ILIAS  trunk Revision v11.0_alpha-1769-g99a433fe2dc
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Private Attributes
ilAuthProviderShibboleth Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilAuthProviderShibboleth:
+ Collaboration diagram for ilAuthProviderShibboleth:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 
 doAuthentication (ilAuthStatus $status)
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Private Attributes

ILIAS $ilias
 
ilSetting $settings
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 Handle failed authentication. More...
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Shibboleth authentication provider

Definition at line 23 of file class.ilAuthProviderShibboleth.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderShibboleth::__construct ( ilAuthCredentials  $credentials)

Definition at line 28 of file class.ilAuthProviderShibboleth.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\settings().

29  {
30  global $DIC;
31  $this->ilias = $DIC['ilias'];
32  $this->settings = $DIC->settings();
33  parent::__construct($credentials);
34  }
$DIC
global $DIC
Definition: shib_login.php:22
ilias
Class ilObjForumAdministration.
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ doAuthentication()

ilAuthProviderShibboleth::doAuthentication ( ilAuthStatus  $status)
Exceptions
ilObjectNotFoundException
ilSystemStyleException
ilPasswordException
ilObjectTypeMismatchException
ilUserException

Definition at line 43 of file class.ilAuthProviderShibboleth.php.

References $_SERVER, $new_user, ilObjUser\_lookupId(), ilShibbolethSettings\ACCOUNT_CREATION_DISABLED, ilShibbolethSettings\ACCOUNT_CREATION_ENABLED, ilShibbolethSettings\ACCOUNT_CREATION_WITH_APPROVAL, shibUser\buildInstance(), ilShibbolethRoleAssignmentRules\doAssignments(), ilShibbolethPluginWrapper\getInstance(), shibServerData\getInstance(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), ilAuthStatus\setReason(), ilAuthStatus\setStatus(), ILIAS\Repository\settings(), ilAuthStatus\STATUS_AUTHENTICATED, ilAuthStatus\STATUS_AUTHENTICATION_FAILED, and ilShibbolethRoleAssignmentRules\updateAssignments().

43  : bool
44  {
45  $shib_server_data = shibServerData::getInstance();
46 
47  if ($shib_server_data->getLogin() !== '' && $shib_server_data->getLogin() !== '0') {
48  $shib_user = shibUser::buildInstance($shib_server_data);
49  // for backword compatibility of hook environment variables
50  $new_user = $shib_user->isNew(); // For shib_data_conv included Script
51  $settings = new ilShibbolethSettings();
52  $account_creation = $settings->getAccountCreation();
53  if (!$new_user) {
54  $shib_user->updateFields();
55  // Include custom code that can be used to further modify
56  // certain Shibboleth user attributes
57  if (
58  $this->ilias->getSetting('shib_data_conv') &&
59  $this->ilias->getSetting('shib_data_conv') !== '' &&
60  is_readable($this->ilias->getSetting('shib_data_conv'))
61  ) {
63  include($this->ilias->getSetting('shib_data_conv'));
64  }
65  $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shib_user);
66  $shib_user->update();
67  $shib_user = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shib_user);
68  ilShibbolethRoleAssignmentRules::updateAssignments($shib_user->getId(), $_SERVER);
69  } elseif ($account_creation !== ilShibbolethSettings::ACCOUNT_CREATION_DISABLED) {
70  $shib_user->createFields();
71  $shib_user->setPref('hits_per_page', $this->settings->get('hits_per_page'));
72 
73  // Modify user data before creating the user
74  // Include custom code that can be used to further modify
75  // certain Shibboleth user attributes
76  if (
77  $this->ilias->getSetting('shib_data_conv') &&
78  $this->ilias->getSetting('shib_data_conv', '') !== '' &&
79  is_readable($this->ilias->getSetting('shib_data_conv'))
80  ) {
82  include($this->ilias->getSetting('shib_data_conv'));
83  }
84  $shib_user = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shib_user);
85  if ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
86  $shib_user->setActive(false);
87  }
88  $shib_user->create();
89  $shib_user->saveAsNew();
90  $shib_user->updateOwner();
91  $shib_user->writePrefs();
92  $shib_user = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shib_user);
93  ilShibbolethRoleAssignmentRules::doAssignments($shib_user->getId(), $_SERVER);
94  }
95 
96  if (!$new_user || $account_creation === ilShibbolethSettings::ACCOUNT_CREATION_ENABLED) {
97  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
98  $status->setAuthenticatedUserId(ilObjUser::_lookupId($shib_user->getLogin()));
99  } elseif ($account_creation === ilShibbolethSettings::ACCOUNT_CREATION_WITH_APPROVAL) {
100  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
101  $status->setReason('err_inactive');
102  } else {
103  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
104  $status->setReason('err_disabled');
105  }
106 
107  } else {
108  $this->getLogger()->info('Shibboleth authentication failed.');
109  $this->handleAuthenticationFail($status, 'err_wrong_login');
110  return false;
111  }
112 
113  return true;
114  }
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilShibbolethRoleAssignmentRules\doAssignments
static doAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:92
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26
ilShibbolethRoleAssignmentRules\updateAssignments
static updateAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:60
ilias
Class ilObjForumAdministration.
shibUser\buildInstance
static buildInstance(shibServerData $shibServerData)
Definition: class.shibUser.php:32
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
$new_user
$new_user
Definition: dummy_client.php:30
ilAuthStatus\setReason
setReason(string $a_reason)
Set reason.
Definition: class.ilAuthStatus.php:87
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilShibbolethSettings
Class ilShibbolethSettings.
Definition: class.ilShibbolethSettings.php:8
+ Here is the call graph for this function:

Field Documentation

◆ $ilias

ILIAS ilAuthProviderShibboleth::$ilias
private

Definition at line 25 of file class.ilAuthProviderShibboleth.php.

◆ $settings

ilSetting ilAuthProviderShibboleth::$settings
private

Definition at line 26 of file class.ilAuthProviderShibboleth.php.

The documentation for this class was generated from the following file: