ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Private Member Functions | Private Attributes
ilAuthProviderSaml Class Reference
+ Inheritance diagram for ilAuthProviderSaml:
+ Collaboration diagram for ilAuthProviderSaml:

Public Member Functions

 __construct (ilAuthCredentials $credentials, ?int $a_idp_id=null)
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 
 setExternalAccountName (string $a_name)
 
 getExternalAccountName ()
 Get external account name. More...
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 
 getLogger ()
 
 getCredentials ()
 
 doAuthentication (ilAuthStatus $status)
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 

Private Member Functions

 determineUidFromAttributes ()
 
 handleSamlAuth (ilAuthStatus $status)
 
 importUser (?string $a_internal_login, string $a_external_account, array $a_user_data=[])
 
 buildUserAttributeXml (ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
 
 initUserDefinedFields ()
 

Private Attributes

const string LOG_COMPONENT = 'auth'
 
const string ERR_WRONG_LOGIN = 'err_wrong_login'
 
const string SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
 
const string SESSION_TMP_RETURN_TO = 'tmp_return_to'
 
ilSamlIdp $idp
 
readonly ilLanguage $lng
 
readonly Profile $profile
 
array $attributes = []
 
string $return_to = ''
 
string $uid = ''
 
bool $force_new_account = false
 
string $migration_account = ''
 
array $user_defined_fields = null
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 

Detailed Description

Definition at line 23 of file class.ilAuthProviderSaml.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderSaml::__construct ( ilAuthCredentials  $credentials,
?int  $a_idp_id = null 
)

Definition at line 46 of file class.ilAuthProviderSaml.php.

47 {
48 global $DIC;
49
50 parent::__construct($credentials);
51
52 $this->lng = $DIC->language();
53 $this->profile = $DIC['user']->getProfile();
54
55 if (null === $a_idp_id || 0 === $a_idp_id) {
56 $this->idp = ilSamlIdp::getFirstActiveIdp();
57 } else {
58 $this->idp = ilSamlIdp::getInstanceByIdpId($a_idp_id);
59 }
60
61 if ($credentials instanceof ilAuthFrontendCredentialsSaml) {
62 $this->attributes = $credentials->getAttributes();
63 $this->return_to = $credentials->getReturnTo();
64 }
65 }
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:24
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:56
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
$DIC
global $DIC
Definition: shib_login.php:26

References ilAuthProvider\$credentials, $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilSamlIdp\getFirstActiveIdp(), ilSamlIdp\getInstanceByIdpId(), ILIAS\Repository\lng(), and ILIAS\Repository\profile().

+ Here is the call graph for this function:

Member Function Documentation

◆ buildUserAttributeXml()

ilAuthProviderSaml::buildUserAttributeXml ( ilXmlWriter  $xml_writer,
ilExternalAuthUserAttributeMappingRule  $rule,
string  $value 
)
private

Definition at line 397 of file class.ilAuthProviderSaml.php.

401 : void {
402 switch (strtolower($rule->getAttribute())) {
403 case 'gender':
404 $gender_attr = 'Gender';
405 match (strtolower($value)) {
406 'n', 'neutral' => $xml_writer->xmlElement($gender_attr, [], 'n'),
407 'm', 'male' => $xml_writer->xmlElement($gender_attr, [], 'm'),
408 // no break
409 default => $xml_writer->xmlElement($gender_attr, [], 'f'),
410 };
411 break;
412
413 case 'firstname':
414 $xml_writer->xmlElement('Firstname', [], $value);
415 break;
416
417 case 'lastname':
418 $xml_writer->xmlElement('Lastname', [], $value);
419 break;
420
421 case 'email':
422 $xml_writer->xmlElement('Email', [], $value);
423 break;
424
425 case 'second_email':
426 $xml_writer->xmlElement('SecondEmail', [], $value);
427 break;
428
429 case 'institution':
430 $xml_writer->xmlElement('Institution', [], $value);
431 break;
432
433 case 'department':
434 $xml_writer->xmlElement('Department', [], $value);
435 break;
436
437 case 'hobby':
438 $xml_writer->xmlElement('Hobby', [], $value);
439 break;
440
441 case 'title':
442 $xml_writer->xmlElement('Title', [], $value);
443 break;
444
445 case 'street':
446 $xml_writer->xmlElement('Street', [], $value);
447 break;
448
449 case 'city':
450 $xml_writer->xmlElement('City', [], $value);
451 break;
452
453 case 'zipcode':
454 $xml_writer->xmlElement('PostalCode', [], $value);
455 break;
456
457 case 'country':
458 $xml_writer->xmlElement('Country', [], $value);
459 break;
460
461 case 'phone_office':
462 $xml_writer->xmlElement('PhoneOffice', [], $value);
463 break;
464
465 case 'phone_home':
466 $xml_writer->xmlElement('PhoneHome', [], $value);
467 break;
468
469 case 'phone_mobile':
470 $xml_writer->xmlElement('PhoneMobile', [], $value);
471 break;
472
473 case 'fax':
474 $xml_writer->xmlElement('Fax', [], $value);
475 break;
476
477 case 'referral_comment':
478 $xml_writer->xmlElement('Comment', [], $value);
479 break;
480
481 case 'matriculation':
482 $xml_writer->xmlElement('Matriculation', [], $value);
483 break;
484
485 case 'birthday':
486 $xml_writer->xmlElement('Birthday', [], $value);
487 break;
488
489 default:
490 if (!str_starts_with($rule->getAttribute(), 'udf_')) {
491 break;
492 }
493
494 $udf_data = explode('_', $rule->getAttribute());
495 if (!isset($udf_data[1])) {
496 break;
497 }
498
499 $this->initUserDefinedFields();
500 $field = $this->user_defined_fields[$udf_data[1]] ?? null;
501 if ($field === null) {
502 ilLoggerFactory::getLogger('auth')->warning(sprintf(
503 "Invalid/Orphaned UD field mapping detected: %s",
504 $rule->getAttribute()
505 ));
506 break;
507 }
508
509 $xml_writer->xmlElement(
510 'UserDefinedField',
511 ['Id' => $field->getIdentifier(), 'Name' => $field->getLabel($this->lng)],
512 $value
513 );
514 break;
515 }
516 }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilXmlWriter\xmlElement
xmlElement(string $tag, $attrs=null, $data=null, $encode=true, $escape=true)
Writes a basic element (no children, just textual content)
Definition: class.ilXmlWriter.php:318

References ilExternalAuthUserAttributeMappingRule\getAttribute(), ilLoggerFactory\getLogger(), initUserDefinedFields(), and ilXmlWriter\xmlElement().

Referenced by importUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderSaml::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 271 of file class.ilAuthProviderSaml.php.

271 : void
272 {
273 if (
274 !is_array(ilSession::get(self::SESSION_TMP_ATTRIBUTES)) ||
275 [] === ilSession::get(self::SESSION_TMP_ATTRIBUTES) ||
276 $this->getCredentials()->getUsername() === ''
277 ) {
278 $this->getLogger()->warning('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
279 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
280 return;
281 }
282
283 $this->uid = $this->getCredentials()->getUsername();
284 $this->attributes = ilSession::get(self::SESSION_TMP_ATTRIBUTES);
285 $this->return_to = (string) ilSession::get(self::SESSION_TMP_RETURN_TO);
286
287 $this->force_new_account = true;
288
289 $this->handleSamlAuth($status);
290 }
ilAuthProviderSaml\handleSamlAuth
handleSamlAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSaml.php:105
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388

References ilSession\get(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and handleSamlAuth().

+ Here is the call graph for this function:

◆ determineUidFromAttributes()

ilAuthProviderSaml::determineUidFromAttributes ( )
private

Definition at line 67 of file class.ilAuthProviderSaml.php.

67 : void
68 {
69 if (
70 !array_key_exists($this->idp->getUidClaim(), $this->attributes) ||
71 !is_array($this->attributes[$this->idp->getUidClaim()]) ||
72 !array_key_exists(0, $this->attributes[$this->idp->getUidClaim()]) ||
73 $this->attributes[$this->idp->getUidClaim()][0] === ''
74 ) {
75 throw new ilException(sprintf(
76 'Could not find unique SAML attribute for the configured identifier: %s',
77 print_r($this->idp->getUidClaim(), true)
78 ));
79 }
80
81 $this->uid = $this->attributes[$this->idp->getUidClaim()][0];
82 }
ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:26

Referenced by doAuthentication().

+ Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderSaml::doAuthentication ( ilAuthStatus  $status)

Implements ilAuthProviderInterface.

Definition at line 84 of file class.ilAuthProviderSaml.php.

84 : bool
85 {
86 if ([] === $this->attributes) {
87 $this->getLogger()->warning('Could not parse any attributes from SAML response.');
88 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
89
90 return false;
91 }
92
93 try {
94 $this->determineUidFromAttributes();
95
96 return $this->handleSamlAuth($status);
97 } catch (Exception $e) {
98 $this->getLogger()->warning($e->getMessage());
99 $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
100
101 return false;
102 }
103 }

References Vendor\Package\$e, determineUidFromAttributes(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and handleSamlAuth().

+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderSaml::getExternalAccountName ( )

Get external account name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 297 of file class.ilAuthProviderSaml.php.

297 : string
298 {
299 return $this->migration_account;
300 }

References $migration_account.

◆ getTriggerAuthMode()

ilAuthProviderSaml::getTriggerAuthMode ( )

Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth.

See also
ilAuthUtils

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 302 of file class.ilAuthProviderSaml.php.

302 : string
303 {
304 return ilAuthUtils::AUTH_SAML . '_' . $this->idp->getIdpId();
305 }
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:37

References ilAuthUtils\AUTH_SAML.

Referenced by handleSamlAuth().

+ Here is the caller graph for this function:

◆ getUserAuthModeName()

ilAuthProviderSaml::getUserAuthModeName ( )

Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 307 of file class.ilAuthProviderSaml.php.

307 : string
308 {
309 return 'saml_' . $this->idp->getIdpId();
310 }

Referenced by handleSamlAuth(), and importUser().

+ Here is the caller graph for this function:

◆ handleSamlAuth()

ilAuthProviderSaml::handleSamlAuth ( ilAuthStatus  $status)
private

Definition at line 105 of file class.ilAuthProviderSaml.php.

105 : bool
106 {
107 $update_auth_mode = false;
108
109 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
110 'Login observer called for SAML authentication request of ext_account "%s" and auth_mode "%s".',
111 $this->uid,
112 $this->getUserAuthModeName()
113 ));
114 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf('Target set to: %s', print_r($this->return_to, true)));
115 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
116 'Trying to find ext_account "%s" for auth_mode "%s".',
117 $this->uid,
118 $this->getUserAuthModeName()
119 ));
120
121 $internal_account = ilObjUser::_checkExternalAuthAccount(
122 $this->getUserAuthModeName(),
123 $this->uid,
124 false
125 );
126
127 if (!is_string($internal_account) || $internal_account === '') {
128 $update_auth_mode = true;
129
130 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
131 'Could not find ext_account "%s" for auth_mode "%s".',
132 $this->uid,
133 $this->getUserAuthModeName()
134 ));
135
136 $fallback_auth_mode = 'local';
137 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
138 'Trying to find ext_account "%s" for auth_mode "%s".',
139 $this->uid,
140 $fallback_auth_mode
141 ));
142 $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
143
144 $defaultAuth = ilAuthUtils::AUTH_LOCAL;
145 if ($GLOBALS['DIC']['ilSetting']->get('auth_mode')) {
146 $defaultAuth = $GLOBALS['DIC']['ilSetting']->get('auth_mode');
147 }
148
149 if (
150 (!is_string($internal_account) || $internal_account === '') &&
151 ($defaultAuth == ilAuthUtils::AUTH_LOCAL || $defaultAuth == $this->getTriggerAuthMode())
152 ) {
153 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
154 'Could not find ext_account "%s" for auth_mode "%s".',
155 $this->uid,
156 $fallback_auth_mode
157 ));
158
159 $fallback_auth_mode = 'default';
160 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
161 'Trying to find ext_account "%s" for auth_mode "%s".',
162 $this->uid,
163 $fallback_auth_mode
164 ));
165 $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
166 }
167 }
168
169 if (is_string($internal_account) && $internal_account !== '') {
170 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
171 'Found user "%s" for ext_account "%s" in ILIAS database.',
172 $internal_account,
173 $this->uid
174 ));
175
176 if ($this->idp->isSynchronizationEnabled()) {
177 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
178 'SAML user synchronisation is enabled, so update existing user "%s" with ext_account "%s".',
179 $internal_account,
180 $this->uid
181 ));
182 $internal_account = $this->importUser($internal_account, $this->uid, $this->attributes);
183 }
184
185 if ($update_auth_mode) {
186 $usr_id = ilObjUser::_loginExists($internal_account);
187 if ($usr_id > 0) {
188 ilObjUser::_writeAuthMode($usr_id, $this->getUserAuthModeName());
189 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
190 'SAML Switched auth_mode of user with login "%s" and ext_account "%s" to "%s".',
191 $internal_account,
192 $this->uid,
193 $this->getUserAuthModeName()
194 ));
195 } else {
196 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
197 'SAML Could not switch auth_mode of user with login "%s" and ext_account "%s" to "%s".',
198 $internal_account,
199 $this->uid,
200 $this->getUserAuthModeName()
201 ));
202 }
203 }
204
205 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
206 'Authentication succeeded: Found internal login "%s for ext_account "%s" and auth_mode "%s".',
207 $internal_account,
208 $this->uid,
209 $this->getUserAuthModeName()
210 ));
211
212 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
213 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
214 ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
215
216 return true;
217 }
218
219 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
220 'Could not find an existing user for ext_account "%s" for any relevant auth_mode.',
221 $this->uid
222 ));
223 if ($this->idp->isSynchronizationEnabled()) {
224 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
225 'SAML user synchronisation is enabled, so determine action for ext_account "%s" and auth_mode "%s".',
226 $this->uid,
227 $this->getUserAuthModeName()
228 ));
229 if (!$this->force_new_account && $this->idp->isAccountMigrationEnabled()) {
230 ilSession::set(self::SESSION_TMP_ATTRIBUTES, $this->attributes);
231 ilSession::set(self::SESSION_TMP_RETURN_TO, $this->return_to);
232
233 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
234 'Account migration is enabled, so redirecting ext_account "%s" to account migration screen.',
235 $this->uid
236 ));
237
238 $this->setExternalAccountName($this->uid);
239 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
240
241 return false;
242 }
243
244 $new_name = $this->importUser(null, $this->uid, $this->attributes);
245 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
246 'Created new user account with login "%s" and ext_account "%s".',
247 $new_name,
248 $this->uid
249 ));
250
251 ilSession::set(self::SESSION_TMP_ATTRIBUTES, null);
252 ilSession::set(self::SESSION_TMP_RETURN_TO, null);
253 ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
254
255 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
256 $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
257
258 return true;
259 }
260
261 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug("SAML user synchronisation is not enabled, auth failed.");
262 $this->handleAuthenticationFail($status, 'err_auth_saml_no_ilias_user');
263
264 return false;
265 }
ilAuthProviderSaml\importUser
importUser(?string $a_internal_login, string $a_external_account, array $a_user_data=[])
Definition: class.ilAuthProviderSaml.php:312
ilAuthProviderSaml\setExternalAccountName
setExternalAccountName(string $a_name)
Definition: class.ilAuthProviderSaml.php:292
ilAuthProviderSaml\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.
Definition: class.ilAuthProviderSaml.php:307
ilAuthProviderSaml\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
Definition: class.ilAuthProviderSaml.php:302
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:29
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjUser\_writeAuthMode
static _writeAuthMode(int $a_usr_id, string $a_auth_mode)
Definition: class.ilObjUser.php:2684
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2813
ilObjUser\_loginExists
static _loginExists(string $a_login, int $a_user_id=0)
Definition: class.ilObjUser.php:1934
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54

References $GLOBALS, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_loginExists(), ilObjUser\_lookupId(), ilObjUser\_writeAuthMode(), ilAuthUtils\AUTH_LOCAL, ilLoggerFactory\getLogger(), getTriggerAuthMode(), getUserAuthModeName(), ilAuthProvider\handleAuthenticationFail(), importUser(), ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), and doAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ importUser()

ilAuthProviderSaml::importUser ( ?string  $a_internal_login,
string  $a_external_account,
array  $a_user_data = [] 
)
private

Definition at line 312 of file class.ilAuthProviderSaml.php.

312 : string
313 {
314 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->idp->getIdpId());
315
316 $xml_writer = new ilXmlWriter();
317 $xml_writer->xmlStartTag('Users');
318 if (null === $a_internal_login) {
319 $login = $a_user_data[$this->idp->getLoginClaim()][0];
320 $login = ilAuthUtils::_generateLogin($login);
321
322 $xml_writer->xmlStartTag(
323 'User',
324 [
325 'Action' => 'Insert',
326 'Language' => $this->lng->getDefaultLanguage()
327 ]
328 );
329 $xml_writer->xmlElement('Login', [], $login);
330
331 $xml_writer->xmlElement('Role', [
332 'Id' => $this->idp->getDefaultRoleId(),
333 'Type' => 'Global',
334 'Action' => 'Assign'
335 ]);
336
337 $xml_writer->xmlElement('Active', [], "true");
338 $xml_writer->xmlElement('TimeLimitOwner', [], USER_FOLDER_ID);
339 $xml_writer->xmlElement('TimeLimitUnlimited', [], 1);
340 $xml_writer->xmlElement('TimeLimitFrom', [], time());
341 $xml_writer->xmlElement('TimeLimitUntil', [], time());
342 $xml_writer->xmlElement(
343 'AuthMode',
344 ['type' => $this->getUserAuthModeName()],
345 $this->getUserAuthModeName()
346 );
347 $xml_writer->xmlElement('ExternalAccount', [], $a_external_account);
348
349 $mapping = new ilExternalAuthUserCreationAttributeMappingFilter($mapping);
350 } else {
351 $login = $a_internal_login;
352 $usr_id = ilObjUser::_lookupId($a_internal_login);
353
354 $xml_writer->xmlStartTag('User', ['Action' => 'Update', 'Id' => $usr_id]);
355
356 $loginClaim = $a_user_data[$this->idp->getLoginClaim()][0];
357 if (ilStr::strToLower($login) !== ilStr::strToLower($loginClaim)) {
358 $login = ilAuthUtils::_generateLogin($loginClaim);
359 $xml_writer->xmlElement('Login', [], $login);
360 }
361
362 $mapping = new ilExternalAuthUserUpdateAttributeMappingFilter($mapping);
363 }
364
365 foreach ($mapping as $rule) {
366 try {
367 $attributeValueParser = new ilSamlMappedUserAttributeValueParser($rule, $a_user_data);
368 $value = $attributeValueParser->parse();
369 $this->buildUserAttributeXml($xml_writer, $rule, $value);
370 } catch (ilSamlException $e) {
371 $this->getLogger()->warning($e->getMessage());
372 continue;
373 }
374 }
375
376 $xml_writer->xmlEndTag('User');
377 $xml_writer->xmlEndTag('Users');
378
379 ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
380 'Started import of user "%s" with ext_account "%s" and auth_mode "%s".',
381 $login,
382 $a_external_account,
383 $this->getUserAuthModeName()
384 ));
385 $importParser = new ilUserImportParser();
386 $importParser->setXMLContent($xml_writer->xmlDumpMem(false));
387 $importParser->setRoleAssignment([
388 $this->idp->getDefaultRoleId() => $this->idp->getDefaultRoleId(),
389 ]);
390 $importParser->setFolderId(USER_FOLDER_ID);
391 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
392 $importParser->startParsing();
393
394 return $login;
395 }
ilAuthProviderSaml\buildUserAttributeXml
buildUserAttributeXml(ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
Definition: class.ilAuthProviderSaml.php:397
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilStr\strToLower
static strToLower(string $a_string)
Definition: class.ilStr.php:69
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:33
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33

References Vendor\Package\$e, ilAuthUtils\_generateLogin(), ilObjUser\_lookupId(), buildUserAttributeXml(), ilAuthProvider\getLogger(), ilLoggerFactory\getLogger(), getUserAuthModeName(), ilUserImportParser\IL_USER_MAPPING_ID, ILIAS\Repository\lng(), ilStr\strToLower(), and USER_FOLDER_ID.

Referenced by handleSamlAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initUserDefinedFields()

ilAuthProviderSaml::initUserDefinedFields ( )
private

Definition at line 518 of file class.ilAuthProviderSaml.php.

518 : void
519 {
520 if ($this->user_defined_fields === null) {
521 $this->user_defined_fields = $this->profile->getAllUserDefinedFields();
522 }
523 }

References ILIAS\Repository\profile().

Referenced by buildUserAttributeXml().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderSaml::migrateAccount ( ilAuthStatus  $status)

Create new account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 267 of file class.ilAuthProviderSaml.php.

267 : void
268 {
269 }

◆ setExternalAccountName()

ilAuthProviderSaml::setExternalAccountName ( string  $a_name)

Definition at line 292 of file class.ilAuthProviderSaml.php.

292 : void
293 {
294 $this->migration_account = $a_name;
295 }

Referenced by handleSamlAuth().

+ Here is the caller graph for this function:

Field Documentation

◆ $attributes

array ilAuthProviderSaml::$attributes = []
private

Definition at line 36 of file class.ilAuthProviderSaml.php.

◆ $force_new_account

bool ilAuthProviderSaml::$force_new_account = false
private

Definition at line 39 of file class.ilAuthProviderSaml.php.

◆ $idp

ilSamlIdp ilAuthProviderSaml::$idp
private

Definition at line 32 of file class.ilAuthProviderSaml.php.

◆ $lng

readonly ilLanguage ilAuthProviderSaml::$lng
private

Definition at line 33 of file class.ilAuthProviderSaml.php.

◆ $migration_account

string ilAuthProviderSaml::$migration_account = ''
private

Definition at line 40 of file class.ilAuthProviderSaml.php.

Referenced by getExternalAccountName().

◆ $profile

readonly Profile ilAuthProviderSaml::$profile
private

Definition at line 34 of file class.ilAuthProviderSaml.php.

◆ $return_to

string ilAuthProviderSaml::$return_to = ''
private

Definition at line 37 of file class.ilAuthProviderSaml.php.

◆ $uid

string ilAuthProviderSaml::$uid = ''
private

Definition at line 38 of file class.ilAuthProviderSaml.php.

◆ $user_defined_fields

array ilAuthProviderSaml::$user_defined_fields = null
private

Definition at line 44 of file class.ilAuthProviderSaml.php.

◆ ERR_WRONG_LOGIN

const string ilAuthProviderSaml::ERR_WRONG_LOGIN = 'err_wrong_login'
private

Definition at line 27 of file class.ilAuthProviderSaml.php.

◆ LOG_COMPONENT

const string ilAuthProviderSaml::LOG_COMPONENT = 'auth'
private

Definition at line 25 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_ATTRIBUTES

const string ilAuthProviderSaml::SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
private

Definition at line 29 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_RETURN_TO

const string ilAuthProviderSaml::SESSION_TMP_RETURN_TO = 'tmp_return_to'
private

Definition at line 30 of file class.ilAuthProviderSaml.php.

The documentation for this class was generated from the following file: