ILIAS  trunk Revision v12.0_alpha-1221-g4e438232683
Public Member Functions | Private Member Functions | Private Attributes
ilAuthProviderSaml Class Reference
+ Inheritance diagram for ilAuthProviderSaml:
+ Collaboration diagram for ilAuthProviderSaml:

Public Member Functions

 __construct (ilAuthCredentials $credentials, ?int $a_idp_id=null)
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 
 setExternalAccountName (string $a_name)
 
 getExternalAccountName ()
 Get external account name. More...
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 
 getLogger ()
 
 getCredentials ()
 
 doAuthentication (ilAuthStatus $status)
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 

Private Member Functions

 determineUidFromAttributes ()
 
 handleSamlAuth (ilAuthStatus $status)
 
 importUser (?string $a_internal_login, string $a_external_account, array $a_user_data=[])
 
 buildUserAttributeXml (ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
 
 initUserDefinedFields ()
 

Private Attributes

const string LOG_COMPONENT = 'auth'
 
const string ERR_WRONG_LOGIN = 'err_wrong_login'
 
const string ERR_PROVIDER_INACTIVE = 'auth_saml_idp_deactivated_auth_failed'
 
const string SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
 
const string SESSION_TMP_RETURN_TO = 'tmp_return_to'
 
ilSamlIdp $idp
 
readonly ilLanguage $lng
 
readonly Profile $profile
 
array $attributes = []
 
string $return_to = ''
 
string $uid = ''
 
bool $force_new_account = false
 
string $migration_account = ''
 
array $user_defined_fields = null
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 

Detailed Description

Definition at line 23 of file class.ilAuthProviderSaml.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderSaml::__construct ( ilAuthCredentials  $credentials,
?int  $a_idp_id = null 
)

Definition at line 47 of file class.ilAuthProviderSaml.php.

48 {
49 global $DIC;
50
51 parent::__construct($credentials);
52
53 $this->lng = $DIC->language();
54 $this->profile = $DIC['user']->getProfile();
55
56 if (null === $a_idp_id || 0 === $a_idp_id) {
57 $this->idp = ilSamlIdp::getFirstActiveIdp();
58 } else {
59 $this->idp = ilSamlIdp::getInstanceByIdpId($a_idp_id);
60 }
61
62 if ($credentials instanceof ilAuthFrontendCredentialsSaml) {
63 $this->attributes = $credentials->getAttributes();
64 $this->return_to = $credentials->getReturnTo();
65 }
66 }
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:56
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
$DIC
global $DIC
Definition: shib_login.php:26

References ilAuthProvider\$credentials, $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilSamlIdp\getFirstActiveIdp(), ilSamlIdp\getInstanceByIdpId(), ILIAS\Repository\lng(), and ILIAS\Repository\profile().

+ Here is the call graph for this function:

Member Function Documentation

◆ buildUserAttributeXml()

ilAuthProviderSaml::buildUserAttributeXml ( ilXmlWriter  $xml_writer,
ilExternalAuthUserAttributeMappingRule  $rule,
string  $value 
)
private

Definition at line 408 of file class.ilAuthProviderSaml.php.

412 : void {
413 switch (strtolower($rule->getAttribute())) {
414 case 'gender':
415 $gender_attr = 'Gender';
416 match (strtolower($value)) {
417 'n', 'neutral' => $xml_writer->xmlElement($gender_attr, [], 'n'),
418 'm', 'male' => $xml_writer->xmlElement($gender_attr, [], 'm'),
419 // no break
420 default => $xml_writer->xmlElement($gender_attr, [], 'f'),
421 };
422 break;
423
424 case 'firstname':
425 $xml_writer->xmlElement('Firstname', [], $value);
426 break;
427
428 case 'lastname':
429 $xml_writer->xmlElement('Lastname', [], $value);
430 break;
431
432 case 'email':
433 $xml_writer->xmlElement('Email', [], $value);
434 break;
435
436 case 'second_email':
437 $xml_writer->xmlElement('SecondEmail', [], $value);
438 break;
439
440 case 'institution':
441 $xml_writer->xmlElement('Institution', [], $value);
442 break;
443
444 case 'department':
445 $xml_writer->xmlElement('Department', [], $value);
446 break;
447
448 case 'hobby':
449 $xml_writer->xmlElement('Hobby', [], $value);
450 break;
451
452 case 'title':
453 $xml_writer->xmlElement('Title', [], $value);
454 break;
455
456 case 'street':
457 $xml_writer->xmlElement('Street', [], $value);
458 break;
459
460 case 'city':
461 $xml_writer->xmlElement('City', [], $value);
462 break;
463
464 case 'zipcode':
465 $xml_writer->xmlElement('PostalCode', [], $value);
466 break;
467
468 case 'country':
469 $xml_writer->xmlElement('Country', [], $value);
470 break;
471
472 case 'phone_office':
473 $xml_writer->xmlElement('PhoneOffice', [], $value);
474 break;
475
476 case 'phone_home':
477 $xml_writer->xmlElement('PhoneHome', [], $value);
478 break;
479
480 case 'phone_mobile':
481 $xml_writer->xmlElement('PhoneMobile', [], $value);
482 break;
483
484 case 'fax':
485 $xml_writer->xmlElement('Fax', [], $value);
486 break;
487
488 case 'referral_comment':
489 $xml_writer->xmlElement('Comment', [], $value);
490 break;
491
492 case 'matriculation':
493 $xml_writer->xmlElement('Matriculation', [], $value);
494 break;
495
496 case 'birthday':
497 $xml_writer->xmlElement('Birthday', [], $value);
498 break;
499
500 default:
501 if (!str_starts_with($rule->getAttribute(), 'udf_')) {
502 break;
503 }
504
505 $udf_data = explode('_', $rule->getAttribute());
506 if (!isset($udf_data[1])) {
507 break;
508 }
509
510 $this->initUserDefinedFields();
511 $field = $this->user_defined_fields[$udf_data[1]] ?? null;
512 if ($field === null) {
513 ilLoggerFactory::getLogger('auth')->warning(sprintf(
514 "Invalid/Orphaned UD field mapping detected: %s",
515 $rule->getAttribute()
516 ));
517 break;
518 }
519
520 $xml_writer->xmlElement(
521 'UserDefinedField',
522 ['Id' => $field->getIdentifier(), 'Name' => $field->getLabel($this->lng)],
523 $value
524 );
525 break;
526 }
527 }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilXmlWriter\xmlElement
xmlElement(string $tag, $attrs=null, $data=null, $encode=true, $escape=true)
Writes a basic element (no children, just textual content)
Definition: class.ilXmlWriter.php:318

References ilExternalAuthUserAttributeMappingRule\getAttribute(), ilLoggerFactory\getLogger(), initUserDefinedFields(), and ilXmlWriter\xmlElement().

Referenced by importUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderSaml::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 282 of file class.ilAuthProviderSaml.php.

282 : void
283 {
284 if (
285 !is_array(ilSession::get(self::SESSION_TMP_ATTRIBUTES)) ||
286 [] === ilSession::get(self::SESSION_TMP_ATTRIBUTES) ||
287 $this->getCredentials()->getUsername() === ''
288 ) {
289 $this->getLogger()->warning('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
290 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
291 return;
292 }
293
294 $this->uid = $this->getCredentials()->getUsername();
295 $this->attributes = ilSession::get(self::SESSION_TMP_ATTRIBUTES);
296 $this->return_to = (string) ilSession::get(self::SESSION_TMP_RETURN_TO);
297
298 $this->force_new_account = true;
299
300 $this->handleSamlAuth($status);
301 }
ilAuthProviderSaml\handleSamlAuth
handleSamlAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSaml.php:116
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:394

References ilSession\get(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and handleSamlAuth().

+ Here is the call graph for this function:

◆ determineUidFromAttributes()

ilAuthProviderSaml::determineUidFromAttributes ( )
private

Definition at line 68 of file class.ilAuthProviderSaml.php.

68 : void
69 {
70 if (
71 !array_key_exists($this->idp->getUidClaim(), $this->attributes) ||
72 !is_array($this->attributes[$this->idp->getUidClaim()]) ||
73 !array_key_exists(0, $this->attributes[$this->idp->getUidClaim()]) ||
74 $this->attributes[$this->idp->getUidClaim()][0] === ''
75 ) {
76 throw new ilException(sprintf(
77 'Could not find unique SAML attribute for the configured identifier: %s',
78 print_r($this->idp->getUidClaim(), true)
79 ));
80 }
81
82 $this->uid = $this->attributes[$this->idp->getUidClaim()][0];
83 }
ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:26

Referenced by doAuthentication().

+ Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderSaml::doAuthentication ( ilAuthStatus  $status)

Implements ilAuthProviderInterface.

Definition at line 85 of file class.ilAuthProviderSaml.php.

85 : bool
86 {
87 if (!$this->idp->isActive()) {
88 $this->getLogger()->info(
89 'SAML IdP with id {idp_id} is not active.',
90 ['idp_id' => $this->idp->getIdpId()]
91 );
92 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
93 $status->setTranslatedReason($this->lng->txt(self::ERR_PROVIDER_INACTIVE));
94 return false;
95 }
96
97 if ([] === $this->attributes) {
98 $this->getLogger()->warning('Could not parse any attributes from SAML response.');
99 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
100
101 return false;
102 }
103
104 try {
105 $this->determineUidFromAttributes();
106
107 return $this->handleSamlAuth($status);
108 } catch (Exception $e) {
109 $this->getLogger()->warning($e->getMessage());
110 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
111
112 return false;
113 }
114 }
ilAuthStatus\setTranslatedReason
setTranslatedReason(string $a_reason)
Set translated reason.
Definition: class.ilAuthStatus.php:89
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63

References Vendor\Package\$e, determineUidFromAttributes(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), handleSamlAuth(), ILIAS\Repository\lng(), ilAuthStatus\setStatus(), ilAuthStatus\setTranslatedReason(), and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderSaml::getExternalAccountName ( )

Get external account name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 308 of file class.ilAuthProviderSaml.php.

308 : string
309 {
310 return $this->migration_account;
311 }

References $migration_account.

◆ getTriggerAuthMode()

ilAuthProviderSaml::getTriggerAuthMode ( )

Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth.

See also
ilAuthUtils

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 313 of file class.ilAuthProviderSaml.php.

313 : string
314 {
315 return ilAuthUtils::AUTH_SAML . '_' . $this->idp->getIdpId();
316 }
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37

References ilAuthUtils\AUTH_SAML.

Referenced by handleSamlAuth().

+ Here is the caller graph for this function:

◆ getUserAuthModeName()

ilAuthProviderSaml::getUserAuthModeName ( )

Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 318 of file class.ilAuthProviderSaml.php.

318 : string
319 {
320 return 'saml_' . $this->idp->getIdpId();
321 }

Referenced by handleSamlAuth(), and importUser().

+ Here is the caller graph for this function:

◆ handleSamlAuth()

ilAuthProviderSaml::handleSamlAuth ( ilAuthStatus  $status)
private

Definition at line 116 of file class.ilAuthProviderSaml.php.

116 : bool
117 {
118 $update_auth_mode = false;
119
120 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
121 'Login observer called for SAML authentication request of ext_account "%s" and auth_mode "%s".',
122 $this->uid,
123 $this->getUserAuthModeName()
124 ));
125 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf('Target set to: %s', print_r($this->return_to, true)));
126 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
127 'Trying to find ext_account "%s" for auth_mode "%s".',
128 $this->uid,
129 $this->getUserAuthModeName()
130 ));
131
132 $internal_account = ilObjUser::_checkExternalAuthAccount(
133 $this->getUserAuthModeName(),
134 $this->uid,
135 false
136 );
137
138 if (!is_string($internal_account) || $internal_account === '') {
139 $update_auth_mode = true;
140
141 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
142 'Could not find ext_account "%s" for auth_mode "%s".',
143 $this->uid,
144 $this->getUserAuthModeName()
145 ));
146
147 $fallback_auth_mode = 'local';
148 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
149 'Trying to find ext_account "%s" for auth_mode "%s".',
150 $this->uid,
151 $fallback_auth_mode
152 ));
153 $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
154
155 $defaultAuth = ilAuthUtils::AUTH_LOCAL;
156 if ($GLOBALS['DIC']['ilSetting']->get('auth_mode')) {
157 $defaultAuth = $GLOBALS['DIC']['ilSetting']->get('auth_mode');
158 }
159
160 if (
161 (!is_string($internal_account) || $internal_account === '') &&
162 ($defaultAuth == ilAuthUtils::AUTH_LOCAL || $defaultAuth == $this->getTriggerAuthMode())
163 ) {
164 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
165 'Could not find ext_account "%s" for auth_mode "%s".',
166 $this->uid,
167 $fallback_auth_mode
168 ));
169
170 $fallback_auth_mode = 'default';
171 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
172 'Trying to find ext_account "%s" for auth_mode "%s".',
173 $this->uid,
174 $fallback_auth_mode
175 ));
176 $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
177 }
178 }
179
180 if (is_string($internal_account) && $internal_account !== '') {
181 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
182 'Found user "%s" for ext_account "%s" in ILIAS database.',
183 $internal_account,
184 $this->uid
185 ));
186
187 if ($this->idp->isSynchronizationEnabled()) {
188 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
189 'SAML user synchronisation is enabled, so update existing user "%s" with ext_account "%s".',
190 $internal_account,
191 $this->uid
192 ));
193 $internal_account = $this->importUser($internal_account, $this->uid, $this->attributes);
194 }
195
196 if ($update_auth_mode) {
197 $usr_id = ilObjUser::_loginExists($internal_account);
198 if ($usr_id > 0) {
199 ilObjUser::_writeAuthMode($usr_id, $this->getUserAuthModeName());
200 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
201 'SAML Switched auth_mode of user with login "%s" and ext_account "%s" to "%s".',
202 $internal_account,
203 $this->uid,
204 $this->getUserAuthModeName()
205 ));
206 } else {
207 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
208 'SAML Could not switch auth_mode of user with login "%s" and ext_account "%s" to "%s".',
209 $internal_account,
210 $this->uid,
211 $this->getUserAuthModeName()
212 ));
213 }
214 }
215
216 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
217 'Authentication succeeded: Found internal login "%s for ext_account "%s" and auth_mode "%s".',
218 $internal_account,
219 $this->uid,
220 $this->getUserAuthModeName()
221 ));
222
223 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
224 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
225 ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
226
227 return true;
228 }
229
230 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
231 'Could not find an existing user for ext_account "%s" for any relevant auth_mode.',
232 $this->uid
233 ));
234 if ($this->idp->isSynchronizationEnabled()) {
235 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
236 'SAML user synchronisation is enabled, so determine action for ext_account "%s" and auth_mode "%s".',
237 $this->uid,
238 $this->getUserAuthModeName()
239 ));
240 if (!$this->force_new_account && $this->idp->isAccountMigrationEnabled()) {
241 ilSession::set(self::SESSION_TMP_ATTRIBUTES, $this->attributes);
242 ilSession::set(self::SESSION_TMP_RETURN_TO, $this->return_to);
243
244 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
245 'Account migration is enabled, so redirecting ext_account "%s" to account migration screen.',
246 $this->uid
247 ));
248
249 $this->setExternalAccountName($this->uid);
250 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
251
252 return false;
253 }
254
255 $new_name = $this->importUser(null, $this->uid, $this->attributes);
256 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
257 'Created new user account with login "%s" and ext_account "%s".',
258 $new_name,
259 $this->uid
260 ));
261
262 ilSession::set(self::SESSION_TMP_ATTRIBUTES, null);
263 ilSession::set(self::SESSION_TMP_RETURN_TO, null);
264 ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
265
266 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
267 $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
268
269 return true;
270 }
271
272 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug("SAML user synchronisation is not enabled, auth failed.");
273 $this->handleAuthenticationFail($status, 'err_auth_saml_no_ilias_user');
274
275 return false;
276 }
ilAuthProviderSaml\importUser
importUser(?string $a_internal_login, string $a_external_account, array $a_user_data=[])
Definition: class.ilAuthProviderSaml.php:323
ilAuthProviderSaml\setExternalAccountName
setExternalAccountName(string $a_name)
Definition: class.ilAuthProviderSaml.php:303
ilAuthProviderSaml\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.
Definition: class.ilAuthProviderSaml.php:318
ilAuthProviderSaml\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
Definition: class.ilAuthProviderSaml.php:313
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2823
ilObjUser\_writeAuthMode
static _writeAuthMode(int $a_usr_id, string $a_auth_mode)
Definition: class.ilObjUser.php:2592
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2721
ilObjUser\_loginExists
static _loginExists(string $a_login, int $a_user_id=0)
Definition: class.ilObjUser.php:1909
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54

References $GLOBALS, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_loginExists(), ilObjUser\_lookupId(), ilObjUser\_writeAuthMode(), ilAuthUtils\AUTH_LOCAL, ilLoggerFactory\getLogger(), getTriggerAuthMode(), getUserAuthModeName(), ilAuthProvider\handleAuthenticationFail(), importUser(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), and doAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ importUser()

ilAuthProviderSaml::importUser ( ?string  $a_internal_login,
string  $a_external_account,
array  $a_user_data = [] 
)
private

Definition at line 323 of file class.ilAuthProviderSaml.php.

323 : string
324 {
325 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->idp->getIdpId());
326
327 $xml_writer = new ilXmlWriter();
328 $xml_writer->xmlStartTag('Users');
329 if (null === $a_internal_login) {
330 $login = $a_user_data[$this->idp->getLoginClaim()][0];
331 $login = ilAuthUtils::_generateLogin($login);
332
333 $xml_writer->xmlStartTag(
334 'User',
335 [
336 'Action' => 'Insert',
337 'Language' => $this->lng->getDefaultLanguage()
338 ]
339 );
340 $xml_writer->xmlElement('Login', [], $login);
341
342 $xml_writer->xmlElement('Role', [
343 'Id' => $this->idp->getDefaultRoleId(),
344 'Type' => 'Global',
345 'Action' => 'Assign'
346 ]);
347
348 $xml_writer->xmlElement('Active', [], "true");
349 $xml_writer->xmlElement('TimeLimitOwner', [], USER_FOLDER_ID);
350 $xml_writer->xmlElement('TimeLimitUnlimited', [], 1);
351 $xml_writer->xmlElement('TimeLimitFrom', [], time());
352 $xml_writer->xmlElement('TimeLimitUntil', [], time());
353 $xml_writer->xmlElement(
354 'AuthMode',
355 ['type' => $this->getUserAuthModeName()],
356 $this->getUserAuthModeName()
357 );
358 $xml_writer->xmlElement('ExternalAccount', [], $a_external_account);
359
360 $mapping = new ilExternalAuthUserCreationAttributeMappingFilter($mapping);
361 } else {
362 $login = $a_internal_login;
363 $usr_id = ilObjUser::_lookupId($a_internal_login);
364
365 $xml_writer->xmlStartTag('User', ['Action' => 'Update', 'Id' => $usr_id]);
366
367 $loginClaim = $a_user_data[$this->idp->getLoginClaim()][0];
368 if (ilStr::strToLower($login) !== ilStr::strToLower($loginClaim)) {
369 $login = ilAuthUtils::_generateLogin($loginClaim);
370 $xml_writer->xmlElement('Login', [], $login);
371 }
372
373 $mapping = new ilExternalAuthUserUpdateAttributeMappingFilter($mapping);
374 }
375
376 foreach ($mapping as $rule) {
377 try {
378 $attributeValueParser = new ilSamlMappedUserAttributeValueParser($rule, $a_user_data);
379 $value = $attributeValueParser->parse();
380 $this->buildUserAttributeXml($xml_writer, $rule, $value);
381 } catch (ilSamlException $e) {
382 $this->getLogger()->warning($e->getMessage());
383 continue;
384 }
385 }
386
387 $xml_writer->xmlEndTag('User');
388 $xml_writer->xmlEndTag('Users');
389
390 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
391 'Started import of user "%s" with ext_account "%s" and auth_mode "%s".',
392 $login,
393 $a_external_account,
394 $this->getUserAuthModeName()
395 ));
396 $importParser = new ilUserImportParser();
397 $importParser->setXMLContent($xml_writer->xmlDumpMem(false));
398 $importParser->setRoleAssignment([
399 $this->idp->getDefaultRoleId() => $this->idp->getDefaultRoleId(),
400 ]);
401 $importParser->setFolderId(USER_FOLDER_ID);
402 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
403 $importParser->startParsing();
404
405 return $login;
406 }
ilAuthProviderSaml\buildUserAttributeXml
buildUserAttributeXml(ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
Definition: class.ilAuthProviderSaml.php:408
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilStr\strToLower
static strToLower(string $a_string)
Definition: class.ilStr.php:69
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:33
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33

References Vendor\Package\$e, ilAuthUtils\_generateLogin(), ilObjUser\_lookupId(), buildUserAttributeXml(), ilAuthProvider\getLogger(), ilLoggerFactory\getLogger(), getUserAuthModeName(), ilUserImportParser\IL_USER_MAPPING_ID, ILIAS\Repository\lng(), ilStr\strToLower(), and USER_FOLDER_ID.

Referenced by handleSamlAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initUserDefinedFields()

ilAuthProviderSaml::initUserDefinedFields ( )
private

Definition at line 529 of file class.ilAuthProviderSaml.php.

529 : void
530 {
531 if ($this->user_defined_fields === null) {
532 $this->user_defined_fields = $this->profile->getAllUserDefinedFields();
533 }
534 }

References ILIAS\Repository\profile().

Referenced by buildUserAttributeXml().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderSaml::migrateAccount ( ilAuthStatus  $status)

Create new account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 278 of file class.ilAuthProviderSaml.php.

278 : void
279 {
280 }

◆ setExternalAccountName()

ilAuthProviderSaml::setExternalAccountName ( string  $a_name)

Definition at line 303 of file class.ilAuthProviderSaml.php.

303 : void
304 {
305 $this->migration_account = $a_name;
306 }

Referenced by handleSamlAuth().

+ Here is the caller graph for this function:

Field Documentation

◆ $attributes

array ilAuthProviderSaml::$attributes = []
private

Definition at line 37 of file class.ilAuthProviderSaml.php.

◆ $force_new_account

bool ilAuthProviderSaml::$force_new_account = false
private

Definition at line 40 of file class.ilAuthProviderSaml.php.

◆ $idp

ilSamlIdp ilAuthProviderSaml::$idp
private

Definition at line 33 of file class.ilAuthProviderSaml.php.

◆ $lng

readonly ilLanguage ilAuthProviderSaml::$lng
private

Definition at line 34 of file class.ilAuthProviderSaml.php.

◆ $migration_account

string ilAuthProviderSaml::$migration_account = ''
private

Definition at line 41 of file class.ilAuthProviderSaml.php.

Referenced by getExternalAccountName().

◆ $profile

readonly Profile ilAuthProviderSaml::$profile
private

Definition at line 35 of file class.ilAuthProviderSaml.php.

◆ $return_to

string ilAuthProviderSaml::$return_to = ''
private

Definition at line 38 of file class.ilAuthProviderSaml.php.

◆ $uid

string ilAuthProviderSaml::$uid = ''
private

Definition at line 39 of file class.ilAuthProviderSaml.php.

◆ $user_defined_fields

array ilAuthProviderSaml::$user_defined_fields = null
private

Definition at line 45 of file class.ilAuthProviderSaml.php.

◆ ERR_PROVIDER_INACTIVE

const string ilAuthProviderSaml::ERR_PROVIDER_INACTIVE = 'auth_saml_idp_deactivated_auth_failed'
private

Definition at line 28 of file class.ilAuthProviderSaml.php.

◆ ERR_WRONG_LOGIN

const string ilAuthProviderSaml::ERR_WRONG_LOGIN = 'err_wrong_login'
private

Definition at line 27 of file class.ilAuthProviderSaml.php.

◆ LOG_COMPONENT

const string ilAuthProviderSaml::LOG_COMPONENT = 'auth'
private

Definition at line 25 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_ATTRIBUTES

const string ilAuthProviderSaml::SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
private

Definition at line 30 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_RETURN_TO

const string ilAuthProviderSaml::SESSION_TMP_RETURN_TO = 'tmp_return_to'
private

Definition at line 31 of file class.ilAuthProviderSaml.php.

The documentation for this class was generated from the following file: