ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilSamlSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Refinery\Factory as Refinery;
22 use ILIAS\DI\RBACServices;
23 use ILIAS\HTTP\GlobalHttpState;
24 use ILIAS\Data\Factory;
25 use ILIAS\UI\Component\Input\Container\Form\FormInput;
26 use ILIAS\UI\Component\Input\Container\Form\Standard as StandardForm;
27 
28 final class ilSamlSettingsGUI implements ilCtrlSecurityInterface
29 {
30  private const int VIEW_MODE_GLOBAL = 1;
31  private const int VIEW_MODE_SINGLE = 2;
32 
33  public const string DEFAULT_CMD = 'listIdps';
34 
35  private const string PERMISSION_WRITE = 'write';
36 
37  private const string REQUEST_PARAM_SAML_IDP_ID = 'saml_idp_id';
38  private const string REQUEST_PARAM_SAML_IDP_IDS = 'saml_idp_ids';
39 
40  private const string MESSAGE_TYPE_FAILURE = 'failure';
41  private const string MESSAGE_TYPE_SUCCESS = 'success';
42 
43  private const string LNG_SAVED_SUCCESSFULLY = 'saved_successfully';
44  private const string LNG_AUTH_SAML_USER_MAPPING = 'auth_saml_user_mapping';
45  private const string LNG_LOGIN_FORM = 'login_form';
46  private const string LNG_CANCEL = 'cancel';
47 
48  private const string CMD_SHOW_SETTINGS = 'showSettings';
49  private const string CMD_SAVE_NEW_IDP = 'saveNewIdp';
50  private const string CMD_SAVE_SETTINGS = 'saveSettings';
51  private const string CMD_SHOW_IDP_SETTINGS = 'showIdpSettings';
52  private const string CMT_SAVE_IDP_SETTINGS = 'saveIdpSettings';
53  private const string CMD_SAVE = 'save';
54  private const string CMD_SAVE_USER_ATTRIBUTE_MAPPING = 'saveUserAttributeMapping';
55 
56  private const string PROP_UPDATE_SUFFIX = '_update';
57 
58  private const string METADATA_STORAGE_KEY = 'metadata';
59 
61  private const array GLOBAL_COMMANDS = [
62  self::DEFAULT_CMD,
63  'showAddIdpForm',
64  self::CMD_SHOW_SETTINGS,
65  self::CMD_SAVE_SETTINGS,
66  'showNewIdpForm',
67  'saveNewIdp',
68  ];
69 
71  private const array GLOBAL_ENTITY_COMMANDS = [
72  'deactivateIdp',
73  'activateIdp',
74  'confirmDeleteIdp',
75  'deleteIdp',
76  ];
77 
79  private const array IGNORED_USER_FIELDS = [
80  'mail_incoming_mail',
81  'preferences',
82  'hide_own_online_status',
83  'show_users_online',
84  'roles',
85  'upload',
86  'password',
87  'username',
88  'language',
89  'skin_style',
90  'interests_general',
91  'interests_help_offered',
92  'interests_help_looking',
93  'bs_allow_to_contact_me',
94  'chat_osc_accept_msg',
95  'chat_broadcast_typing',
96  ];
97 
98  private readonly ilCtrlInterface $ctrl;
99  private readonly ilLanguage $lng;
100  private readonly ilGlobalTemplateInterface $tpl;
101  private readonly RBACServices $rbac;
102  private readonly ilErrorHandling $error_handler;
103  private readonly ilTabsGUI $tabs;
104  private readonly ilToolbarGUI $toolbar;
105  private readonly GlobalHttpState $http_state;
106  private readonly Refinery $refinery;
107  private readonly ilHelpGUI $help;
108  private ?ilExternalAuthUserAttributeMapping $mapping = null;
109  private ?ilSamlIdp $idp = null;
110  private ?ilSamlAuth $saml_auth = null;
111  private readonly \ILIAS\UI\Factory $ui_factory;
112  private readonly \ILIAS\UI\Renderer $ui_renderer;
113 
114  public function __construct(private readonly int $ref_id)
115  {
116  global $DIC;
117 
118  $this->ctrl = $DIC->ctrl();
119  $this->tpl = $DIC->ui()->mainTemplate();
120  $this->lng = $DIC->language();
121  $this->rbac = $DIC->rbac();
122  $this->error_handler = $DIC['ilErr'];
123  $this->tabs = $DIC->tabs();
124  $this->toolbar = $DIC['ilToolbar'];
125  $this->help = $DIC['ilHelp'];
126  $this->http_state = $DIC->http();
127  $this->refinery = $DIC->refinery();
128  $this->ui_factory = $DIC->ui()->factory();
129  $this->ui_renderer = $DIC->ui()->renderer();
130 
131  $this->lng->loadLanguageModule('auth');
132  }
133 
134  private function ensureAccess(string $operation): void
135  {
136  if (!$this->rbac->system()->checkAccess($operation, $this->ref_id)) {
137  $this->error_handler->raiseError($this->lng->txt('msg_no_perm_read'), $this->error_handler->WARNING);
138  }
139  }
140 
141  public function getUnsafeGetCommands(): array
142  {
143  return [
144  'handleTableActions'
145  ];
146  }
147 
148  public function getSafePostCommands(): array
149  {
150  return [];
151  }
152 
153  private function ensureWriteAccess(): void
154  {
155  $this->ensureAccess(self::PERMISSION_WRITE);
156  }
157 
158  private function ensureReadAccess(): void
159  {
160  $this->ensureAccess('read');
161  }
162 
163  public function getRefId(): int
164  {
165  return $this->ref_id;
166  }
167 
168  private function getIdpIdOrZero(): int
169  {
170  $idpId = 0;
171  if ($this->http_state->wrapper()->query()->has(self::REQUEST_PARAM_SAML_IDP_ID)) {
172  $idpId = $this->http_state->wrapper()->query()->retrieve(
173  self::REQUEST_PARAM_SAML_IDP_ID,
174  $this->refinery->kindlyTo()->int()
175  );
176  } elseif ($this->http_state->wrapper()->post()->has(self::REQUEST_PARAM_SAML_IDP_ID)) {
177  $idpId = $this->http_state->wrapper()->post()->retrieve(
178  self::REQUEST_PARAM_SAML_IDP_ID,
179  $this->refinery->kindlyTo()->int()
180  );
181  }
182 
183  if ($this->http_state->wrapper()->query()->has('saml_idps_table_action')) {
184  if ($this->http_state->wrapper()->query()->has('saml_idps_idp_id')) {
185  $idpIds = $this->http_state->wrapper()->query()->retrieve(
186  'saml_idps_idp_id',
187  $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())
188  );
189  if (count($idpIds) === 1) {
190  $idpId = current($idpIds);
191  }
192  }
193  }
194 
195  if ($this->http_state->wrapper()->post()->has(self::REQUEST_PARAM_SAML_IDP_IDS)) {
196  $idpIds = $this->http_state->wrapper()->post()->retrieve(
197  self::REQUEST_PARAM_SAML_IDP_IDS,
198  $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())
199  );
200  if (count($idpIds) === 1) {
201  $idpId = current($idpIds);
202  }
203  }
204 
205  return $idpId;
206  }
207 
208  private function initIdp(): void
209  {
210  try {
211  $this->idp = ilSamlIdp::getInstanceByIdpId($this->getIdpIdOrZero());
212  } catch (Exception) {
213  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_FAILURE, $this->lng->txt('auth_saml_unknow_idp'), true);
214  $this->ctrl->setParameter($this, self::REQUEST_PARAM_SAML_IDP_ID, null);
215  $this->ctrl->redirect($this, self::DEFAULT_CMD);
216  }
217  }
218 
219  public function executeCommand(): void
220  {
221  $this->ensureReadAccess();
222 
223  try {
224  $factory = new ilSamlAuthFactory();
225  $this->saml_auth = $factory->auth();
226  } catch (Throwable $e) {
227  if ($e->getMessage() === 'Database error: could not find driver') {
228  $this->tpl->setOnScreenMessage(
229  self::MESSAGE_TYPE_FAILURE,
230  $this->lng->txt('auth_saml_err_sqlite_driver')
231  );
232  } else {
233  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_FAILURE, $e->getMessage());
234  }
235  }
236 
237  $this->help->setScreenIdComponent('auth');
238  $cmd = $this->ctrl->getCmd();
239  if ($cmd === null || $cmd === '' || !method_exists($this, $cmd)) {
240  $cmd = self::DEFAULT_CMD;
241  }
242 
243  $idp_id = $this->getIdpIdOrZero();
244 
245  if ($idp_id > 0) {
246  $this->ctrl->setParameter($this, self::REQUEST_PARAM_SAML_IDP_ID, $idp_id);
247  }
248 
249  if (!in_array(strtolower($cmd), array_map('strtolower', self::GLOBAL_COMMANDS), true)) {
250  if ($idp_id === 0) {
251  $this->ctrl->redirect($this, self::DEFAULT_CMD);
252  }
253 
254  $this->initIdp();
255  $this->initUserAttributeMapping();
256  }
257 
258  if (in_array(strtolower($cmd), array_map('strtolower', self::GLOBAL_COMMANDS), true) ||
259  in_array(strtolower($cmd), array_map('strtolower', self::GLOBAL_ENTITY_COMMANDS), true)) {
260  $this->setSubTabs(self::VIEW_MODE_GLOBAL);
261  } else {
262  $this->setSubTabs(self::VIEW_MODE_SINGLE);
263  }
264 
265  $this->$cmd();
266  }
267 
268  private function listIdps(): void
269  {
270  if ($this->saml_auth && $this->rbac->system()->checkAccess(self::PERMISSION_WRITE, $this->ref_id)) {
271  $this->toolbar->addStickyItem(
272  $this->ui_factory->button()->standard(
273  $this->lng->txt('auth_saml_add_idp_btn'),
274  $this->ctrl->getLinkTarget($this, 'showNewIdpForm')
275  )
276  );
277  }
278 
279  $federation_md_url = rtrim(
280  ILIAS_HTTP_PATH,
281  '/'
282  ) . '/metadata.php?client_id=' . CLIENT_ID;
283  $info = $this->ui_factory->messageBox()->info(
284  sprintf(
285  $this->lng->txt('auth_saml_idps_info'),
286  'auth/saml/config/config.php',
287  'auth/saml/config/authsources.php',
288  $this->ui_renderer->render(
289  $this->ui_factory->link()->standard(
290  'https://simplesamlphp.org/docs/stable/simplesamlphp-sp',
291  'https://simplesamlphp.org/docs/stable/simplesamlphp-sp'
292  )
293  ),
294  $this->ui_renderer->render($this->ui_factory->link()->standard($federation_md_url, $federation_md_url))
295  )
296  );
297 
298  $table = new ilSamlIdpTableGUI(
299  $this,
300  $this->ui_factory,
301  $this->ui_renderer,
302  $this->lng,
303  $this->ctrl,
304  $this->http_state->request(),
305  new Factory(),
306  'handleTableActions',
307  $this->rbac->system()->checkAccess(self::PERMISSION_WRITE, $this->ref_id)
308  );
309  $this->tpl->setContent($this->ui_renderer->render([$info, $table->get()]));
310  }
311 
312  private function handleTableActions(): void
313  {
314  $action = $this->http_state->wrapper()->query()->retrieve(
315  'saml_idps_table_action',
316  $this->refinery->byTrying([
317  $this->refinery->kindlyTo()->string(),
318  $this->refinery->always('')
319  ])
320  );
321  match ($action) {
322  'showIdpSettings' => $this->showIdpSettings(),
323  'activateIdp' => $this->activateIdp(),
324  'deactivateIdp' => $this->deactivateIdp(),
325  'confirmDeleteIdp' => $this->confirmDeleteIdp(),
326  default => $this->ctrl->redirect($this, self::DEFAULT_CMD),
327  };
328  }
329 
330  private function deactivateIdp(): void
331  {
332  $this->ensureWriteAccess();
333 
334  $this->idp->setActive(false);
335  $this->idp->persist();
336 
337  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_SUCCESS, $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY), true);
338  $this->ctrl->redirect($this, self::DEFAULT_CMD);
339  }
340 
341  private function activateIdp(): void
342  {
343  $this->ensureWriteAccess();
344 
345  $this->idp->setActive(true);
346  $this->idp->persist();
347 
348  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_SUCCESS, $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY), true);
349  $this->ctrl->redirect($this, self::DEFAULT_CMD);
350  }
351 
352  private function setSubTabs(int $a_view_mode): void
353  {
354  switch ($a_view_mode) {
355  case self::VIEW_MODE_GLOBAL:
356  $this->tabs->addSubTabTarget(
357  'auth_saml_idps',
358  $this->ctrl->getLinkTarget($this, self::DEFAULT_CMD),
359  array_merge(
360  self::GLOBAL_ENTITY_COMMANDS,
361  [self::DEFAULT_CMD, 'showNewIdpForm', self::CMD_SAVE_NEW_IDP]
362  ),
363  self::class
364  );
365 
366  $this->tabs->addSubTabTarget(
367  'settings',
368  $this->ctrl->getLinkTarget($this, self::CMD_SHOW_SETTINGS),
369  [self::CMD_SHOW_SETTINGS, self::CMD_SAVE_SETTINGS],
370  self::class
371  );
372  break;
373 
374  case self::VIEW_MODE_SINGLE:
375  $this->tabs->clearTargets();
376  $this->tabs->setBackTarget(
377  $this->lng->txt('back'),
378  $this->ctrl->getLinkTarget($this, self::DEFAULT_CMD)
379  );
380 
381  $this->tabs->addSubTabTarget(
382  'auth_saml_idp_settings',
383  $this->ctrl->getLinkTarget($this, self::CMD_SHOW_IDP_SETTINGS),
384  [self::CMD_SHOW_IDP_SETTINGS, self::CMT_SAVE_IDP_SETTINGS],
385  self::class
386  );
387 
388  $this->tabs->addSubTabTarget(
389  self::LNG_AUTH_SAML_USER_MAPPING,
390  $this->ctrl->getLinkTarget($this, 'showUserAttributeMappingForm'),
391  ['showUserAttributeMappingForm', self::CMD_SAVE_USER_ATTRIBUTE_MAPPING],
392  self::class
393  );
394  break;
395  }
396  }
397 
398  private function initUserAttributeMapping(): void
399  {
400  $this->mapping = new ilExternalAuthUserAttributeMapping('saml', $this->idp->getIdpId());
401  }
402 
403  private function getUserAttributeMappingForm(): ilPropertyFormGUI
404  {
405  $form = new ilPropertyFormGUI();
406  $form->setFormAction($this->ctrl->getFormAction($this, self::CMD_SAVE_USER_ATTRIBUTE_MAPPING));
407  $form->setTitle($this->lng->txt(self::LNG_AUTH_SAML_USER_MAPPING));
408 
409  $usr_profile = new ilUserProfile();
410  foreach (array_keys($usr_profile->getStandardFields()) as $id) {
411  if (in_array($id, self::IGNORED_USER_FIELDS, true)) {
412  continue;
413  }
414 
415  $this->addAttributeRuleFieldToForm($form, $this->lng->txt($id), $id);
416  }
417 
418  foreach (ilUserDefinedFields::_getInstance()->getDefinitions() as $definition) {
419  $this->addAttributeRuleFieldToForm($form, $definition['field_name'], 'udf_' . $definition['field_id']);
420  }
421 
422  if ($this->rbac->system()->checkAccess(self::PERMISSION_WRITE, $this->ref_id)) {
423  $form->addCommandButton(self::CMD_SAVE_USER_ATTRIBUTE_MAPPING, $this->lng->txt(self::CMD_SAVE));
424  } else {
425  foreach ($form->getItems() as $item) {
426  $item->setDisabled(true);
427  }
428  }
429 
430  return $form;
431  }
432 
433  private function addAttributeRuleFieldToForm(
434  ilPropertyFormGUI $form,
435  string $field_label,
436  string $field_name
437  ): void {
438  $field = new ilTextInputGUI($field_label, $field_name);
439  $form->addItem($field);
440 
441  $update_automatically = new ilCheckboxInputGUI('', $field_name . self::PROP_UPDATE_SUFFIX);
442  $update_automatically->setOptionTitle($this->lng->txt('auth_saml_update_field_info'));
443  $update_automatically->setValue('1');
444  $form->addItem($update_automatically);
445  }
446 
447  private function saveUserAttributeMapping(): void
448  {
449  $this->ensureWriteAccess();
450 
451  $form = $this->getUserAttributeMappingForm();
452  if ($form->checkInput()) {
453  $this->mapping->delete();
454 
455  $usr_profile = new ilUserProfile();
456  foreach (array_keys($usr_profile->getStandardFields()) as $id) {
457  if (in_array($id, self::IGNORED_USER_FIELDS, true)) {
458  continue;
459  }
460 
461  $rule = $this->mapping->getEmptyRule();
462  $rule->setAttribute($id);
463  $rule->setExternalAttribute((string) $form->getInput($rule->getAttribute()));
464  $rule->updateAutomatically((bool) $form->getInput($rule->getAttribute() . self::PROP_UPDATE_SUFFIX));
465  $this->mapping[$rule->getAttribute()] = $rule;
466  }
467 
468  foreach (ilUserDefinedFields::_getInstance()->getDefinitions() as $definition) {
469  $rule = $this->mapping->getEmptyRule();
470  $rule->setAttribute('udf_' . $definition['field_id']);
471  $rule->setExternalAttribute((string) $form->getInput($rule->getAttribute()));
472  $rule->updateAutomatically((bool) $form->getInput($rule->getAttribute() . self::PROP_UPDATE_SUFFIX));
473  $this->mapping[$rule->getAttribute()] = $rule;
474  }
475 
476  $this->mapping->save();
477 
478  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_SUCCESS, $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY));
479  }
480 
481  $form->setValuesByPost();
482 
483  $this->showUserAttributeMappingForm($form);
484  }
485 
486  private function showUserAttributeMappingForm(?ilPropertyFormGUI $form = null): void
487  {
488  $this->tabs->setSubTabActive(self::LNG_AUTH_SAML_USER_MAPPING);
489 
490  if (!($form instanceof ilPropertyFormGUI)) {
491  $form = $this->getUserAttributeMappingForm();
492  $data = [];
493  foreach ($this->mapping as $rule) {
494  $data[$rule->getAttribute()] = $rule->getExternalAttribute();
495  $data[$rule->getAttribute() . self::PROP_UPDATE_SUFFIX] = $rule->isAutomaticallyUpdated();
496  }
497  $form->setValuesByArray($data);
498  }
499 
500  $this->tpl->setContent($form->getHTML());
501  }
502 
506  private function getSettingsForm(array $values = []): StandardForm
507  {
508  $access = $this->rbac->system()->checkAccess(self::PERMISSION_WRITE, $this->ref_id);
509  $form = $this->ui_factory->input()->container()->form()->standard(
510  $this->ctrl->getFormAction($this, $access ? self::CMD_SAVE_SETTINGS : self::CMD_SHOW_SETTINGS),
511  [
512  self::LNG_LOGIN_FORM => $this->ui_factory->input()->field()->checkbox(
513  $this->lng->txt('auth_saml_login_form'),
514  $this->lng->txt('auth_saml_login_form_info')
515  )
516  ->withValue((bool) ($values[self::LNG_LOGIN_FORM] ?? true))
517  ->withDisabled(!$access),
518  ]
519  );
520 
521  if (!$access) {
522  $form = $form->withSubmitLabel($this->lng->txt('refresh'));
523  }
524 
525  return $form;
526  }
527 
531  private function prepareRoleSelection(): array
532  {
533  $select = [];
534  $global_roles = array_map(
535  intval(...),
536  ilUtil::_sortIds(
537  $this->rbac->review()->getGlobalRoles(),
538  'object_data',
539  'title',
540  'obj_id'
541  )
542  );
543 
544  $select[0] = $this->lng->txt('links_select_one');
545  foreach ($global_roles as $role_id) {
546  $select[$role_id] = ilObject::_lookupTitle($role_id);
547  }
548 
549  return $select;
550  }
551 
552  private function saveSettings(): void
553  {
554  $this->ensureWriteAccess();
555 
556  $form = $this->getSettingsForm()->withRequest($this->http_state->request());
557  if (!$form->getError()) {
558  $data = $form->getData();
559  ilSamlSettings::getInstance()->setLoginFormStatus($data[self::LNG_LOGIN_FORM]);
560  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_SUCCESS, $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY));
561  }
562 
563  $this->showSettings($form);
564  }
565 
566  private function showSettings(?StandardForm $form = null): void
567  {
568  if (!$form) {
569  $form = $this->getSettingsForm([
570  self::LNG_LOGIN_FORM => ilSamlSettings::getInstance()->isDisplayedOnLoginPage()
571  ]);
572  }
573 
574  $title = $this->ui_factory->item()->standard($this->lng->txt('auth_saml_configure'));
575  $this->tpl->setContent($this->ui_renderer->render([
576  $title,
577  $form
578  ]));
579  }
580 
581  private function getIdpSettingsForm(array $values = []): StandardForm
582  {
583  $ui_field = $this->ui_factory->input()->field();
584 
586  $inputs = [
587  $ui_field->text(
588  $this->lng->txt('auth_saml_idp')
589  )->withValue($values['entity_id'] ?? '')->withDisabled(true),
590  self::METADATA_STORAGE_KEY => $ui_field
591  ->textarea(
592  $this->lng->txt('auth_saml_add_idp_md_label'),
593  $this->lng->txt('auth_saml_add_idp_md_info')
594  )
595  ->withoutStripTags()
596  ->withValue($values[self::METADATA_STORAGE_KEY] ?? '')
597  ->withRequired(true)
598  ->withDedicatedName(self::METADATA_STORAGE_KEY),
599  'allow_local_auth' => $ui_field->checkbox(
600  $this->lng->txt('auth_allow_local'),
601  $this->lng->txt('auth_allow_local_info')
602  )->withValue((bool) ($values['allow_local_auth'] ?? true)),
603  'uid_claim' => $ui_field->text(
604  $this->lng->txt('auth_saml_uid_claim'),
605  $this->lng->txt('auth_saml_uid_claim_info')
606  )->withValue($values['uid_claim'] ?? '')->withRequired(true),
607  'sync_status' => $ui_field->optionalGroup(
608  [
609  'login_claim' => $ui_field->text(
610  $this->lng->txt('auth_saml_username_claim'),
611  $this->lng->txt('auth_saml_username_claim_info')
612  )->withRequired(true),
613  'default_role_id' => $ui_field->select(
614  $this->lng->txt('auth_saml_role_select'),
615  $this->prepareRoleSelection()
616  )->withRequired(true),
617  'account_migr_status' => $ui_field->checkbox(
618  $this->lng->txt('auth_saml_migration'),
619  $this->lng->txt('auth_saml_migration_info')
620  )
621  ],
622  $this->lng->txt('auth_saml_sync'),
623  $this->lng->txt('auth_saml_sync_info')
624  )->withValue(
625  (isset($values['sync_status']) && $values['sync_status'])
626  ? [
627  'login_claim' => $values['login_claim'] ?? '',
628  'default_role_id' => $values['default_role_id'] ?? array_key_first($this->prepareRoleSelection()),
629  'account_migr_status' => (bool) ($values['account_migr_status'] ?? true)
630  ]
631  : null
632  )
633  ];
634 
635  $write_access = $this->rbac->system()->checkAccess(self::PERMISSION_WRITE, $this->ref_id);
636  $inputs = array_map(static function (FormInput $input) use ($write_access) {
637  if (!$write_access) {
638  $input = $input->withDisabled(true);
639  }
640  return $input;
641  }, $inputs);
642 
643  $this->ctrl->setParameter($this, self::REQUEST_PARAM_SAML_IDP_ID, $this->idp->getIdpId());
644  return $this->ui_factory->input()->container()->form()->standard(
645  $this->ctrl->getFormAction($this, self::CMT_SAVE_IDP_SETTINGS),
646  $inputs
647  );
648  }
649 
650  private function showIdpSettings(?StandardForm $form = null): void
651  {
652  $this->tabs->setSubTabActive('auth_saml_idp_settings');
653 
654  if (!$form) {
655  $data = $this->idp->toArray();
656  $this->populateWithMetadata($this->idp, $data);
657  $form = $this->getIdpSettingsForm($data);
658  }
659 
660  $this->help->setSubScreenId('edit_idp');
661 
662  $title = $this->ui_factory->item()->standard(
663  sprintf($this->lng->txt('auth_saml_configure_idp'), $this->idp->getEntityId())
664  );
665 
666  $this->tpl->setContent($this->ui_renderer->render([
667  $title,
668  $form
669  ]));
670  }
671 
672  private function saveIdpSettings(): void
673  {
674  $this->ensureWriteAccess();
675 
676  $form = $this->getIdpSettingsForm()->withRequest($this->http_state->request());
677 
678  if (!$form->getError()) {
679  $this->idp->bindForm($form);
680  $this->idp->persist();
681 
682  $this->storeMetadata($this->idp, $form->getData()[self::METADATA_STORAGE_KEY] ?? '');
683  $this->tpl->setOnScreenMessage(
684  self::MESSAGE_TYPE_SUCCESS,
685  $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY),
686  true
687  );
688  }
689 
690  $this->ctrl->redirect($this, self::CMD_SHOW_IDP_SETTINGS);
691  $this->showIdpSettings($form);
692  }
693 
694  private function getIdpForm(): StandardForm
695  {
696  return $this->ui_factory->input()->container()->form()->standard(
697  $this->ctrl->getFormAction($this, self::CMD_SAVE_NEW_IDP),
698  [
699  self::METADATA_STORAGE_KEY => $this->ui_factory
700  ->input()
701  ->field()
702  ->textarea(
703  $this->lng->txt('auth_saml_add_idp_md_label'),
704  $this->lng->txt('auth_saml_add_idp_md_info')
705  )
706  ->withValue($values[self::METADATA_STORAGE_KEY] ?? '')
707  ->withRequired(true)
708  ->withDedicatedName(self::METADATA_STORAGE_KEY),
709  ]
710  );
711  }
712 
713  private function saveNewIdp(): void
714  {
715  $this->ensureWriteAccess();
716 
717  $form = $this->getIdpForm();
718  if (!$form->getError()) {
719  $idp = new ilSamlIdp();
720  $idp->bindForm($form);
721  $idp->persist();
722  $this->storeMetadata($this->idp, $form->getData()[self::METADATA_STORAGE_KEY] ?? '');
723 
724  $this->tpl->setOnScreenMessage(
725  self::MESSAGE_TYPE_SUCCESS,
726  $this->lng->txt(self::LNG_SAVED_SUCCESSFULLY),
727  true
728  );
729  $this->ctrl->setParameter($this, self::REQUEST_PARAM_SAML_IDP_ID, $idp->getIdpId());
730  $this->ctrl->redirect($this, self::CMD_SHOW_IDP_SETTINGS);
731  }
732 
733  $this->showNewIdpForm($form);
734  }
735 
736  private function showNewIdpForm(?StandardForm $form = null): void
737  {
738  $this->ensureWriteAccess();
739 
740  if ($form === null) {
741  $form = $this->getIdpForm();
742  } else {
743  $form = $form->withRequest($this->http_state->request());
744  }
745 
746  $this->help->setSubScreenId('create_idp');
747 
748  $title = $this->ui_factory->item()->standard($this->lng->txt('auth_saml_add_idp_btn'));
749  $this->tpl->setContent($this->ui_renderer->render([
750  $title,
751  $form
752  ]));
753  }
754 
755  private function populateWithMetadata(ilSamlIdp $idp, array &$data): void
756  {
757  $idp_disco = $this->saml_auth->getIdpDiscovery();
758 
759  $data[self::METADATA_STORAGE_KEY] = $idp_disco->fetchIdpMetadata($idp->getIdpId());
760  }
761 
762  private function storeMetadata(ilSamlIdp $idp, string $metadata): void
763  {
764  $idp_disco = $this->saml_auth->getIdpDiscovery();
765  $idp_disco->storeIdpMetadata($idp->getIdpId(), $metadata);
766  }
767 
768  private function confirmDeleteIdp(): void
769  {
770  $this->ensureWriteAccess();
771 
772  $confirmation = new ilConfirmationGUI();
773  $confirmation->setFormAction($this->ctrl->getFormAction($this, 'deleteIdp'));
774  $confirmation->setConfirm($this->lng->txt('confirm'), 'deleteIdp');
775  $confirmation->setCancel($this->lng->txt(self::LNG_CANCEL), self::DEFAULT_CMD);
776  $confirmation->setHeaderText($this->lng->txt('auth_saml_sure_delete_idp'));
777  $confirmation->addItem(
778  self::REQUEST_PARAM_SAML_IDP_IDS,
779  (string) $this->idp->getIdpId(),
780  $this->idp->getEntityId()
781  );
782 
783  $this->tpl->setContent($confirmation->getHTML());
784  }
785 
786  private function deleteIdp(): void
787  {
788  $this->ensureWriteAccess();
789 
790  $idp_disco = $this->saml_auth->getIdpDiscovery();
791  $idp_disco->deleteIdpMetadata($this->idp->getIdpId());
792 
793  $this->idp->delete();
794 
795  $this->tpl->setOnScreenMessage(self::MESSAGE_TYPE_SUCCESS, $this->lng->txt('auth_saml_deleted_idp'), true);
796 
797  $this->ctrl->setParameter($this, self::REQUEST_PARAM_SAML_IDP_ID, null);
798  $this->ctrl->redirect($this, self::DEFAULT_CMD);
799  }
800 }
ilSamlSettingsGUI\LNG_AUTH_SAML_USER_MAPPING
const string LNG_AUTH_SAML_USER_MAPPING
Definition: class.ilSamlSettingsGUI.php:44
ilSamlSettingsGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilSamlSettingsGUI.php:141
ilSamlSettingsGUI\storeMetadata
storeMetadata(ilSamlIdp $idp, string $metadata)
Definition: class.ilSamlSettingsGUI.php:762
ilSamlSettingsGUI\$error_handler
readonly ilErrorHandling $error_handler
Definition: class.ilSamlSettingsGUI.php:102
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:25
ilSamlSettingsGUI\$help
readonly ilHelpGUI $help
Definition: class.ilSamlSettingsGUI.php:107
ilSamlSettingsGUI\setSubTabs
setSubTabs(int $a_view_mode)
Definition: class.ilSamlSettingsGUI.php:352
ilSamlIdp\bindForm
bindForm(StandardForm $form)
Definition: class.ilSamlIdp.php:166
array_map
ilSamlSettingsGUI\showSettings
showSettings(?StandardForm $form=null)
Definition: class.ilSamlSettingsGUI.php:566
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilUserProfile
Class ilUserProfile.
Definition: class.ilUserProfile.php:28
ilSamlSettingsGUI\$http_state
readonly GlobalHttpState $http_state
Definition: class.ilSamlSettingsGUI.php:105
ilSamlSettingsGUI\populateWithMetadata
populateWithMetadata(ilSamlIdp $idp, array &$data)
Definition: class.ilSamlSettingsGUI.php:755
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:66
ilSamlSettingsGUI\CMT_SAVE_IDP_SETTINGS
const string CMT_SAVE_IDP_SETTINGS
Definition: class.ilSamlSettingsGUI.php:52
ilSamlSettingsGUI\REQUEST_PARAM_SAML_IDP_ID
const string REQUEST_PARAM_SAML_IDP_ID
Definition: class.ilSamlSettingsGUI.php:37
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilSamlSettingsGUI\showIdpSettings
showIdpSettings(?StandardForm $form=null)
Definition: class.ilSamlSettingsGUI.php:650
ILIAS\UI\Component\Input\Container\Form\FormInput\withDisabled
withDisabled(bool $is_disabled)
Get an input like this, but set it to a disabled state.
$ref_id
$ref_id
Definition: ltiauth.php:65
ilSamlSettingsGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilSamlSettingsGUI.php:148
ilSamlSettingsGUI\REQUEST_PARAM_SAML_IDP_IDS
const string REQUEST_PARAM_SAML_IDP_IDS
Definition: class.ilSamlSettingsGUI.php:38
ilSamlSettingsGUI\CMD_SAVE_USER_ATTRIBUTE_MAPPING
const string CMD_SAVE_USER_ATTRIBUTE_MAPPING
Definition: class.ilSamlSettingsGUI.php:54
ilSamlSettingsGUI\$rbac
readonly RBACServices $rbac
Definition: class.ilSamlSettingsGUI.php:101
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:838
ilSamlSettingsGUI\$tpl
readonly ilGlobalTemplateInterface $tpl
Definition: class.ilSamlSettingsGUI.php:100
ilSamlSettingsGUI\getSettingsForm
getSettingsForm(array $values=[])
Definition: class.ilSamlSettingsGUI.php:506
Factory
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilSamlSettingsGUI\$toolbar
readonly ilToolbarGUI $toolbar
Definition: class.ilSamlSettingsGUI.php:104
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
$DIC
global $DIC
Definition: shib_login.php:26
ILIAS\DI\RBACServices
Provides fluid interface to RBAC services.
Definition: RBACServices.php:24
ilSamlSettingsGUI\showNewIdpForm
showNewIdpForm(?StandardForm $form=null)
Definition: class.ilSamlSettingsGUI.php:736
ilSamlSettingsGUI\$ui_renderer
readonly ILIAS UI Renderer $ui_renderer
Definition: class.ilSamlSettingsGUI.php:112
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:35
ilSamlSettingsGUI\$mapping
ilExternalAuthUserAttributeMapping $mapping
Definition: class.ilSamlSettingsGUI.php:108
ilSamlSettingsGUI\ensureAccess
ensureAccess(string $operation)
Definition: class.ilSamlSettingsGUI.php:134
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:61
ilSamlSettingsGUI\__construct
__construct(private readonly int $ref_id)
Definition: class.ilSamlSettingsGUI.php:114
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1214
ilSamlSettingsGUI\$ctrl
readonly ilCtrlInterface $ctrl
Definition: class.ilSamlSettingsGUI.php:98
ilSamlSettingsGUI\$refinery
readonly Refinery $refinery
Definition: class.ilSamlSettingsGUI.php:106
ilSamlSettingsGUI\$ui_factory
readonly ILIAS UI Factory $ui_factory
Definition: class.ilSamlSettingsGUI.php:111
ilSamlSettingsGUI\$lng
readonly ilLanguage $lng
Definition: class.ilSamlSettingsGUI.php:99
RBACServices
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilSamlSettingsGUI\addAttributeRuleFieldToForm
addAttributeRuleFieldToForm(ilPropertyFormGUI $form, string $field_label, string $field_name)
Definition: class.ilSamlSettingsGUI.php:433
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSamlSettingsGUI\$tabs
readonly ilTabsGUI $tabs
Definition: class.ilSamlSettingsGUI.php:103
ilSamlSettingsGUI\LNG_SAVED_SUCCESSFULLY
const string LNG_SAVED_SUCCESSFULLY
Definition: class.ilSamlSettingsGUI.php:43
ilSamlSettingsGUI\CMD_SHOW_IDP_SETTINGS
const string CMD_SHOW_IDP_SETTINGS
Definition: class.ilSamlSettingsGUI.php:51
$info
$info
Definition: entry_point.php:21
ILIAS\UI\Component\Input\Container\Form\FormInput
This describes inputs that can be used in forms.
Definition: FormInput.php:32
ilSamlSettingsGUI\showUserAttributeMappingForm
showUserAttributeMappingForm(?ilPropertyFormGUI $form=null)
Definition: class.ilSamlSettingsGUI.php:486
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:29