ILIAS  trunk Revision v11.0_alpha-1811-gd2d5443e411
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Static Public Member Functions | Data Fields | Private Attributes
ilAuthUtils Class Reference

static utility functions used to manage authentication modes More...

+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 Check if authentication is should be forced. More...
 
static handleForcedAuthentication ()
 
static _getAuthMode (?string $a_auth_mode)
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin (string $a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions (ilLanguage $lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 Get active enabled auth plugins. More...
 
static getAuthModeTranslation (string $a_auth_key, string $auth_name='')
 

Data Fields

const LOCAL_PWV_FULL = 1
 
const LOCAL_PWV_NO = 2
 
const LOCAL_PWV_USER = 3
 
const AUTH_LOCAL = 1
 
const AUTH_LDAP = 2
 
const AUTH_SCRIPT = 4
 
const AUTH_SHIBBOLETH = 5
 
const AUTH_CAS = 6
 
const AUTH_SOAP = 7
 
const AUTH_HTTP = 8
 
const AUTH_ECS = 9
 
const AUTH_APACHE = 11
 
const AUTH_SAML = 12
 
const AUTH_OPENID_CONNECT = 15
 
const AUTH_PROVIDER_LTI = 22
 
const REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']
 

Private Attributes

const AUTH_INACTIVE = 18
 
const AUTH_MULTIPLE = 20
 
const AUTH_SESSION = 21
 
const AUTH_SOAP_NO_ILIAS_USER = -100
 
const AUTH_LDAP_NO_ILIAS_USER = -200
 
const AUTH_APACHE_FAILED = -500
 
const AUTH_SAML_FAILED = -501
 
const AUTH_MODE_INACTIVE = -1000
 
const AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
 
const AUTH_CAS_NO_ILIAS_USER = -90
 
const AUTH_USER_WRONG_IP = -600
 
const AUTH_USER_INACTIVE = -601
 
const AUTH_USER_TIME_LIMIT_EXCEEDED = -602
 
const AUTH_USER_SIMULTANEOUS_LOGIN = -603
 

Detailed Description

static utility functions used to manage authentication modes

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Definition at line 26 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

Parameters
int|stringauth_mode

Definition at line 534 of file class.ilAuthUtils.php.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\loadUserDefinedDataFromForm().

534  : bool
535  {
536  switch ((int) $a_auth_mode) {
537  case self::AUTH_LDAP:
538  case self::AUTH_ECS:
539  case self::AUTH_PROVIDER_LTI:
540  case self::AUTH_OPENID_CONNECT:
541  return false;
542  default:
543  return true;
544  }
545  }
+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin ( string  $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 373 of file class.ilAuthUtils.php.

References $DIC, $ilDB, and $r.

Referenced by ilCASAttributeToUser\create(), ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

373  : string
374  {
375  global $DIC;
376 
377  $ilDB = $DIC['ilDB'];
378 
379  // Check if username already exists
380  $found = false;
381  $postfix = 0;
382  $c_login = $a_login;
383  while (!$found) {
384  $r = $ilDB->query("SELECT login FROM usr_data WHERE login = " .
385  $ilDB->quote($c_login));
386  if ($r->numRows() > 0) {
387  $postfix++;
388  $c_login = $a_login . $postfix;
389  } else {
390  $found = true;
391  }
392  }
393 
394  return $c_login;
395  }
$DIC
global $DIC
Definition: shib_login.php:22
$r
$r
Definition: shib_logout.php:140
+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static
Returns
array<string, int|string>

Definition at line 261 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilECSServerSettings\getInstance(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

261  : array
262  {
263  global $DIC;
264 
265  $ilSetting = $DIC['ilSetting'];
266 
267  $modes = [
268  'default' => $ilSetting->get("auth_mode"),
269  'local' => self::AUTH_LOCAL
270  ];
271 
272  foreach (ilLDAPServer::_getActiveServerList() as $sid) {
273  $modes['ldap_' . $sid] = (self::AUTH_LDAP . '_' . $sid);
274  }
275 
276  foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
277  $modes['lti_' . $sid] = (self::AUTH_PROVIDER_LTI . '_' . $sid);
278  }
279 
280  if (ilOpenIdConnectSettings::getInstance()->getActive()) {
281  $modes['oidc'] = self::AUTH_OPENID_CONNECT;
282  }
283 
284  if ($ilSetting->get("shib_active")) {
285  $modes['shibboleth'] = self::AUTH_SHIBBOLETH;
286  }
287  if ($ilSetting->get("script_active")) {
288  $modes['script'] = self::AUTH_SCRIPT;
289  }
290  if ($ilSetting->get("cas_active")) {
291  $modes['cas'] = self::AUTH_CAS;
292  }
293  if ($ilSetting->get("soap_auth_active")) {
294  $modes['soap'] = self::AUTH_SOAP;
295  }
296  if ($ilSetting->get("apache_active")) {
297  $modes['apache'] = self::AUTH_APACHE;
298  }
299 
300  if (ilECSServerSettings::getInstance()->activeServerExists()) {
301  $modes['ecs'] = self::AUTH_ECS;
302  }
303 
304  foreach (ilSamlIdp::getActiveIdpList() as $idp) {
305  $idpId = $idp->getIdpId();
306  $modes['saml_' . $idpId] = self::AUTH_SAML . '_' . $idpId;
307  }
308 
309  // begin-path auth_plugin
310  foreach (self::getAuthPlugins() as $pl) {
311  foreach ($pl->getAuthIds() as $auth_id) {
312  if ($pl->isAuthActive($auth_id)) {
313  $modes[$pl->getAuthName($auth_id)] = $auth_id;
314  }
315  }
316  }
317  // end-path auth_plugin
318  return $modes;
319  }
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:58
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:22
$ilSetting
global $ilSetting
Definition: privfeed.php:31
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:216
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static
Returns
array<int|string, string>

Definition at line 324 of file class.ilAuthUtils.php.

References $id, ilLDAPServer\_getServerList(), ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

324  : array
325  {
326  $modes = array(
327  self::AUTH_LOCAL,
328  self::AUTH_LDAP,
329  self::AUTH_SHIBBOLETH,
330  self::AUTH_SAML,
331  self::AUTH_CAS,
332  self::AUTH_SOAP,
333  self::AUTH_ECS,
334  self::AUTH_PROVIDER_LTI,
335  self::AUTH_OPENID_CONNECT,
336  self::AUTH_APACHE
337  );
338  $ret = array();
339  foreach ($modes as $mode) {
340  if ($mode === self::AUTH_PROVIDER_LTI) {
341  foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
342  $id = self::AUTH_PROVIDER_LTI . '_' . $sid;
343  $ret[$id] = self::_getAuthModeName($id);
344  }
345  continue;
346  }
347 
348  // multi ldap implementation
349  if ($mode === self::AUTH_LDAP) {
350  foreach (ilLDAPServer::_getServerList() as $ldap_id) {
351  $id = self::AUTH_LDAP . '_' . $ldap_id;
352  $ret[$id] = self::_getAuthModeName($id);
353  }
354  continue;
355  }
356 
357  if ($mode === self::AUTH_SAML) {
358  foreach (ilSamlIdp::getAllIdps() as $idp) {
359  $id = self::AUTH_SAML . '_' . $idp->getIdpId();
360  $ret[$id] = self::_getAuthModeName($id);
361  }
362  continue;
363  }
364  $ret[$mode] = self::_getAuthModeName($mode);
365  }
366  return $ret;
367  }
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:231
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode ( ?string  $a_auth_mode)
static
Returns
string|int|null

Definition at line 143 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilAuthProviderLTI\getKeyByAuthMode(), ilSamlIdp\getKeyByAuthMode(), ilLDAPServer\getKeyByAuthMode(), and null.

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\loadUserDefinedDataFromForm().

144  {
145  global $DIC;
146 
147  $ilSetting = $DIC['ilSetting'];
148 
149  if (null === $a_auth_mode) {
150  return $ilSetting->get("auth_mode");
151  }
152 
153  if (strpos($a_auth_mode, '_') !== false) {
154  $auth_arr = explode('_', $a_auth_mode);
155  $auth_switch = $auth_arr[0];
156  } else {
157  $auth_switch = $a_auth_mode;
158  }
159  switch ($auth_switch) {
160  case "local":
161  return self::AUTH_LOCAL;
162  break;
163 
164  case "ldap":
165  return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
166 
167  case 'lti':
168  return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
169 
170  case "script":
171  return self::AUTH_SCRIPT;
172  break;
173 
174  case "shibboleth":
175  return self::AUTH_SHIBBOLETH;
176  break;
177 
178  case 'oidc':
179  return self::AUTH_OPENID_CONNECT;
180  break;
181 
182  case 'saml':
183  return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
184 
185  case "cas":
186  return self::AUTH_CAS;
187  break;
188 
189  case "soap":
190  return self::AUTH_SOAP;
191  break;
192 
193  case 'ecs':
194  return self::AUTH_ECS;
195 
196  case 'apache':
197  return self::AUTH_APACHE;
198 
199  default:
200  return $ilSetting->get("auth_mode");
201  break;
202  }
203  }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:55
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
$DIC
global $DIC
Definition: shib_login.php:22
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:258
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static
Parameters
$a_auth_keyint|string

Definition at line 208 of file class.ilAuthUtils.php.

References ilAuthProviderLTI\getAuthModeByKey(), ilSamlIdp\getAuthModeByKey(), and ilLDAPServer\getAuthModeByKey().

Referenced by ilObjUser\_checkExternalAuthAccount(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilAuthFrontend\handleLoginAttempts(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), ilObjUserGUI\initForm(), and ilUserImportParser\verifyEndTag().

208  : string
209  {
210  switch ((int) $a_auth_key) {
211  case self::AUTH_LOCAL:
212  return "local";
213  break;
214 
215  case self::AUTH_LDAP:
216  // begin-patch ldap_multiple
217  return ilLDAPServer::getAuthModeByKey($a_auth_key);
218  // end-patch ldap_multiple
219 
220  case self::AUTH_PROVIDER_LTI:
221  return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
222 
223  case self::AUTH_CAS:
224  return "cas";
225  break;
226 
227  case self::AUTH_SCRIPT:
228  return "script";
229  break;
230 
231  case self::AUTH_SHIBBOLETH:
232  return "shibboleth";
233  break;
234 
235  case self::AUTH_SAML:
236  return ilSamlIdp::getAuthModeByKey($a_auth_key);
237 
238  case self::AUTH_SOAP:
239  return "soap";
240  break;
241 
242  case self::AUTH_ECS:
243  return 'ecs';
244 
245  case self::AUTH_APACHE:
246  return 'apache';
247 
248  case self::AUTH_OPENID_CONNECT:
249  return 'oidc';
250  break;
251 
252  default:
253  return "default";
254  break;
255  }
256  }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:41
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:248
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:414
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions ( ilLanguage  $lng)
static
Parameters
ilLanguage$lng
Returns
array<int|string, array{"txt": string, "checked"?: bool, "hide_in_ui"?: bool}>

Definition at line 429 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, $server, ilLDAPServer\_getActiveServerList(), ilLDAPServer\getInstanceByServerId(), and ilLanguage\txt().

Referenced by ilStartUpGUI\buildStandardLoginForm().

429  : array
430  {
431  global $DIC;
432 
433  $ilSetting = $DIC['ilSetting'];
434  $options = [];
435  // in the moment only ldap is activated as additional authentication method
436 
437  $options[self::AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
438 
439 
440  foreach (ilLDAPServer::_getActiveServerList() as $sid) {
441  $server = ilLDAPServer::getInstanceByServerId($sid);
442  $options[self::AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
443  }
444 
445  if ($ilSetting->get('apache_active')) {
446  global $DIC;
447 
448  $lng = $DIC['lng'];
449  $apache_settings = new ilSetting('apache_auth');
450  $options[self::AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
451  $options[self::AUTH_APACHE]['hide_in_ui'] = true;
452  }
453 
454  if ($ilSetting->get('auth_mode', (string) self::AUTH_LOCAL) === (string) self::AUTH_LDAP) {
455  $default = self::AUTH_LDAP;
456  } else {
457  $default = self::AUTH_LOCAL;
458  }
459 
460  $default = $ilSetting->get('default_auth_mode', (string) $default);
461 
462  // begin-patch auth_plugin
463  $pls = self::getAuthPlugins();
464  foreach ($pls as $pl) {
465  $auths = $pl->getAuthIds();
466  foreach ($auths as $auth_id) {
467  $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
468  if ($pl_auth_option) {
469  $options += $pl_auth_option;
470  }
471  }
472  }
473  // end-patch auth_plugins
474 
475  if (array_key_exists($default, $options)) {
476  $options[$default]['checked'] = true;
477  }
478 
479  return $options;
480  }
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:170
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:22
$ilSetting
global $ilSetting
Definition: privfeed.php:31
$server
$server
Definition: shib_login.php:24
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 397 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilStartUpGUI\buildStandardLoginForm(), and ilStartUpGUI\doStandardAuthentication().

397  : bool
398  {
399  if (count(ilLDAPServer::_getActiveServerList())) {
400  return true;
401  }
402 
403  global $DIC;
404 
405  $ilSetting = $DIC['ilSetting'];
406 
407  if ($ilSetting->get('apache_active')) {
408  return true;
409  }
410 
411  // begin-patch auth_plugin
412  foreach (self::getAuthPlugins() as $pl) {
413  foreach ($pl->getAuthIds() as $auth_id) {
414  if ($pl->getMultipleAuthModeOptions($auth_id)) {
415  return true;
416  }
417  }
418  }
419  // end-patch auth_plugin
420 
421 
422  return false;
423  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:22
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if LDAP, CAS or SOAP is active

Definition at line 486 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\initForm(), and ilObjUserGUI\saveObject().

486  : bool
487  {
488  global $DIC;
489 
490  $ilSetting = $DIC['ilSetting'];
491 
492  if ($ilSetting->get("cas_active")) {
493  return true;
494  }
495  if ($ilSetting->get("soap_auth_active")) {
496  return true;
497  }
498  if ($ilSetting->get("shib_active")) {
499  return true;
500  }
501  if (count(ilLDAPServer::_getActiveServerList())) {
502  return true;
503  }
504 
505  if (count(ilAuthProviderLTI::getActiveAuthModes())) {
506  return true;
507  }
508 
509  if (count(ilSamlIdp::getActiveIdpList()) > 0) {
510  return true;
511  }
512 
513  if (ilOpenIdConnectSettings::getInstance()->getActive()) {
514  return true;
515  }
516 
517  // begin-path auth_plugin
518  foreach (self::getAuthPlugins() as $pl) {
519  foreach ($pl->getAuthIds() as $auth_id) {
520  if ($pl->isAuthActive($auth_id) && $pl->isExternalAccountNameRequired($auth_id)) {
521  return true;
522  }
523  }
524  }
525  // end-path auth_plugin
526 
527  return false;
528  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:68
$DIC
global $DIC
Definition: shib_login.php:22
$ilSetting
global $ilSetting
Definition: privfeed.php:31
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:216
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

Parameters
null | string | int$a_auth_modeauth_mode

Definition at line 552 of file class.ilAuthUtils.php.

References $DIC, and $ilSetting.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

552  : bool
553  {
554  switch ($a_auth_mode) {
555  case self::AUTH_LOCAL:
556  case self::AUTH_APACHE:
557  return false;
558  default:
559  return true;
560  }
561  }
+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation ( string  $a_auth_key,
string  $auth_name = '' 
)
static

Definition at line 669 of file class.ilAuthUtils.php.

References $DIC, $lng, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilAuthProviderLTI\getServerIdByAuthMode(), ilLDAPServer\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

669  : ?string
670  {
671  global $DIC;
672 
673  $lng = $DIC['lng'];
674 
675  //TODO fix casting strings like 2_1 (auth_key for first ldap server) to int to get it to 2
676  switch ((int) $a_auth_key) {
677  case self::AUTH_LDAP:
678  $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
679  return ilLDAPServer::getInstanceByServerId($sid)->getName();
680 
681  case self::AUTH_PROVIDER_LTI:
682  $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
683  return ilAuthProviderLTI::lookupConsumer($sid);
684 
685 
686  case self::AUTH_SAML:
687  $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
688  return ilSamlIdp::getInstanceByIdpId($idp_id)->getEntityId();
689 
690  default:
691  $lng->loadLanguageModule('auth');
692  if (!empty($auth_name)) {
693  return $lng->txt('auth_' . $auth_name);
694  }
695 
696  return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
697  }
698  }
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:118
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:106
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:64
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:192
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
$DIC
global $DIC
Definition: shib_login.php:22
$lng
global $lng
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static

Get active enabled auth plugins.

Definition at line 664 of file class.ilAuthUtils.php.

References $GLOBALS.

Referenced by ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthModeDetermination\read().

664  : \Iterator
665  {
666  return $GLOBALS['DIC']['component.factory']->getActivePluginsInSlot('authhk');
667  }
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 103 of file class.ilAuthUtils.php.

References $DIC, $GLOBALS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

103  : void
104  {
105  global $DIC;
106  $query_wrapper = $DIC->http()->wrapper()->query();
107  $string_refinery = $DIC->refinery()->kindlyTo()->string();
108  if ($query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url')) {
109  $credentials = new ilAuthFrontendCredentials();
110  $credentials->setUsername($query_wrapper->retrieve('ecs_login', $string_refinery));
111  $credentials->setAuthMode((string) self::AUTH_ECS);
112 
113  $provider_factory = new ilAuthProviderFactory();
114  $providers = $provider_factory->getProviders($credentials);
115 
116  $status = ilAuthStatus::getInstance();
117 
118  $frontend_factory = new ilAuthFrontendFactory();
119  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
120  $frontend = $frontend_factory->getFrontend(
121  $GLOBALS['DIC']['ilAuthSession'],
122  $status,
123  $credentials,
124  $providers
125  );
126 
127  $frontend->authenticate();
128 
129  switch ($status->getStatus()) {
130  case ilAuthStatus::STATUS_AUTHENTICATED:
131  return;
132 
133  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
134  ilInitialisation::goToPublicSection();
135  return;
136  }
137  }
138  }
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:27
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:910
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
$DIC
global $DIC
Definition: shib_login.php:22
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Check if authentication is should be forced.

Definition at line 95 of file class.ilAuthUtils.php.

References $DIC.

Referenced by ilInitialisation\resumeUserSession().

95  : bool
96  {
97  //TODO rework forced authentication concept
98  global $DIC;
99  $query_wrapper = $DIC->http()->wrapper()->query();
100  return $query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url');
101  }
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int | string$a_authmode
Returns
bool

Definition at line 581 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPasswordAssistanceGUI\submitAssistanceForm(), and ilAuthProviderDatabase\withoutPasswordVerification().

581  : bool
582  {
583  global $DIC;
584 
585  $ilSetting = $DIC->settings();
586 
587  switch ((int) $a_authmode) {
588  // always enabled
589  case self::AUTH_LOCAL:
590  case self::AUTH_APACHE:
591  return true;
592 
593  // No local passwords for these auth modes
594  case self::AUTH_LDAP:
595  case self::AUTH_ECS:
596  case self::AUTH_SCRIPT:
597  case self::AUTH_PROVIDER_LTI:
598  case self::AUTH_OPENID_CONNECT:
599  return false;
600 
601  case self::AUTH_SAML:
602  $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode((string) $a_authmode));
603  return $idp->isActive() && $idp->allowLocalAuthentication();
604 
605  case self::AUTH_SHIBBOLETH:
606  return (bool) $ilSetting->get("shib_auth_allow_local", '0');
607  case self::AUTH_SOAP:
608  return (bool) $ilSetting->get("soap_auth_allow_local", '0');
609  case self::AUTH_CAS:
610  return (bool) $ilSetting->get("cas_allow_local", '0');
611  }
612  return false;
613  }
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:64
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:192
$DIC
global $DIC
Definition: shib_login.php:22
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int | string$a_authmode
Returns
bool

Definition at line 621 of file class.ilAuthUtils.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\allowPasswordChange().

621  : bool
622  {
623  if (self::isPasswordModificationHidden()) {
624  return false;
625  }
626 
627  return self::isLocalPasswordEnabledForAuthMode($a_authmode);
628  }
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
null | string | int$a_authmode
Returns

Definition at line 635 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

635  : int
636  {
637  switch ((int) $a_authmode) {
638  case self::AUTH_LDAP:
639  case self::AUTH_LOCAL:
640  return self::LOCAL_PWV_FULL;
641 
642  case self::AUTH_SHIBBOLETH:
643  case self::AUTH_OPENID_CONNECT:
644  case self::AUTH_SAML:
645  case self::AUTH_SOAP:
646  case self::AUTH_CAS:
647  if (!self::isPasswordModificationEnabled($a_authmode)) {
648  return self::LOCAL_PWV_NO;
649  }
650  return self::LOCAL_PWV_USER;
651 
652  case self::AUTH_PROVIDER_LTI:
653  case self::AUTH_ECS:
654  case self::AUTH_SCRIPT:
655  case self::AUTH_APACHE:
656  default:
657  return self::LOCAL_PWV_USER;
658  }
659  }
+ Here is the caller graph for this function:

Field Documentation

◆ AUTH_APACHE

const ilAuthUtils::AUTH_APACHE = 11

Definition at line 42 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilStartUpGUI\doApacheAuthentication(), ilObjAuthSettingsGUI\getApacheAuthSettingsForm(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderApache\getTriggerAuthMode(), ilAuthModeDetermination\read(), and ilObjAuthSettingsGUI\saveApacheSettingsObject().

◆ AUTH_APACHE_FAILED

const ilAuthUtils::AUTH_APACHE_FAILED = -500
private

Definition at line 67 of file class.ilAuthUtils.php.

◆ AUTH_CAS

const ilAuthUtils::AUTH_CAS = 6

Definition at line 37 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilAuthProviderCAS\doAuthentication(), ilStartUpGUI\doCasAuthentication(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderCAS\handleLDAPDataSource(), ilCASSettingsGUI\initFormSettings(), and ilCASSettingsGUI\save().

◆ AUTH_CAS_NO_ILIAS_USER

const ilAuthUtils::AUTH_CAS_NO_ILIAS_USER = -90
private

Definition at line 80 of file class.ilAuthUtils.php.

◆ AUTH_ECS

const ilAuthUtils::AUTH_ECS = 9

Definition at line 40 of file class.ilAuthUtils.php.

Referenced by ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilAuthProviderFactory\getProviderByAuthMode(), and ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount().

◆ AUTH_HTTP

const ilAuthUtils::AUTH_HTTP = 8

Definition at line 39 of file class.ilAuthUtils.php.

◆ AUTH_INACTIVE

const ilAuthUtils::AUTH_INACTIVE = 18
private

Definition at line 48 of file class.ilAuthUtils.php.

◆ AUTH_LDAP

const ilAuthUtils::AUTH_LDAP = 2

Definition at line 34 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLDAPServer\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLDAP\getTriggerAuthMode(), ilLDAPServer\isAuthModeLDAP(), ILIAS\LegalDocuments\ConsumerToolbox\User\isLDAPUser(), ilAuthModeDetermination\read(), and ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\testIsLDAPUser().

◆ AUTH_LDAP_NO_ILIAS_USER

const ilAuthUtils::AUTH_LDAP_NO_ILIAS_USER = -200
private

Definition at line 61 of file class.ilAuthUtils.php.

◆ AUTH_LOCAL

const ilAuthUtils::AUTH_LOCAL = 1

Definition at line 33 of file class.ilAuthUtils.php.

Referenced by ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilAccountRegistrationGUI\createUser(), ilStartUpGUI\doMigration(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderCliFactory\getProviders(), ilAuthFrontend\handleLoginAttempts(), ilAuthProviderSaml\handleSamlAuth(), ilLTIViewGUI\logout(), ilAuthModeDetermination\read(), ILIAS\Data\Password\LocalUserPasswordManager\resetLastPasswordChangeForLocalUsers(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), and ilPasswordAssistanceGUI\submitAssistanceForm().

◆ AUTH_MODE_INACTIVE

const ilAuthUtils::AUTH_MODE_INACTIVE = -1000
private

Definition at line 73 of file class.ilAuthUtils.php.

◆ AUTH_MULTIPLE

const ilAuthUtils::AUTH_MULTIPLE = 20
private

Definition at line 51 of file class.ilAuthUtils.php.

◆ AUTH_OPENID_CONNECT

const ilAuthUtils::AUTH_OPENID_CONNECT = 15

Definition at line 45 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilStartUpGUI\doOpenIdConnectAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthProviderOpenIdConnect\handleUpdate().

◆ AUTH_PROVIDER_LTI

const ilAuthUtils::AUTH_PROVIDER_LTI = 22

Definition at line 56 of file class.ilAuthUtils.php.

Referenced by ilStartUpGUI\doLTIAuthentication(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilAuthProviderLTI\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLTI\isAuthModeLTI(), and ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount().

◆ AUTH_SAML

const ilAuthUtils::AUTH_SAML = 12

Definition at line 43 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilSamlIdp\delete(), ilStartUpGUI\doSamlAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilSamlIdp\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderSaml\getTriggerAuthMode(), ilSamlAppEventListener\handleEvent(), ilSamlIdp\isAuthModeSaml(), ilObjAuthSettingsGUI\setAuthModeObject(), ilStartUpGUI\showLogout(), and ilPasswordAssistanceGUI\submitAssistanceForm().

◆ AUTH_SAML_FAILED

const ilAuthUtils::AUTH_SAML_FAILED = -501
private

Definition at line 70 of file class.ilAuthUtils.php.

◆ AUTH_SCRIPT

const ilAuthUtils::AUTH_SCRIPT = 4

Definition at line 35 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\getAuthModeTitle(), ilObjAuthSettingsGUI\saveScriptObject(), and ilObjAuthSettingsGUI\setAuthModeObject().

◆ AUTH_SESSION

const ilAuthUtils::AUTH_SESSION = 21
private

Definition at line 54 of file class.ilAuthUtils.php.

◆ AUTH_SHIBBOLETH

const ilAuthUtils::AUTH_SHIBBOLETH = 5

Definition at line 36 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilStartUpGUI\doShibbolethAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), and ilObjAuthSettingsGUI\setAuthModeObject().

◆ AUTH_SOAP

const ilAuthUtils::AUTH_SOAP = 7

Definition at line 38 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderSoap\doAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthModeDetermination\read().

◆ AUTH_SOAP_NO_ILIAS_USER

const ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER = -100
private

Definition at line 59 of file class.ilAuthUtils.php.

◆ AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL

const ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
private

Definition at line 78 of file class.ilAuthUtils.php.

◆ AUTH_USER_INACTIVE

const ilAuthUtils::AUTH_USER_INACTIVE = -601
private

Definition at line 85 of file class.ilAuthUtils.php.

◆ AUTH_USER_SIMULTANEOUS_LOGIN

const ilAuthUtils::AUTH_USER_SIMULTANEOUS_LOGIN = -603
private

Definition at line 87 of file class.ilAuthUtils.php.

◆ AUTH_USER_TIME_LIMIT_EXCEEDED

const ilAuthUtils::AUTH_USER_TIME_LIMIT_EXCEEDED = -602
private

Definition at line 86 of file class.ilAuthUtils.php.

◆ AUTH_USER_WRONG_IP

const ilAuthUtils::AUTH_USER_WRONG_IP = -600
private

Definition at line 84 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_FULL

const ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 28 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_NO

const ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 29 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_USER

const ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 30 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

◆ REGEX_DELIMITERS

const ilAuthUtils::REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']

Definition at line 90 of file class.ilAuthUtils.php.

Referenced by ilAuthModeDetermination\getAuthModeSequence(), and ilLDAPRoleAssignmentRule\wildcardCompare().

The documentation for this class was generated from the following file: