ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
Public Member Functions | Private Member Functions | Private Attributes
ilAuthProviderSaml Class Reference
+ Inheritance diagram for ilAuthProviderSaml:
+ Collaboration diagram for ilAuthProviderSaml:

Public Member Functions

 __construct (ilAuthCredentials $credentials, ?int $a_idp_id=null)
 
 doAuthentication (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 Create new account. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account. More...
 
 setExternalAccountName (string $a_name)
 
 getExternalAccountName ()
 Get external account name. More...
 
 getTriggerAuthMode ()
 Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...
 
 getUserAuthModeName ()
 Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 
 getLogger ()
 
 getCredentials ()
 

Private Member Functions

 determineUidFromAttributes ()
 
 handleSamlAuth (ilAuthStatus $status)
 
 importUser (?string $a_internal_login, string $a_external_account, array $a_user_data=[])
 
 buildUserAttributeXml (ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
 

Private Attributes

const string LOG_COMPONENT = 'auth'
 
const string ERR_WRONG_LOGIN = 'err_wrong_login'
 
const string SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
 
const string SESSION_TMP_RETURN_TO = 'tmp_return_to'
 
ilSamlIdp $idp
 
readonly ilLanguage $lng
 
array $attributes = []
 
string $return_to = ''
 
string $uid = ''
 
bool $force_new_account = false
 
string $migration_account = ''
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 

Detailed Description

Definition at line 21 of file class.ilAuthProviderSaml.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderSaml::__construct ( ilAuthCredentials  $credentials,
?int  $a_idp_id = null 
)

Definition at line 39 of file class.ilAuthProviderSaml.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), ilSamlIdp\getFirstActiveIdp(), ilSamlIdp\getInstanceByIdpId(), ILIAS\Repository\lng(), and null.

40  {
41  global $DIC;
42 
43  parent::__construct($credentials);
44 
45  $this->lng = $DIC->language();
46 
47  if (null === $a_idp_id || 0 === $a_idp_id) {
48  $this->idp = ilSamlIdp::getFirstActiveIdp();
49  } else {
50  $this->idp = ilSamlIdp::getInstanceByIdpId($a_idp_id);
51  }
52 
53  if ($credentials instanceof ilAuthFrontendCredentialsSaml) {
54  $this->attributes = $credentials->getAttributes();
55  $this->return_to = $credentials->getReturnTo();
56  }
57  }
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
$DIC
global $DIC
Definition: shib_login.php:26
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilSamlIdp\getFirstActiveIdp
static getFirstActiveIdp()
Definition: class.ilSamlIdp.php:56
+ Here is the call graph for this function:

Member Function Documentation

◆ buildUserAttributeXml()

ilAuthProviderSaml::buildUserAttributeXml ( ilXmlWriter  $xml_writer,
ilExternalAuthUserAttributeMappingRule  $rule,
string  $value 
)
private

Definition at line 389 of file class.ilAuthProviderSaml.php.

References ilUserDefinedFields\_getInstance(), ilExternalAuthUserAttributeMappingRule\getAttribute(), ilLoggerFactory\getLogger(), and ilXmlWriter\xmlElement().

Referenced by importUser().

393  : void {
394  switch (strtolower($rule->getAttribute())) {
395  case 'gender':
396  $gender_attr = 'Gender';
397  match (strtolower($value)) {
398  'n', 'neutral' => $xml_writer->xmlElement($gender_attr, [], 'n'),
399  'm', 'male' => $xml_writer->xmlElement($gender_attr, [], 'm'),
400  // no break
401  default => $xml_writer->xmlElement($gender_attr, [], 'f'),
402  };
403  break;
404 
405  case 'firstname':
406  $xml_writer->xmlElement('Firstname', [], $value);
407  break;
408 
409  case 'lastname':
410  $xml_writer->xmlElement('Lastname', [], $value);
411  break;
412 
413  case 'email':
414  $xml_writer->xmlElement('Email', [], $value);
415  break;
416 
417  case 'second_email':
418  $xml_writer->xmlElement('SecondEmail', [], $value);
419  break;
420 
421  case 'institution':
422  $xml_writer->xmlElement('Institution', [], $value);
423  break;
424 
425  case 'department':
426  $xml_writer->xmlElement('Department', [], $value);
427  break;
428 
429  case 'hobby':
430  $xml_writer->xmlElement('Hobby', [], $value);
431  break;
432 
433  case 'title':
434  $xml_writer->xmlElement('Title', [], $value);
435  break;
436 
437  case 'street':
438  $xml_writer->xmlElement('Street', [], $value);
439  break;
440 
441  case 'city':
442  $xml_writer->xmlElement('City', [], $value);
443  break;
444 
445  case 'zipcode':
446  $xml_writer->xmlElement('PostalCode', [], $value);
447  break;
448 
449  case 'country':
450  $xml_writer->xmlElement('Country', [], $value);
451  break;
452 
453  case 'phone_office':
454  $xml_writer->xmlElement('PhoneOffice', [], $value);
455  break;
456 
457  case 'phone_home':
458  $xml_writer->xmlElement('PhoneHome', [], $value);
459  break;
460 
461  case 'phone_mobile':
462  $xml_writer->xmlElement('PhoneMobile', [], $value);
463  break;
464 
465  case 'fax':
466  $xml_writer->xmlElement('Fax', [], $value);
467  break;
468 
469  case 'referral_comment':
470  $xml_writer->xmlElement('Comment', [], $value);
471  break;
472 
473  case 'matriculation':
474  $xml_writer->xmlElement('Matriculation', [], $value);
475  break;
476 
477  case 'birthday':
478  $xml_writer->xmlElement('Birthday', [], $value);
479  break;
480 
481  default:
482  if (!str_starts_with($rule->getAttribute(), 'udf_')) {
483  break;
484  }
485 
486  $udf_data = explode('_', $rule->getAttribute());
487  if (!isset($udf_data[1])) {
488  break;
489  }
490 
491  $definition = ilUserDefinedFields::_getInstance()->getDefinition((int) $udf_data[1]);
492  if (empty($definition)) {
493  ilLoggerFactory::getLogger('auth')->warning(sprintf(
494  "Invalid/Orphaned UD field mapping detected: %s",
495  $rule->getAttribute()
496  ));
497  break;
498  }
499 
500  $xml_writer->xmlElement(
501  'UserDefinedField',
502  ['Id' => $definition['il_id'], 'Name' => $definition['field_name']],
503  $value
504  );
505  break;
506  }
507  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilXmlWriter\xmlElement
xmlElement(string $tag, $attrs=null, $data=null, $encode=true, $escape=true)
Writes a basic element (no children, just textual content)
Definition: class.ilXmlWriter.php:318
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderSaml::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 263 of file class.ilAuthProviderSaml.php.

References ilSession\get(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and handleSamlAuth().

263  : void
264  {
265  if (
266  !is_array(ilSession::get(self::SESSION_TMP_ATTRIBUTES)) ||
267  [] === ilSession::get(self::SESSION_TMP_ATTRIBUTES) ||
268  $this->getCredentials()->getUsername() === ''
269  ) {
270  $this->getLogger()->warning('Cannot find user id for external account: ' . $this->getCredentials()->getUsername());
271  $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
272  return;
273  }
274 
275  $this->uid = $this->getCredentials()->getUsername();
276  $this->attributes = ilSession::get(self::SESSION_TMP_ATTRIBUTES);
277  $this->return_to = (string) ilSession::get(self::SESSION_TMP_RETURN_TO);
278 
279  $this->force_new_account = true;
280 
281  $this->handleSamlAuth($status);
282  }
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilAuthProviderSaml\handleSamlAuth
handleSamlAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSaml.php:97
+ Here is the call graph for this function:

◆ determineUidFromAttributes()

ilAuthProviderSaml::determineUidFromAttributes ( )
private

Definition at line 59 of file class.ilAuthProviderSaml.php.

References $attributes.

Referenced by doAuthentication().

59  : void
60  {
61  if (
62  !array_key_exists($this->idp->getUidClaim(), $this->attributes) ||
63  !is_array($this->attributes[$this->idp->getUidClaim()]) ||
64  !array_key_exists(0, $this->attributes[$this->idp->getUidClaim()]) ||
65  $this->attributes[$this->idp->getUidClaim()][0] === ''
66  ) {
67  throw new ilException(sprintf(
68  'Could not find unique SAML attribute for the configured identifier: %s',
69  print_r($this->idp->getUidClaim(), true)
70  ));
71  }
72 
73  $this->uid = $this->attributes[$this->idp->getUidClaim()][0];
74  }
+ Here is the caller graph for this function:

◆ doAuthentication()

ilAuthProviderSaml::doAuthentication ( ilAuthStatus  $status)

Implements ilAuthProviderInterface.

Definition at line 76 of file class.ilAuthProviderSaml.php.

References Vendor\Package\$e, determineUidFromAttributes(), ilAuthProvider\getLogger(), ilAuthProvider\handleAuthenticationFail(), and handleSamlAuth().

76  : bool
77  {
78  if ([] === $this->attributes) {
79  $this->getLogger()->warning('Could not parse any attributes from SAML response.');
80  $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
81 
82  return false;
83  }
84 
85  try {
86  $this->determineUidFromAttributes();
87 
88  return $this->handleSamlAuth($status);
89  } catch (Exception $e) {
90  $this->getLogger()->warning($e->getMessage());
91  $this->handleAuthenticationFail($status, self::ERR_WRONG_LOGIN);
92 
93  return false;
94  }
95  }
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilAuthProviderSaml\handleSamlAuth
handleSamlAuth(ilAuthStatus $status)
Definition: class.ilAuthProviderSaml.php:97
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderSaml::getExternalAccountName ( )

Get external account name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 289 of file class.ilAuthProviderSaml.php.

References $migration_account.

289  : string
290  {
291  return $this->migration_account;
292  }

◆ getTriggerAuthMode()

ilAuthProviderSaml::getTriggerAuthMode ( )

Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth.

See also
ilAuthUtils

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 294 of file class.ilAuthProviderSaml.php.

References ilAuthUtils\AUTH_SAML.

Referenced by handleSamlAuth().

294  : string
295  {
296  return ilAuthUtils::AUTH_SAML . '_' . $this->idp->getIdpId();
297  }
ilAuthUtils\AUTH_SAML
const int AUTH_SAML
Definition: class.ilAuthUtils.php:35
+ Here is the caller graph for this function:

◆ getUserAuthModeName()

ilAuthProviderSaml::getUserAuthModeName ( )

Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 299 of file class.ilAuthProviderSaml.php.

Referenced by handleSamlAuth(), and importUser().

299  : string
300  {
301  return 'saml_' . $this->idp->getIdpId();
302  }
+ Here is the caller graph for this function:

◆ handleSamlAuth()

ilAuthProviderSaml::handleSamlAuth ( ilAuthStatus  $status)
private

Definition at line 97 of file class.ilAuthProviderSaml.php.

References $GLOBALS, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_loginExists(), ilObjUser\_lookupId(), ilObjUser\_writeAuthMode(), ilAuthUtils\AUTH_LOCAL, ilLoggerFactory\getLogger(), getTriggerAuthMode(), getUserAuthModeName(), ilAuthProvider\handleAuthenticationFail(), importUser(), null, ilSession\set(), ilAuthStatus\setAuthenticatedUserId(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), and doAuthentication().

97  : bool
98  {
99  $update_auth_mode = false;
100 
101  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
102  'Login observer called for SAML authentication request of ext_account "%s" and auth_mode "%s".',
103  $this->uid,
104  $this->getUserAuthModeName()
105  ));
106  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf('Target set to: %s', print_r($this->return_to, true)));
107  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
108  'Trying to find ext_account "%s" for auth_mode "%s".',
109  $this->uid,
110  $this->getUserAuthModeName()
111  ));
112 
113  $internal_account = ilObjUser::_checkExternalAuthAccount(
114  $this->getUserAuthModeName(),
115  $this->uid,
116  false
117  );
118 
119  if (!is_string($internal_account) || $internal_account === '') {
120  $update_auth_mode = true;
121 
122  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
123  'Could not find ext_account "%s" for auth_mode "%s".',
124  $this->uid,
125  $this->getUserAuthModeName()
126  ));
127 
128  $fallback_auth_mode = 'local';
129  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
130  'Trying to find ext_account "%s" for auth_mode "%s".',
131  $this->uid,
132  $fallback_auth_mode
133  ));
134  $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
135 
136  $defaultAuth = ilAuthUtils::AUTH_LOCAL;
137  if ($GLOBALS['DIC']['ilSetting']->get('auth_mode')) {
138  $defaultAuth = $GLOBALS['DIC']['ilSetting']->get('auth_mode');
139  }
140 
141  if (
142  (!is_string($internal_account) || $internal_account === '') &&
143  ($defaultAuth == ilAuthUtils::AUTH_LOCAL || $defaultAuth == $this->getTriggerAuthMode())
144  ) {
145  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
146  'Could not find ext_account "%s" for auth_mode "%s".',
147  $this->uid,
148  $fallback_auth_mode
149  ));
150 
151  $fallback_auth_mode = 'default';
152  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
153  'Trying to find ext_account "%s" for auth_mode "%s".',
154  $this->uid,
155  $fallback_auth_mode
156  ));
157  $internal_account = ilObjUser::_checkExternalAuthAccount($fallback_auth_mode, $this->uid, false);
158  }
159  }
160 
161  if (is_string($internal_account) && $internal_account !== '') {
162  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
163  'Found user "%s" for ext_account "%s" in ILIAS database.',
164  $internal_account,
165  $this->uid
166  ));
167 
168  if ($this->idp->isSynchronizationEnabled()) {
169  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
170  'SAML user synchronisation is enabled, so update existing user "%s" with ext_account "%s".',
171  $internal_account,
172  $this->uid
173  ));
174  $internal_account = $this->importUser($internal_account, $this->uid, $this->attributes);
175  }
176 
177  if ($update_auth_mode) {
178  $usr_id = ilObjUser::_loginExists($internal_account);
179  if ($usr_id > 0) {
180  ilObjUser::_writeAuthMode($usr_id, $this->getUserAuthModeName());
181  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
182  'SAML Switched auth_mode of user with login "%s" and ext_account "%s" to "%s".',
183  $internal_account,
184  $this->uid,
185  $this->getUserAuthModeName()
186  ));
187  } else {
188  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
189  'SAML Could not switch auth_mode of user with login "%s" and ext_account "%s" to "%s".',
190  $internal_account,
191  $this->uid,
192  $this->getUserAuthModeName()
193  ));
194  }
195  }
196 
197  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
198  'Authentication succeeded: Found internal login "%s for ext_account "%s" and auth_mode "%s".',
199  $internal_account,
200  $this->uid,
201  $this->getUserAuthModeName()
202  ));
203 
204  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
205  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
206  ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
207 
208  return true;
209  }
210 
211  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
212  'Could not find an existing user for ext_account "%s" for any relevant auth_mode.',
213  $this->uid
214  ));
215  if ($this->idp->isSynchronizationEnabled()) {
216  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
217  'SAML user synchronisation is enabled, so determine action for ext_account "%s" and auth_mode "%s".',
218  $this->uid,
219  $this->getUserAuthModeName()
220  ));
221  if (!$this->force_new_account && $this->idp->isAccountMigrationEnabled()) {
222  ilSession::set(self::SESSION_TMP_ATTRIBUTES, $this->attributes);
223  ilSession::set(self::SESSION_TMP_RETURN_TO, $this->return_to);
224 
225  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
226  'Account migration is enabled, so redirecting ext_account "%s" to account migration screen.',
227  $this->uid
228  ));
229 
230  $this->setExternalAccountName($this->uid);
231  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
232 
233  return false;
234  }
235 
236  $new_name = $this->importUser(null, $this->uid, $this->attributes);
237  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
238  'Created new user account with login "%s" and ext_account "%s".',
239  $new_name,
240  $this->uid
241  ));
242 
243  ilSession::set(self::SESSION_TMP_ATTRIBUTES, null);
244  ilSession::set(self::SESSION_TMP_RETURN_TO, null);
245  ilSession::set('used_external_auth_mode', $this->getTriggerAuthMode());
246 
247  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
248  $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
249 
250  return true;
251  }
252 
253  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug("SAML user synchronisation is not enabled, auth failed.");
254  $this->handleAuthenticationFail($status, 'err_auth_saml_no_ilias_user');
255 
256  return false;
257  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilAuthProviderSaml\importUser
importUser(?string $a_internal_login, string $a_external_account, array $a_user_data=[])
Definition: class.ilAuthProviderSaml.php:304
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilObjUser\_writeAuthMode
static _writeAuthMode(int $a_usr_id, string $a_auth_mode)
Definition: class.ilObjUser.php:1582
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Definition: class.ilAuthProvider.php:43
ilAuthUtils\AUTH_LOCAL
const int AUTH_LOCAL
Definition: class.ilAuthUtils.php:27
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
ilObjUser\_loginExists
static _loginExists(string $a_login, int $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:3246
ilAuthProviderSaml\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth...
Definition: class.ilAuthProviderSaml.php:299
ilAuthProviderSaml\getTriggerAuthMode
getTriggerAuthMode()
Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 1...
Definition: class.ilAuthProviderSaml.php:294
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:114
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilAuthProviderSaml\setExternalAccountName
setExternalAccountName(string $a_name)
Definition: class.ilAuthProviderSaml.php:284
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const int STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:30
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ importUser()

ilAuthProviderSaml::importUser ( ?string  $a_internal_login,
string  $a_external_account,
array  $a_user_data = [] 
)
private

Definition at line 304 of file class.ilAuthProviderSaml.php.

References Vendor\Package\$e, ilAuthUtils\_generateLogin(), ilObjUser\_lookupId(), buildUserAttributeXml(), ilAuthProvider\getLogger(), ilLoggerFactory\getLogger(), getUserAuthModeName(), ilUserImportParser\IL_USER_MAPPING_ID, ILIAS\Repository\lng(), null, ilStr\strToLower(), and USER_FOLDER_ID.

Referenced by handleSamlAuth().

304  : string
305  {
306  $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->idp->getIdpId());
307 
308  $xml_writer = new ilXmlWriter();
309  $xml_writer->xmlStartTag('Users');
310  if (null === $a_internal_login) {
311  $login = $a_user_data[$this->idp->getLoginClaim()][0];
312  $login = ilAuthUtils::_generateLogin($login);
313 
314  $xml_writer->xmlStartTag(
315  'User',
316  [
317  'Action' => 'Insert',
318  'Language' => $this->lng->getDefaultLanguage()
319  ]
320  );
321  $xml_writer->xmlElement('Login', [], $login);
322 
323  $xml_writer->xmlElement('Role', [
324  'Id' => $this->idp->getDefaultRoleId(),
325  'Type' => 'Global',
326  'Action' => 'Assign'
327  ]);
328 
329  $xml_writer->xmlElement('Active', [], "true");
330  $xml_writer->xmlElement('TimeLimitOwner', [], USER_FOLDER_ID);
331  $xml_writer->xmlElement('TimeLimitUnlimited', [], 1);
332  $xml_writer->xmlElement('TimeLimitFrom', [], time());
333  $xml_writer->xmlElement('TimeLimitUntil', [], time());
334  $xml_writer->xmlElement(
335  'AuthMode',
336  ['type' => $this->getUserAuthModeName()],
337  $this->getUserAuthModeName()
338  );
339  $xml_writer->xmlElement('ExternalAccount', [], $a_external_account);
340 
341  $mapping = new ilExternalAuthUserCreationAttributeMappingFilter($mapping);
342  } else {
343  $login = $a_internal_login;
344  $usr_id = ilObjUser::_lookupId($a_internal_login);
345 
346  $xml_writer->xmlStartTag('User', ['Action' => 'Update', 'Id' => $usr_id]);
347 
348  $loginClaim = $a_user_data[$this->idp->getLoginClaim()][0];
349  if (ilStr::strToLower($login) !== ilStr::strToLower($loginClaim)) {
350  $login = ilAuthUtils::_generateLogin($loginClaim);
351  $xml_writer->xmlElement('Login', [], $login);
352  }
353 
354  $mapping = new ilExternalAuthUserUpdateAttributeMappingFilter($mapping);
355  }
356 
357  foreach ($mapping as $rule) {
358  try {
359  $attributeValueParser = new ilSamlMappedUserAttributeValueParser($rule, $a_user_data);
360  $value = $attributeValueParser->parse();
361  $this->buildUserAttributeXml($xml_writer, $rule, $value);
362  } catch (ilSamlException $e) {
363  $this->getLogger()->warning($e->getMessage());
364  continue;
365  }
366  }
367 
368  $xml_writer->xmlEndTag('User');
369  $xml_writer->xmlEndTag('Users');
370 
371  ilLoggerFactory::getLogger(self::LOG_COMPONENT)->debug(sprintf(
372  'Started import of user "%s" with ext_account "%s" and auth_mode "%s".',
373  $login,
374  $a_external_account,
375  $this->getUserAuthModeName()
376  ));
377  $importParser = new ilUserImportParser();
378  $importParser->setXMLContent($xml_writer->xmlDumpMem(false));
379  $importParser->setRoleAssignment([
380  $this->idp->getDefaultRoleId() => $this->idp->getDefaultRoleId(),
381  ]);
382  $importParser->setFolderId(USER_FOLDER_ID);
383  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
384  $importParser->startParsing();
385 
386  return $login;
387  }
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:337
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilAuthProviderSaml\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth...
Definition: class.ilAuthProviderSaml.php:299
ilStr\strToLower
static strToLower(string $a_string)
Definition: class.ilStr.php:69
ilAuthProviderSaml\buildUserAttributeXml
buildUserAttributeXml(ilXmlWriter $xml_writer, ilExternalAuthUserAttributeMappingRule $rule, string $value)
Definition: class.ilAuthProviderSaml.php:389
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderSaml::migrateAccount ( ilAuthStatus  $status)

Create new account.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 259 of file class.ilAuthProviderSaml.php.

259  : void
260  {
261  }

◆ setExternalAccountName()

ilAuthProviderSaml::setExternalAccountName ( string  $a_name)

Definition at line 284 of file class.ilAuthProviderSaml.php.

Referenced by handleSamlAuth().

284  : void
285  {
286  $this->migration_account = $a_name;
287  }
+ Here is the caller graph for this function:

Field Documentation

◆ $attributes

array ilAuthProviderSaml::$attributes = []
private

Definition at line 33 of file class.ilAuthProviderSaml.php.

Referenced by determineUidFromAttributes().

◆ $force_new_account

bool ilAuthProviderSaml::$force_new_account = false
private

Definition at line 36 of file class.ilAuthProviderSaml.php.

◆ $idp

ilSamlIdp ilAuthProviderSaml::$idp
private

Definition at line 30 of file class.ilAuthProviderSaml.php.

◆ $lng

readonly ilLanguage ilAuthProviderSaml::$lng
private

Definition at line 31 of file class.ilAuthProviderSaml.php.

◆ $migration_account

string ilAuthProviderSaml::$migration_account = ''
private

Definition at line 37 of file class.ilAuthProviderSaml.php.

Referenced by getExternalAccountName().

◆ $return_to

string ilAuthProviderSaml::$return_to = ''
private

Definition at line 34 of file class.ilAuthProviderSaml.php.

◆ $uid

string ilAuthProviderSaml::$uid = ''
private

Definition at line 35 of file class.ilAuthProviderSaml.php.

◆ ERR_WRONG_LOGIN

const string ilAuthProviderSaml::ERR_WRONG_LOGIN = 'err_wrong_login'
private

Definition at line 25 of file class.ilAuthProviderSaml.php.

◆ LOG_COMPONENT

const string ilAuthProviderSaml::LOG_COMPONENT = 'auth'
private

Definition at line 23 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_ATTRIBUTES

const string ilAuthProviderSaml::SESSION_TMP_ATTRIBUTES = 'tmp_attributes'
private

Definition at line 27 of file class.ilAuthProviderSaml.php.

◆ SESSION_TMP_RETURN_TO

const string ilAuthProviderSaml::SESSION_TMP_RETURN_TO = 'tmp_return_to'
private

Definition at line 28 of file class.ilAuthProviderSaml.php.

The documentation for this class was generated from the following file: