ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
Static Public Member Functions | Data Fields | Private Attributes
ilAuthUtils Class Reference
+ Collaboration diagram for ilAuthUtils:

Static Public Member Functions

static isAuthenticationForced ()
 
static handleForcedAuthentication ()
 
static _getAuthMode (?string $a_auth_mode)
 
static _getAuthModeName ($a_auth_key)
 
static _getActiveAuthModes ()
 
static _getAllAuthModes ()
 
static _generateLogin (string $a_login)
 generate free login by starting with a default string and adding postfix numbers More...
 
static _hasMultipleAuthenticationMethods ()
 
static _getMultipleAuthModeOptions (ilLanguage $lng)
 
static _isExternalAccountEnabled ()
 Check if an external account name is required. More...
 
static _allowPasswordModificationByAuthMode ($a_auth_mode)
 Allow password modification. More...
 
static _needsExternalAccountByAuthMode ($a_auth_mode)
 Check if chosen auth mode needs an external account entry. More...
 
static isLocalPasswordEnabledForAuthMode ($a_authmode)
 Check if local password validation is enabled for a specific auth_mode. More...
 
static isPasswordModificationEnabled ($a_authmode)
 Check if password modification is enabled. More...
 
static supportsLocalPasswordValidation ($a_authmode)
 Check if local password validation is supported. More...
 
static getAuthPlugins ()
 
static getAuthModeTranslation (string $a_auth_key, string $auth_name='')
 

Data Fields

const int LOCAL_PWV_FULL = 1
 
const int LOCAL_PWV_NO = 2
 
const int LOCAL_PWV_USER = 3
 
const int AUTH_LOCAL = 1
 
const int AUTH_LDAP = 2
 
const int AUTH_SCRIPT = 4
 
const int AUTH_SHIBBOLETH = 5
 
const int AUTH_SOAP = 7
 
const int AUTH_HTTP = 8
 
const int AUTH_ECS = 9
 
const int AUTH_APACHE = 11
 
const int AUTH_SAML = 12
 
const int AUTH_OPENID_CONNECT = 15
 
const int AUTH_PROVIDER_LTI = 22
 
const array REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']
 

Private Attributes

const int AUTH_INACTIVE = 18
 
const int AUTH_MULTIPLE = 20
 
const int AUTH_SESSION = 21
 
const int AUTH_SOAP_NO_ILIAS_USER = -100
 
const int AUTH_LDAP_NO_ILIAS_USER = -200
 
const int AUTH_APACHE_FAILED = -500
 
const int AUTH_SAML_FAILED = -501
 
const int AUTH_MODE_INACTIVE = -1000
 
const int AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
 
const int AUTH_USER_WRONG_IP = -600
 
const int AUTH_USER_INACTIVE = -601
 
const int AUTH_USER_TIME_LIMIT_EXCEEDED = -602
 
const int AUTH_USER_SIMULTANEOUS_LOGIN = -603
 

Detailed Description

Definition at line 21 of file class.ilAuthUtils.php.

Member Function Documentation

◆ _allowPasswordModificationByAuthMode()

static ilAuthUtils::_allowPasswordModificationByAuthMode (   $a_auth_mode)
static

Allow password modification.

Parameters
int | string$a_auth_mode

Definition at line 495 of file class.ilAuthUtils.php.

Referenced by ilPasswordInputGUI\checkInput(), and ilObjUserGUI\loadUserDefinedDataFromForm().

495  : bool
496  {
497  switch ((int) $a_auth_mode) {
498  case self::AUTH_LDAP:
499  case self::AUTH_ECS:
500  case self::AUTH_PROVIDER_LTI:
501  case self::AUTH_OPENID_CONNECT:
502  return false;
503  default:
504  return true;
505  }
506  }
+ Here is the caller graph for this function:

◆ _generateLogin()

static ilAuthUtils::_generateLogin ( string  $a_login)
static

generate free login by starting with a default string and adding postfix numbers

Definition at line 337 of file class.ilAuthUtils.php.

References $DIC, $ilDB, and $r.

Referenced by ilAuthProviderECS\createUser(), ilAuthProviderLTI\createUser(), ilAuthProviderSoap\handleSoapAuth(), ilAuthProviderSaml\importUser(), ilOpenIdConnectUserSync\transformToXml(), and ilLDAPAttributeToUser\usersToXML().

337  : string
338  {
339  global $DIC;
340 
341  $ilDB = $DIC['ilDB'];
342 
343  // Check if username already exists
344  $found = false;
345  $postfix = 0;
346  $c_login = $a_login;
347  while (!$found) {
348  $r = $ilDB->query(
349  'SELECT login FROM usr_data WHERE login = ' .
350  $ilDB->quote($c_login)
351  );
352  if ($r->numRows() > 0) {
353  $postfix++;
354  $c_login = $a_login . $postfix;
355  } else {
356  $found = true;
357  }
358  }
359 
360  return $c_login;
361  }
$DIC
global $DIC
Definition: shib_login.php:26
$r
$r
Definition: shib_logout.php:142
+ Here is the caller graph for this function:

◆ _getActiveAuthModes()

static ilAuthUtils::_getActiveAuthModes ( )
static
Returns
array<string, int|string>

Definition at line 229 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilSamlIdp\getActiveIdpList(), ilAuthProviderLTI\getAuthModes(), ilECSServerSettings\getInstance(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

229  : array
230  {
231  global $DIC;
232 
233  $ilSetting = $DIC['ilSetting'];
234 
235  $modes = [
236  'default' => $ilSetting->get('auth_mode'),
237  'local' => self::AUTH_LOCAL
238  ];
239 
240  foreach (ilLDAPServer::_getActiveServerList() as $sid) {
241  $modes['ldap_' . $sid] = (self::AUTH_LDAP . '_' . $sid);
242  }
243 
244  foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
245  $modes['lti_' . $sid] = (self::AUTH_PROVIDER_LTI . '_' . $sid);
246  }
247 
248  if (ilOpenIdConnectSettings::getInstance()->getActive()) {
249  $modes['oidc'] = self::AUTH_OPENID_CONNECT;
250  }
251 
252  if ($ilSetting->get('shib_active')) {
253  $modes['shibboleth'] = self::AUTH_SHIBBOLETH;
254  }
255  if ($ilSetting->get('script_active')) {
256  $modes['script'] = self::AUTH_SCRIPT;
257  }
258  if ($ilSetting->get('soap_auth_active')) {
259  $modes['soap'] = self::AUTH_SOAP;
260  }
261  if ($ilSetting->get('apache_active')) {
262  $modes['apache'] = self::AUTH_APACHE;
263  }
264 
265  if (ilECSServerSettings::getInstance()->activeServerExists()) {
266  $modes['ecs'] = self::AUTH_ECS;
267  }
268 
269  foreach (ilSamlIdp::getActiveIdpList() as $idp) {
270  $idpId = $idp->getIdpId();
271  $modes['saml_' . $idpId] = self::AUTH_SAML . '_' . $idpId;
272  }
273 
274  // begin-path auth_plugin
275  foreach (self::getAuthPlugins() as $pl) {
276  foreach ($pl->getAuthIds() as $auth_id) {
277  if ($pl->isAuthActive($auth_id)) {
278  $modes[$pl->getAuthName($auth_id)] = $auth_id;
279  }
280  }
281  }
282  // end-path auth_plugin
283  return $modes;
284  }
ilECSServerSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilECSServerSettings.php:58
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:26
$ilSetting
global $ilSetting
Definition: privfeed.php:31
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:222
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAllAuthModes()

static ilAuthUtils::_getAllAuthModes ( )
static
Returns
array<int|string, string>

Definition at line 289 of file class.ilAuthUtils.php.

References $id, ilLDAPServer\_getServerList(), ilSamlIdp\getAllIdps(), and ilAuthProviderLTI\getAuthModes().

Referenced by ilObjAuthSettingsGUI\authSettingsObject().

289  : array
290  {
291  $modes = [
292  self::AUTH_LOCAL,
293  self::AUTH_LDAP,
294  self::AUTH_SHIBBOLETH,
295  self::AUTH_SAML,
296  self::AUTH_SOAP,
297  self::AUTH_ECS,
298  self::AUTH_PROVIDER_LTI,
299  self::AUTH_OPENID_CONNECT,
300  self::AUTH_APACHE
301  ];
302  $ret = [];
303  foreach ($modes as $mode) {
304  if ($mode === self::AUTH_PROVIDER_LTI) {
305  foreach (ilAuthProviderLTI::getAuthModes() as $sid) {
306  $id = self::AUTH_PROVIDER_LTI . '_' . $sid;
307  $ret[$id] = self::_getAuthModeName($id);
308  }
309  continue;
310  }
311 
312  // multi ldap implementation
313  if ($mode === self::AUTH_LDAP) {
314  foreach (ilLDAPServer::_getServerList() as $ldap_id) {
315  $id = self::AUTH_LDAP . '_' . $ldap_id;
316  $ret[$id] = self::_getAuthModeName($id);
317  }
318  continue;
319  }
320 
321  if ($mode === self::AUTH_SAML) {
322  foreach (ilSamlIdp::getAllIdps() as $idp) {
323  $id = self::AUTH_SAML . '_' . $idp->getIdpId();
324  $ret[$id] = self::_getAuthModeName($id);
325  }
326  continue;
327  }
328  $ret[$mode] = self::_getAuthModeName($mode);
329  }
330  return $ret;
331  }
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilSamlIdp\getAllIdps
static getAllIdps()
Definition: class.ilSamlIdp.php:237
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilAuthUtils::_getAuthMode ( ?string  $a_auth_mode)
static
Returns
string|int|null

Definition at line 119 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilAuthProviderLTI\getKeyByAuthMode(), ilSamlIdp\getKeyByAuthMode(), ilLDAPServer\getKeyByAuthMode(), and null.

Referenced by ilPasswordInputGUI\checkInput(), ilUserTableGUI\fillRow(), ilObjUser\getAuthMode(), and ilObjUserGUI\loadUserDefinedDataFromForm().

120  {
121  global $DIC;
122 
123  $ilSetting = $DIC['ilSetting'];
124 
125  if ($a_auth_mode === null) {
126  return $ilSetting->get('auth_mode');
127  }
128 
129  if (str_contains($a_auth_mode, '_')) {
130  $auth_arr = explode('_', $a_auth_mode);
131  $auth_switch = $auth_arr[0];
132  } else {
133  $auth_switch = $a_auth_mode;
134  }
135  switch ($auth_switch) {
136  case 'local':
137  return self::AUTH_LOCAL;
138  break;
139 
140  case 'ldap':
141  return ilLDAPServer::getKeyByAuthMode($a_auth_mode);
142 
143  case 'lti':
144  return ilAuthProviderLTI::getKeyByAuthMode($a_auth_mode);
145 
146  case 'script':
147  return self::AUTH_SCRIPT;
148  break;
149 
150  case 'shibboleth':
151  return self::AUTH_SHIBBOLETH;
152  break;
153 
154  case 'oidc':
155  return self::AUTH_OPENID_CONNECT;
156  break;
157 
158  case 'saml':
159  return ilSamlIdp::getKeyByAuthMode($a_auth_mode);
160 
161  case 'soap':
162  return self::AUTH_SOAP;
163  break;
164 
165  case 'ecs':
166  return self::AUTH_ECS;
167 
168  case 'apache':
169  return self::AUTH_APACHE;
170 
171  default:
172  return $ilSetting->get('auth_mode');
173  break;
174  }
175  }
ilAuthProviderLTI\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:55
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
$DIC
global $DIC
Definition: shib_login.php:26
ilSamlIdp\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:264
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getAuthModeName()

static ilAuthUtils::_getAuthModeName (   $a_auth_key)
static
Parameters
$a_auth_keyint|string

Definition at line 180 of file class.ilAuthUtils.php.

References ilAuthProviderLTI\getAuthModeByKey(), ilSamlIdp\getAuthModeByKey(), and ilLDAPServer\getAuthModeByKey().

Referenced by ilObjUser\_checkExternalAuthAccount(), ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ilLDAPServer\getAuthenticationMappingKey(), ilAuthFrontend\handleLoginAttempts(), ilUserImportParser\importEndTag(), ilUserTableGUI\initFilter(), ilObjUserGUI\initForm(), and ilUserImportParser\verifyEndTag().

180  : string
181  {
182  switch ((int) $a_auth_key) {
183  case self::AUTH_LOCAL:
184  return 'local';
185  break;
186 
187  case self::AUTH_LDAP:
188  // begin-patch ldap_multiple
189  return ilLDAPServer::getAuthModeByKey($a_auth_key);
190  // end-patch ldap_multiple
191 
192  case self::AUTH_PROVIDER_LTI:
193  return ilAuthProviderLTI::getAuthModeByKey($a_auth_key);
194 
195  case self::AUTH_SCRIPT:
196  return 'script';
197  break;
198 
199  case self::AUTH_SHIBBOLETH:
200  return 'shibboleth';
201  break;
202 
203  case self::AUTH_SAML:
204  return ilSamlIdp::getAuthModeByKey($a_auth_key);
205 
206  case self::AUTH_SOAP:
207  return 'soap';
208  break;
209 
210  case self::AUTH_ECS:
211  return 'ecs';
212 
213  case self::AUTH_APACHE:
214  return 'apache';
215 
216  case self::AUTH_OPENID_CONNECT:
217  return 'oidc';
218  break;
219 
220  default:
221  return 'default';
222  break;
223  }
224  }
ilAuthProviderLTI\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Get auth mode by key.
Definition: class.ilAuthProviderLTI.php:41
ilSamlIdp\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
Definition: class.ilSamlIdp.php:254
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:414
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getMultipleAuthModeOptions()

static ilAuthUtils::_getMultipleAuthModeOptions ( ilLanguage  $lng)
static
Returns
array<int|string, array{"txt": string, "checked"?: bool, "hide_in_ui"?: bool}>

Definition at line 393 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, $server, ilLDAPServer\_getActiveServerList(), ilLDAPServer\getInstanceByServerId(), and ilLanguage\txt().

Referenced by ilStartUpGUI\buildStandardLoginForm().

393  : array
394  {
395  global $DIC;
396 
397  $ilSetting = $DIC['ilSetting'];
398  $options = [];
399  // in the moment only ldap is activated as additional authentication method
400 
401  $options[self::AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
402 
403 
404  foreach (ilLDAPServer::_getActiveServerList() as $sid) {
405  $server = ilLDAPServer::getInstanceByServerId($sid);
406  $options[self::AUTH_LDAP . '_' . $sid]['txt'] = $server->getName();
407  }
408 
409  if ($ilSetting->get('apache_active')) {
410  global $DIC;
411 
412  $lng = $DIC['lng'];
413  $apache_settings = new ilSetting('apache_auth');
414  $options[self::AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
415  $options[self::AUTH_APACHE]['hide_in_ui'] = true;
416  }
417 
418  if ($ilSetting->get('auth_mode', (string) self::AUTH_LOCAL) === (string) self::AUTH_LDAP) {
419  $default = self::AUTH_LDAP;
420  } else {
421  $default = self::AUTH_LOCAL;
422  }
423 
424  $default = $ilSetting->get('default_auth_mode', (string) $default);
425 
426  // begin-patch auth_plugin
427  $pls = self::getAuthPlugins();
428  foreach ($pls as $pl) {
429  $auths = $pl->getAuthIds();
430  foreach ($auths as $auth_id) {
431  $pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
432  if ($pl_auth_option) {
433  $options += $pl_auth_option;
434  }
435  }
436  }
437  // end-patch auth_plugins
438 
439  if (array_key_exists($default, $options)) {
440  $options[$default]['checked'] = true;
441  }
442 
443  return $options;
444  }
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:170
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:26
$ilSetting
global $ilSetting
Definition: privfeed.php:31
$server
$server
Definition: shib_login.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasMultipleAuthenticationMethods()

static ilAuthUtils::_hasMultipleAuthenticationMethods ( )
static

Definition at line 363 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, and ilLDAPServer\_getActiveServerList().

Referenced by ilStartUpGUI\buildStandardLoginForm(), and ilStartUpGUI\doStandardAuthentication().

363  : bool
364  {
365  if (count(ilLDAPServer::_getActiveServerList())) {
366  return true;
367  }
368 
369  global $DIC;
370 
371  $ilSetting = $DIC['ilSetting'];
372 
373  if ($ilSetting->get('apache_active')) {
374  return true;
375  }
376 
377  // begin-patch auth_plugin
378  foreach (self::getAuthPlugins() as $pl) {
379  foreach ($pl->getAuthIds() as $auth_id) {
380  if ($pl->getMultipleAuthModeOptions($auth_id)) {
381  return true;
382  }
383  }
384  }
385  // end-patch auth_plugin
386 
387  return false;
388  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
$DIC
global $DIC
Definition: shib_login.php:26
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _isExternalAccountEnabled()

static ilAuthUtils::_isExternalAccountEnabled ( )
static

Check if an external account name is required.

That's the case if LDAP or SOAP is active

Definition at line 450 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilLDAPServer\_getActiveServerList(), ilAuthProviderLTI\getActiveAuthModes(), ilSamlIdp\getActiveIdpList(), and ilOpenIdConnectSettings\getInstance().

Referenced by ilObjUserGUI\initForm(), and ilObjUserGUI\saveObject().

450  : bool
451  {
452  global $DIC;
453 
454  $ilSetting = $DIC['ilSetting'];
455 
456  if ($ilSetting->get('soap_auth_active')) {
457  return true;
458  }
459  if ($ilSetting->get('shib_active')) {
460  return true;
461  }
462  if (count(ilLDAPServer::_getActiveServerList())) {
463  return true;
464  }
465 
466  if (count(ilAuthProviderLTI::getActiveAuthModes())) {
467  return true;
468  }
469 
470  if (count(ilSamlIdp::getActiveIdpList()) > 0) {
471  return true;
472  }
473 
474  if (ilOpenIdConnectSettings::getInstance()->getActive()) {
475  return true;
476  }
477 
478  // begin-path auth_plugin
479  foreach (self::getAuthPlugins() as $pl) {
480  foreach ($pl->getAuthIds() as $auth_id) {
481  if ($pl->isAuthActive($auth_id) && $pl->isExternalAccountNameRequired($auth_id)) {
482  return true;
483  }
484  }
485  }
486  // end-path auth_plugin
487 
488  return false;
489  }
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilAuthProviderLTI\getActiveAuthModes
static getActiveAuthModes()
get all active authmode server ids
Definition: class.ilAuthProviderLTI.php:68
$DIC
global $DIC
Definition: shib_login.php:26
$ilSetting
global $ilSetting
Definition: privfeed.php:31
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:222
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _needsExternalAccountByAuthMode()

static ilAuthUtils::_needsExternalAccountByAuthMode (   $a_auth_mode)
static

Check if chosen auth mode needs an external account entry.

Parameters
null | string | int$a_auth_modeauth_mode

Definition at line 513 of file class.ilAuthUtils.php.

References $DIC, and $ilSetting.

Referenced by ilObjUser\isPasswordChangeDemanded(), and ilObjUser\isPasswordExpired().

513  : bool
514  {
515  switch ($a_auth_mode) {
516  case self::AUTH_LOCAL:
517  case self::AUTH_APACHE:
518  return false;
519  default:
520  return true;
521  }
522  }
+ Here is the caller graph for this function:

◆ getAuthModeTranslation()

static ilAuthUtils::getAuthModeTranslation ( string  $a_auth_key,
string  $auth_name = '' 
)
static

Definition at line 621 of file class.ilAuthUtils.php.

References $DIC, $lng, ilSamlIdp\getIdpIdByAuthMode(), ilSamlIdp\getInstanceByIdpId(), ilLDAPServer\getInstanceByServerId(), ilAuthProviderLTI\getServerIdByAuthMode(), ilLDAPServer\getServerIdByAuthMode(), and ilAuthProviderLTI\lookupConsumer().

Referenced by ilUserTableGUI\fillRow(), ilECSMappingUtils\getAuthModeSelection(), ilUserTableGUI\initFilter(), and ilObjUserGUI\initForm().

621  : ?string
622  {
623  global $DIC;
624 
625  $lng = $DIC['lng'];
626 
627  //TODO fix casting strings like 2_1 (auth_key for first ldap server) to int to get it to 2
628  switch ((int) $a_auth_key) {
629  case self::AUTH_LDAP:
630  $sid = ilLDAPServer::getServerIdByAuthMode($a_auth_key);
631  return ilLDAPServer::getInstanceByServerId($sid)->getName();
632 
633  case self::AUTH_PROVIDER_LTI:
634  $sid = ilAuthProviderLTI::getServerIdByAuthMode($a_auth_key);
635  return ilAuthProviderLTI::lookupConsumer($sid);
636 
637 
638  case self::AUTH_SAML:
639  $idp_id = ilSamlIdp::getIdpIdByAuthMode($a_auth_key);
640  return ilSamlIdp::getInstanceByIdpId($idp_id)->getEntityId();
641 
642  default:
643  $lng->loadLanguageModule('auth');
644  if (!empty($auth_name)) {
645  return $lng->txt('auth_' . $auth_name);
646  }
647 
648  return $lng->txt('auth_' . self::_getAuthModeName($a_auth_key));
649  }
650  }
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilAuthProviderLTI\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilAuthProviderLTI.php:118
ilAuthProviderLTI\lookupConsumer
static lookupConsumer(int $a_sid)
Lookup consumer title.
Definition: class.ilAuthProviderLTI.php:106
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:198
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
$DIC
global $DIC
Definition: shib_login.php:26
$lng
global $lng
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthPlugins()

static ilAuthUtils::getAuthPlugins ( )
static
Returns
Iterator<int, ilAuthPlugin>

Definition at line 616 of file class.ilAuthUtils.php.

References $GLOBALS.

Referenced by ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthModeDetermination\read().

616  : Iterator
617  {
618  return $GLOBALS['DIC']['component.factory']->getActivePluginsInSlot('authhk');
619  }
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
+ Here is the caller graph for this function:

◆ handleForcedAuthentication()

static ilAuthUtils::handleForcedAuthentication ( )
static

Definition at line 80 of file class.ilAuthUtils.php.

References $DIC, $GLOBALS, ilAuthFrontendFactory\CONTEXT_STANDARD_FORM, ilAuthStatus\getInstance(), ilInitialisation\goToPublicSection(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

Referenced by ilInitialisation\resumeUserSession().

80  : void
81  {
82  global $DIC;
83  $query_wrapper = $DIC->http()->wrapper()->query();
84  $string_refinery = $DIC->refinery()->kindlyTo()->string();
85  if ($query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url')) {
86  $credentials = new ilAuthFrontendCredentials();
87  $credentials->setUsername($query_wrapper->retrieve('ecs_login', $string_refinery));
88  $credentials->setAuthMode((string) self::AUTH_ECS);
89 
90  $provider_factory = new ilAuthProviderFactory();
91  $providers = $provider_factory->getProviders($credentials);
92 
93  $status = ilAuthStatus::getInstance();
94 
95  $frontend_factory = new ilAuthFrontendFactory();
96  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
97  $frontend = $frontend_factory->getFrontend(
98  $GLOBALS['DIC']['ilAuthSession'],
99  $status,
100  $credentials,
101  $providers
102  );
103  $frontend->authenticate();
104 
105  switch ($status->getStatus()) {
106  case ilAuthStatus::STATUS_AUTHENTICATED:
107  return;
108 
109  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
110  ilInitialisation::goToPublicSection();
111  return;
112  }
113  }
114  }
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:910
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
$DIC
global $DIC
Definition: shib_login.php:26
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthFrontendFactory\CONTEXT_STANDARD_FORM
const int CONTEXT_STANDARD_FORM
Authentication with id and password.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthenticationForced()

static ilAuthUtils::isAuthenticationForced ( )
static

Definition at line 72 of file class.ilAuthUtils.php.

References $DIC.

Referenced by ilInitialisation\resumeUserSession().

72  : bool
73  {
74  //TODO rework forced authentication concept
75  global $DIC;
76  $query_wrapper = $DIC->http()->wrapper()->query();
77  return $query_wrapper->has('ecs_hash') || $query_wrapper->has('ecs_hash_url');
78  }
$DIC
global $DIC
Definition: shib_login.php:26
+ Here is the caller graph for this function:

◆ isLocalPasswordEnabledForAuthMode()

static ilAuthUtils::isLocalPasswordEnabledForAuthMode (   $a_authmode)
static

Check if local password validation is enabled for a specific auth_mode.

Parameters
int | string$a_authmode

Definition at line 538 of file class.ilAuthUtils.php.

References $DIC, $ilSetting, ilSamlIdp\getIdpIdByAuthMode(), and ilSamlIdp\getInstanceByIdpId().

Referenced by ilPasswordAssistanceGUI\submitAssistanceForm(), and ilAuthProviderDatabase\withoutPasswordVerification().

538  : bool
539  {
540  global $DIC;
541 
542  $ilSetting = $DIC->settings();
543 
544  switch ((int) $a_authmode) {
545  // always enabled
546  case self::AUTH_LOCAL:
547  case self::AUTH_APACHE:
548  return true;
549 
550  // No local passwords for these auth modes
551  case self::AUTH_LDAP:
552  case self::AUTH_ECS:
553  case self::AUTH_SCRIPT:
554  case self::AUTH_PROVIDER_LTI:
555  case self::AUTH_OPENID_CONNECT:
556  return false;
557 
558  case self::AUTH_SAML:
559  $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode((string) $a_authmode));
560  return $idp->isActive() && $idp->allowLocalAuthentication();
561 
562  case self::AUTH_SHIBBOLETH:
563  return (bool) $ilSetting->get('shib_auth_allow_local', '0');
564  case self::AUTH_SOAP:
565  return (bool) $ilSetting->get('soap_auth_allow_local', '0');
566  }
567  return false;
568  }
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:198
$DIC
global $DIC
Definition: shib_login.php:26
$ilSetting
global $ilSetting
Definition: privfeed.php:31
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPasswordModificationEnabled()

static ilAuthUtils::isPasswordModificationEnabled (   $a_authmode)
static

Check if password modification is enabled.

Parameters
int | string$a_authmode

Definition at line 575 of file class.ilAuthUtils.php.

Referenced by ILIAS\Data\Password\LocalUserPasswordManager\allowPasswordChange().

575  : bool
576  {
577  if (self::isPasswordModificationHidden()) {
578  return false;
579  }
580 
581  return self::isLocalPasswordEnabledForAuthMode($a_authmode);
582  }
+ Here is the caller graph for this function:

◆ supportsLocalPasswordValidation()

static ilAuthUtils::supportsLocalPasswordValidation (   $a_authmode)
static

Check if local password validation is supported.

Parameters
null | string | int$a_authmode
Returns

Definition at line 589 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

589  : int
590  {
591  switch ((int) $a_authmode) {
592  case self::AUTH_LDAP:
593  case self::AUTH_LOCAL:
594  return self::LOCAL_PWV_FULL;
595 
596  case self::AUTH_SHIBBOLETH:
597  case self::AUTH_OPENID_CONNECT:
598  case self::AUTH_SAML:
599  case self::AUTH_SOAP:
600  if (!self::isPasswordModificationEnabled($a_authmode)) {
601  return self::LOCAL_PWV_NO;
602  }
603  return self::LOCAL_PWV_USER;
604  case self::AUTH_PROVIDER_LTI:
605  case self::AUTH_ECS:
606  case self::AUTH_SCRIPT:
607  case self::AUTH_APACHE:
608  default:
609  return self::LOCAL_PWV_USER;
610  }
611  }
+ Here is the caller graph for this function:

Field Documentation

◆ AUTH_APACHE

const int ilAuthUtils::AUTH_APACHE = 11

Definition at line 34 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ILIAS\UI\Implementation\Component\Input\Container\Form\ApacheAuthSettingsForm\buildLdapEnableInput(), ilStartUpGUI\doApacheAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderApache\getTriggerAuthMode(), ilAuthModeDetermination\read(), and ilObjAuthSettingsGUI\saveApacheSettingsObject().

◆ AUTH_APACHE_FAILED

const int ilAuthUtils::AUTH_APACHE_FAILED = -500
private

Definition at line 53 of file class.ilAuthUtils.php.

◆ AUTH_ECS

const int ilAuthUtils::AUTH_ECS = 9

Definition at line 33 of file class.ilAuthUtils.php.

Referenced by ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilAuthProviderFactory\getProviderByAuthMode(), and ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount().

◆ AUTH_HTTP

const int ilAuthUtils::AUTH_HTTP = 8

Definition at line 32 of file class.ilAuthUtils.php.

◆ AUTH_INACTIVE

const int ilAuthUtils::AUTH_INACTIVE = 18
private

Definition at line 38 of file class.ilAuthUtils.php.

◆ AUTH_LDAP

const int ilAuthUtils::AUTH_LDAP = 2

Definition at line 28 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLDAPServer\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLDAP\getTriggerAuthMode(), ilLDAPServer\isAuthModeLDAP(), ILIAS\LegalDocuments\ConsumerToolbox\User\isLDAPUser(), ilAuthModeDetermination\read(), and ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\testIsLDAPUser().

◆ AUTH_LDAP_NO_ILIAS_USER

const int ilAuthUtils::AUTH_LDAP_NO_ILIAS_USER = -200
private

Definition at line 48 of file class.ilAuthUtils.php.

◆ AUTH_LOCAL

const int ilAuthUtils::AUTH_LOCAL = 1

Definition at line 27 of file class.ilAuthUtils.php.

Referenced by ilObjUser\_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI\authSettingsObject(), ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilAccountRegistrationGUI\createUser(), ilStartUpGUI\doMigration(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderCliFactory\getProviders(), ilAuthFrontend\handleLoginAttempts(), ilAuthProviderSaml\handleSamlAuth(), ilLTIViewGUI\logout(), ilAuthModeDetermination\read(), ILIAS\Data\Password\LocalUserPasswordManager\resetLastPasswordChangeForLocalUsers(), ilObjAuthSettingsGUI\saveApacheSettingsObject(), ILIAS\Setup\AbandonCASAuthModeUpdateObjective\step_1(), and ilPasswordAssistanceGUI\submitAssistanceForm().

◆ AUTH_MODE_INACTIVE

const int ilAuthUtils::AUTH_MODE_INACTIVE = -1000
private

Definition at line 57 of file class.ilAuthUtils.php.

◆ AUTH_MULTIPLE

const int ilAuthUtils::AUTH_MULTIPLE = 20
private

Definition at line 40 of file class.ilAuthUtils.php.

◆ AUTH_OPENID_CONNECT

const int ilAuthUtils::AUTH_OPENID_CONNECT = 15

Definition at line 36 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilStartUpGUI\doOpenIdConnectAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthProviderOpenIdConnect\handleUpdate().

◆ AUTH_PROVIDER_LTI

const int ilAuthUtils::AUTH_PROVIDER_LTI = 22

Definition at line 43 of file class.ilAuthUtils.php.

Referenced by ilStartUpGUI\doLTIAuthentication(), ILIAS\LegalDocuments\test\ConsumerToolbox\UserTest\externalAuthModes(), ilAuthProviderLTI\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderLTI\isAuthModeLTI(), and ILIAS\LegalDocuments\ConsumerToolbox\User\isExternalAccount().

◆ AUTH_SAML

const int ilAuthUtils::AUTH_SAML = 12

Definition at line 35 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilSamlIdp\delete(), ilStartUpGUI\doSamlAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilSamlIdp\getKeyByAuthMode(), ilAuthProviderFactory\getProviderByAuthMode(), ilAuthProviderSaml\getTriggerAuthMode(), ilSamlAppEventListener\handleEvent(), ilSamlIdp\isAuthModeSaml(), ilObjAuthSettingsGUI\setAuthModeObject(), and ilPasswordAssistanceGUI\submitAssistanceForm().

◆ AUTH_SAML_FAILED

const int ilAuthUtils::AUTH_SAML_FAILED = -501
private

Definition at line 55 of file class.ilAuthUtils.php.

◆ AUTH_SCRIPT

const int ilAuthUtils::AUTH_SCRIPT = 4

Definition at line 29 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\getAuthModeTitle(), ilObjAuthSettingsGUI\saveScriptObject(), and ilObjAuthSettingsGUI\setAuthModeObject().

◆ AUTH_SESSION

const int ilAuthUtils::AUTH_SESSION = 21
private

Definition at line 42 of file class.ilAuthUtils.php.

◆ AUTH_SHIBBOLETH

const int ilAuthUtils::AUTH_SHIBBOLETH = 5

Definition at line 30 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\authSettingsObject(), ilECSCmsCourseMemberCommandQueueHandler\createMember(), ILIAS\AuthShibboleth\LoginPerformer\doShibbolethAuthentication(), ilObjAuthSettingsGUI\getAuthModeTitle(), ilLocalUserPasswordSettingsGUI\getPasswordForm(), ilAuthProviderFactory\getProviderByAuthMode(), and ilObjAuthSettingsGUI\setAuthModeObject().

◆ AUTH_SOAP

const int ilAuthUtils::AUTH_SOAP = 7

Definition at line 31 of file class.ilAuthUtils.php.

Referenced by ilObjAuthSettingsGUI\buildAuthModeDeterminationForm(), ilAuthProviderSoap\doAuthentication(), ilAuthProviderFactory\getProviderByAuthMode(), and ilAuthModeDetermination\read().

◆ AUTH_SOAP_NO_ILIAS_USER

const int ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER = -100
private

Definition at line 46 of file class.ilAuthUtils.php.

◆ AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL

const int ilAuthUtils::AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL = -101
private

Definition at line 61 of file class.ilAuthUtils.php.

◆ AUTH_USER_INACTIVE

const int ilAuthUtils::AUTH_USER_INACTIVE = -601
private

Definition at line 65 of file class.ilAuthUtils.php.

◆ AUTH_USER_SIMULTANEOUS_LOGIN

const int ilAuthUtils::AUTH_USER_SIMULTANEOUS_LOGIN = -603
private

Definition at line 67 of file class.ilAuthUtils.php.

◆ AUTH_USER_TIME_LIMIT_EXCEEDED

const int ilAuthUtils::AUTH_USER_TIME_LIMIT_EXCEEDED = -602
private

Definition at line 66 of file class.ilAuthUtils.php.

◆ AUTH_USER_WRONG_IP

const int ilAuthUtils::AUTH_USER_WRONG_IP = -600
private

Definition at line 64 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_FULL

const int ilAuthUtils::LOCAL_PWV_FULL = 1

Definition at line 23 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_NO

const int ilAuthUtils::LOCAL_PWV_NO = 2

Definition at line 24 of file class.ilAuthUtils.php.

◆ LOCAL_PWV_USER

const int ilAuthUtils::LOCAL_PWV_USER = 3

Definition at line 25 of file class.ilAuthUtils.php.

Referenced by ilObjWebDAV\retrieveWebDAVCommandArrayForActionMenu().

◆ REGEX_DELIMITERS

const array ilAuthUtils::REGEX_DELIMITERS = ['/', '~', '@', ';', '%', '`', '#']

Definition at line 70 of file class.ilAuthUtils.php.

Referenced by ilAuthModeDetermination\getAuthModeSequence(), and ilLDAPRoleAssignmentRule\wildcardCompare().

The documentation for this class was generated from the following file: