION

const int ilAuthUtils::AUTH_SESSION = 21
private

Definition at line 44 of file class.ilAuthUtils.php.

◆ AUTH_SHIBBOLETH

const int ilAuthUtils::AUTH_SHIBBOLETH = 5

Definition at line 32 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ILIAS\AuthShibboleth\LoginPerformer\doShibbolethAuthentication(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), isLocalPasswordEnabledForAuthMode(), ilObjAuthSettingsGUI\setAuthModeObject(), and supportsLocalPasswordValidation().

◆ AUTH_SOAP

const int ilAuthUtils::AUTH_SOAP = 7

Definition at line 33 of file class.ilAuthUtils.php.

Referenced by _getActiveAuthModes(), _getAllAuthModes(), _getAuthMode(), _getAuthModeName(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderSoap\doAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), isLocalPasswordEnabledForAuthMode(), ilAuthModeDetermination\read(), and supportsLocalPasswordValidation().

◆ AUTH_SOAP_NO_ILIAS_USER

const int ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER = -100
private

Definition at line 48 of file class.ilAuthUtils.php.

◆ AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL

const int ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
private

Definition at line 63 of file class.ilAuthUtils.php.

◆ AUTH_USER_INACTIVE

const int ilAuthUtils::AUTH_USER_INACTIVE = -601
private

Definition at line 67 of file class.ilAuthUtils.php.

◆ AUTH_USER_SIMULTANEOUS_LOGIN

const int ilAuthUtils::AUTH_USER_SIMULTANEOUS_LOGIN = -603
private

Definition at line 69 of file class.ilAuthUtils.php.

◆ AUTH_USER_TIME_LIMIT_EXCEEDED

const int ilAuthUtils::AUTH_USER_TIME_LIMIT_EXCEEDED = -602
private

Definition at line 68 of file class.ilAuthUtils.php.

◆ AUTH_USER_WRONG_IP

const int ilAuthUtils::AUTH_USER_WRONG_IP = -600
private

Definition at line 66 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_FULL

const int ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 25 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_NO

const int ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 26 of file class.ilAuthUtils.php.

Referenced by supportsLocalPasswordValidation().

◆ LOCAL_PWV_USER

const int ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 27 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu(), and supportsLocalPasswordValidation().

◆ REGEX_DELIMITERS

const array ilAuthUtils::REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']

Definition at line 72 of file class.ilAuthUtils.php.

Referenced by ilAuthModeDetermination\getAuthModeSequence(), and ilLDAPRoleAssignmentRule\wildcardCompare().

The documentation for this class was generated from the following file: