ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Style\Content\GUIService;
22 use ILIAS\components\Authentication\Pages\AuthPageEditorContext;
23 
30 class ilObjAuthSettingsGUI extends ilObjectGUI
31 {
32  private const PROP_AUTH_MODE_KIND = 'kind';
33  private const PROP_AUTH_MODE_SEQUENCE = 'sequence';
34 
35  private ilLogger $logger;
36  private ILIAS\HTTP\GlobalHttpState $http;
37 
38  private GUIService $content_style_gui;
39 
40  public function __construct($a_data, int $a_id, bool $a_call_by_reference, bool $a_prepare_output = true)
41  {
42  $this->type = 'auth';
43  parent::__construct($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
44 
45  global $DIC;
46  $this->logger = $DIC->logger()->auth();
47 
48  $this->http = $DIC->http();
49 
50  $this->lng->loadLanguageModule('registration');
51  $this->lng->loadLanguageModule('auth');
52  $this->lng->loadLanguageModule('content');
53  $this->content_style_gui = $DIC->contentStyle()->gui();
54  }
55 
56  public function viewObject(): void
57  {
58  $this->authSettingsObject();
59  }
60 
61  private function authSettingsObject(
62  ?ILIAS\UI\Component\Input\Container\Form\Form $auth_mode_determination_form = null,
63  ?ILIAS\UI\Component\Input\Container\Form\Form $registration_role_mapping_form = null
64  ): void {
65  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
66  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
67  }
68 
69  $this->tabs_gui->setTabActive('authentication_settings');
70  $this->setSubTabs('authSettings');
71  $this->tabs_gui->setSubTabActive('auth_settings');
72 
73  $generalSettingsTpl = new ilTemplate('tpl.auth_general.html', true, true, 'components/ILIAS/Authentication');
74 
75  $generalSettingsTpl->setVariable('FORMACTION', $this->ctrl->getFormAction($this));
76 
77  $generalSettingsTpl->setVariable('TXT_AUTH_MODE', $this->lng->txt('auth_mode'));
78  $generalSettingsTpl->setVariable('TXT_AUTH_DEFAULT', $this->lng->txt('default'));
79  $generalSettingsTpl->setVariable('TXT_AUTH_ACTIVE', $this->lng->txt('active'));
80  $generalSettingsTpl->setVariable('TXT_AUTH_NUM_USERS', $this->lng->txt('num_users'));
81 
82  $generalSettingsTpl->setVariable('TXT_LOCAL', $this->lng->txt('auth_local'));
83  $generalSettingsTpl->setVariable('TXT_LDAP', $this->lng->txt('auth_ldap'));
84  $generalSettingsTpl->setVariable('TXT_SHIB', $this->lng->txt('auth_shib'));
85 
86  $generalSettingsTpl->setVariable('TXT_CAS', $this->lng->txt('auth_cas'));
87 
88  $generalSettingsTpl->setVariable('TXT_SCRIPT', $this->lng->txt('auth_script'));
89 
90  $generalSettingsTpl->setVariable('TXT_APACHE', $this->lng->txt('auth_apache'));
91 
92  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
93  $auth_modes = ilAuthUtils::_getAllAuthModes();
94  $valid_modes = [
95  ilAuthUtils::AUTH_LOCAL,
96  ilAuthUtils::AUTH_LDAP,
97  ilAuthUtils::AUTH_SHIBBOLETH,
98  ilAuthUtils::AUTH_SAML,
99  ilAuthUtils::AUTH_CAS,
100  ilAuthUtils::AUTH_APACHE,
101  ilAuthUtils::AUTH_OPENID_CONNECT
102  ];
103 
104  $icon_ok = $this->ui_renderer->render(
105  $this->ui_factory->symbol()->icon()->custom(
106  ilUtil::getImagePath('standard/icon_ok.svg'),
107  $this->lng->txt('enabled')
108  )
109  );
110  $icon_not_ok = $this->ui_renderer->render(
111  $this->ui_factory->symbol()->icon()->custom(
112  ilUtil::getImagePath('standard/icon_not_ok.svg'),
113  $this->lng->txt('disabled')
114  )
115  );
116 
117  $this->logger->debug(print_r($auth_modes, true));
118  foreach ($auth_modes as $mode => $mode_name) {
119  if (!in_array($mode, $valid_modes, true) && !ilLDAPServer::isAuthModeLDAP(
120  (string) $mode
121  ) && !ilSamlIdp::isAuthModeSaml((string) $mode)) {
122  continue;
123  }
124 
125  $generalSettingsTpl->setCurrentBlock('auth_mode');
126 
127  if (ilLDAPServer::isAuthModeLDAP((string) $mode)) {
128  $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::getServerIdByAuthMode($mode));
129  $generalSettingsTpl->setVariable('AUTH_NAME', $server->getName());
130  $generalSettingsTpl->setVariable('AUTH_ACTIVE', $server->isActive() ? $icon_ok : $icon_not_ok);
131  } elseif (ilSamlIdp::isAuthModeSaml((string) $mode)) {
132  $idp = ilSamlIdp::getInstanceByIdpId(ilSamlIdp::getIdpIdByAuthMode($mode));
133  $generalSettingsTpl->setVariable('AUTH_NAME', $idp->getEntityId());
134  $generalSettingsTpl->setVariable('AUTH_ACTIVE', $idp->isActive() ? $icon_ok : $icon_not_ok);
135  } elseif ($mode === ilAuthUtils::AUTH_OPENID_CONNECT) {
136  $generalSettingsTpl->setVariable('AUTH_NAME', $this->lng->txt('auth_' . $mode_name));
137  $generalSettingsTpl->setVariable(
138  'AUTH_ACTIVE',
139  ilOpenIdConnectSettings::getInstance()->getActive() ? $icon_ok : $icon_not_ok
140  );
141  } else {
142  $generalSettingsTpl->setVariable('AUTH_NAME', $this->lng->txt('auth_' . $mode_name));
143  $generalSettingsTpl->setVariable(
144  'AUTH_ACTIVE',
145  $this->ilias->getSetting(
146  $mode_name . '_active'
147  ) || (int) $mode === ilAuthUtils::AUTH_LOCAL ? $icon_ok : $icon_not_ok
148  );
149  }
150 
151  $auth_cnt_mode = $auth_cnt[$mode_name] ?? 0;
152  if ($this->settings->get('auth_mode') === (string) $mode) {
153  $generalSettingsTpl->setVariable('AUTH_CHECKED', 'checked="checked"');
154  $auth_cnt_default = $auth_cnt['default'] ?? 0;
155  $generalSettingsTpl->setVariable(
156  'AUTH_USER_NUM',
157  ((int) $auth_cnt_mode + $auth_cnt_default) . ' (' . $this->lng->txt('auth_per_default') .
158  ': ' . $auth_cnt_default . ')'
159  );
160  } else {
161  $generalSettingsTpl->setVariable(
162  'AUTH_USER_NUM',
163  (int) $auth_cnt_mode
164  );
165  }
166  $generalSettingsTpl->setVariable('AUTH_ID', $mode_name);
167  $generalSettingsTpl->setVariable('AUTH_VAL', $mode);
168  $generalSettingsTpl->parseCurrentBlock();
169  }
170 
171  $generalSettingsTpl->setVariable('TXT_CONFIGURE', $this->lng->txt('auth_configure'));
172 
173  if ($this->rbac_system->checkAccess('write', $this->object->getRefId())) {
174  $generalSettingsTpl->setVariable('TXT_AUTH_REMARK', $this->lng->txt('auth_remark_non_local_auth'));
175  $generalSettingsTpl->setCurrentBlock('auth_mode_submit');
176  $generalSettingsTpl->setVariable('TXT_SUBMIT', $this->lng->txt('save'));
177  $generalSettingsTpl->setVariable('CMD_SUBMIT', 'setAuthMode');
178  $generalSettingsTpl->parseCurrentBlock();
179  }
180 
181  $page_content = [
182  $this->ui_factory->panel()->standard(
183  $this->lng->txt('auth_select'),
184  $this->ui_factory->legacy()->content($generalSettingsTpl->get()),
185  )
186  ];
187 
188  $auth_mode_determination_form = $auth_mode_determination_form ?? $this->buildAuthModeDeterminationForm();
189  if ($auth_mode_determination_form !== null) {
190  $page_content[] = $this->ui_factory->panel()->standard(
191  $this->lng->txt('auth_auth_mode_determination'),
192  $auth_mode_determination_form
193  );
194  }
195 
196  $page_content[] = $this->ui_factory->panel()->standard(
197  $this->lng->txt('auth_active_roles'),
198  $registration_role_mapping_form ?? $this->buildRegistrationRoleMappingForm()
199  );
200 
201  $this->tpl->setContent(
202  $this->ui_renderer->render($page_content)
203  );
204  }
205 
206  private function buildRegistrationRoleMappingForm(): ILIAS\UI\Component\Input\Container\Form\Form
207  {
208  $disabled_fields = !$this->rbac_system->checkAccess('write', $this->object->getRefId());
209 
210  $fields = [];
211  $reg_roles = ilObjRole::_lookupRegisterAllowed();
212 
213  $excluded_auth_names = ['default', 'cas', 'saml', 'shibboleth', 'ldap', 'apache', 'ecs', 'openid'];
214  // do not list auth modes with external login screen
215  // even not default, because it can easily be set to
216  // a non-working auth mode
217  $active_auth_modes = array_filter(
218  ilAuthUtils::_getActiveAuthModes(),
219  static fn(string $auth_name): bool => in_array($auth_name, $excluded_auth_names, true),
220  ARRAY_FILTER_USE_KEY
221  );
222 
223  foreach ($reg_roles as $role) {
224  $options = [];
225  $value = null;
226  foreach ($active_auth_modes as $auth_name => $auth_key) {
227  if ($auth_name === 'default') {
228  $name = $this->lng->txt('auth_' . $auth_name) . ' (' . $this->lng->txt(
229  'auth_' . ilAuthUtils::_getAuthModeName($auth_key)
230  ) . ')';
231  } elseif ($id = ilLDAPServer::getServerIdByAuthMode((string) $auth_key)) {
232  $server = ilLDAPServer::getInstanceByServerId($id);
233  $name = $server->getName();
234  } elseif ($id = ilSamlIdp::getIdpIdByAuthMode((string) $auth_key)) {
235  $idp = ilSamlIdp::getInstanceByIdpId($id);
236  $name = $idp->getEntityId();
237  } else {
238  $name = $this->lng->txt('auth_' . $auth_name);
239  }
240 
241  $options[$auth_name] = $name;
242 
243  if ($role['auth_mode'] === $auth_name) {
244  $value = $auth_name;
245  }
246  }
247 
248  if ($options === []) {
249  continue;
250  }
251 
252  $value = $value ?? ilAuthUtils::AUTH_LOCAL;
253 
254  $fields['r_' . $role['id']] = $this->ui_factory
255  ->input()
256  ->field()
257  ->select(
258  $role['title'],
259  $options,
260  $this->lng->txt('auth_role_auth_mode')
261  )
262  ->withRequired(true)
263  ->withValue($value)
264  ->withDedicatedName('r_' . $role['id'])
265  ->withDisabled($disabled_fields);
266  }
267 
268  return $this->ui_factory
269  ->input()
270  ->container()
271  ->form()
272  ->standard($this->ctrl->getFormAction($this, 'updateRegistrationRoleMapping'), $fields)
273  ->withDedicatedName('registration_role_mapping');
274  }
275 
276  private function updateRegistrationRoleMappingObject(): void
277  {
278  if (!$this->rbac_system->checkAccess('write', $this->object->getRefId())) {
279  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
280  }
281 
282  $form = $this->buildRegistrationRoleMappingForm();
283  $form_valid = false;
284  $form_data = null;
285  if ($this->http->request()->getMethod() === 'POST') {
286  $form = $form->withRequest($this->http->request());
287  $form_data = $form->getData();
288  $form_valid = $form_data !== null;
289  }
290 
291  if (!$form_valid) {
292  $this->tpl->setOnScreenMessage(
293  $this->tpl::MESSAGE_TYPE_FAILURE,
294  $this->lng->txt('err_wrong_login')
295  );
296  $this->authSettingsObject(null, $form);
297  return;
298  }
299 
300  $f_object = [];
301  foreach ($form_data as $role_id => $auth_mode) {
302  $f_object[substr($role_id, 2)] = $auth_mode;
303  }
304  ilObjRole::_updateAuthMode($f_object);
305 
306  $this->tpl->setOnScreenMessage(
307  $this->tpl::MESSAGE_TYPE_SUCCESS,
308  $this->lng->txt('auth_mode_roles_changed'),
309  true
310  );
311  $this->ctrl->redirect($this, 'authSettings');
312  }
313 
314  private function buildAuthModeDeterminationForm(): ?ILIAS\UI\Component\Input\Container\Form\Form
315  {
316  $det = ilAuthModeDetermination::_getInstance();
317  if ($det->getCountActiveAuthModes() <= 1) {
318  return null;
319  }
320 
321  $disabled_fields = !$this->rbac_system->checkAccess('write', $this->object->getRefId());
322 
323  $automatic_options = [];
324  $counter = 1;
325  $auth_sequenced = $det->getAuthModeSequence();
326  foreach ($auth_sequenced as $auth_mode) {
327  $text = '';
328  switch ($auth_mode) {
329  case ilLDAPServer::isAuthModeLDAP((string) $auth_mode):
330  $auth_id = ilLDAPServer::getServerIdByAuthMode($auth_mode);
331  $server = ilLDAPServer::getInstanceByServerId($auth_id);
332  $text = $server->getName();
333  break;
334  case ilAuthUtils::AUTH_LOCAL:
335  $text = $this->lng->txt('auth_local');
336  break;
337  case ilAuthUtils::AUTH_SOAP:
338  $text = $this->lng->txt('auth_soap');
339  break;
340  case ilAuthUtils::AUTH_APACHE:
341  $text = $this->lng->txt('auth_apache');
342  break;
343  default:
344  foreach (ilAuthUtils::getAuthPlugins() as $pl) {
345  $option = $pl->getMultipleAuthModeOptions($auth_mode);
346  $text = $option[$auth_mode]['txt'];
347  }
348  break;
349  }
350 
351  $automatic_options['m' . $auth_mode] = $this->ui_factory
352  ->input()
353  ->field()
354  ->numeric($text)
355  ->withDedicatedName('m' . $auth_mode)
356  ->withValue($counter++)
357  ->withDisabled($disabled_fields);
358  }
359 
360  $options = [
361  (string) ilAuthModeDetermination::TYPE_MANUAL => $this->ui_factory
362  ->input()
363  ->field()
364  ->group(
365  [],
366  $this->lng->txt('auth_by_user')
367  )
368  ->withDedicatedName((string) ilAuthModeDetermination::TYPE_MANUAL)
369  ->withDisabled($disabled_fields),
370  (string) ilAuthModeDetermination::TYPE_AUTOMATIC => $this->ui_factory
371  ->input()
372  ->field()
373  ->group(
374  $automatic_options,
375  $this->lng->txt('auth_automatic')
376  )
377  ->withDedicatedName((string) ilAuthModeDetermination::TYPE_AUTOMATIC)
378  ->withDisabled($disabled_fields)
379  ];
380 
381  $sections = [
382  self::PROP_AUTH_MODE_KIND => $this->ui_factory
383  ->input()
384  ->field()
385  ->switchableGroup(
386  $options,
387  $this->lng->txt('auth_kind_determination'),
388  $this->lng->txt('auth_mode_determination_info')
389  )
390  ->withDedicatedName(self::PROP_AUTH_MODE_KIND)
391  ->withValue((string) $det->getKind())
392  ->withDisabled($disabled_fields)
393  ->withRequired(true)
394  ];
395 
396  return $this->ui_factory
397  ->input()
398  ->container()
399  ->form()
400  ->standard($this->ctrl->getFormAction($this, 'updateAuthModeDetermination'), $sections)
401  ->withDedicatedName('auth_mode_determination')
402  ->withAdditionalTransformation(
403  $this->refinery->custom()->transformation(function ($value): array {
404  $auth_mode_kind = (int) ($value[self::PROP_AUTH_MODE_KIND][0] ?? ilAuthModeDetermination::TYPE_MANUAL);
405  $sequence = [];
406  if ($auth_mode_kind === ilAuthModeDetermination::TYPE_AUTOMATIC) {
407  $sequence = (array) ($value[self::PROP_AUTH_MODE_KIND][1] ?? []);
408  }
409 
410  $merged_values = array_merge(
411  [
412  self::PROP_AUTH_MODE_KIND => $auth_mode_kind,
413  ],
414  [
415  self::PROP_AUTH_MODE_SEQUENCE => $sequence
416  ]
417  );
418 
419  return $merged_values;
420  })
421  );
422  }
423 
424  private function updateAuthModeDeterminationObject(): void
425  {
426  if (!$this->rbac_system->checkAccess('write', $this->object->getRefId())) {
427  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
428  }
429 
430  $form = $this->buildAuthModeDeterminationForm();
431  if ($form === null) {
432  $this->authSettingsObject();
433  return;
434  }
435 
436  $form_valid = false;
437  $form_data = null;
438  if ($this->http->request()->getMethod() === 'POST') {
439  $form = $form->withRequest($this->http->request());
440  $form_data = $form->getData();
441  $form_valid = $form_data !== null;
442  }
443 
444  if (!$form_valid) {
445  $this->tpl->setOnScreenMessage(
446  $this->tpl::MESSAGE_TYPE_FAILURE,
447  $this->lng->txt('err_wrong_login')
448  );
449  $this->authSettingsObject($form);
450  return;
451  }
452 
453  $det = ilAuthModeDetermination::_getInstance();
454  $kind = (int) $form_data[self::PROP_AUTH_MODE_KIND];
455  $det->setKind($kind);
456  if ($kind === ilAuthModeDetermination::TYPE_AUTOMATIC) {
457  $sequence = $form_data[self::PROP_AUTH_MODE_SEQUENCE];
458  $this->logger->debug('pos mode:' . print_r($sequence, true));
459  asort($sequence, SORT_NUMERIC);
460  $this->logger->debug('pos mode:' . print_r($sequence, true));
461  $counter = 0;
462  $position = [];
463  foreach (array_keys($sequence) as $auth_mode) {
464  $position[$counter++] = substr($auth_mode, 1);
465  }
466  $this->logger->debug('position mode:' . print_r($position, true));
467  $det->setAuthModeSequence($position);
468  }
469  $det->save();
470 
471  $this->tpl->setOnScreenMessage(
472  $this->tpl::MESSAGE_TYPE_SUCCESS,
473  $this->lng->txt('settings_saved'),
474  true
475  );
476  $this->ctrl->redirect($this, 'authSettings');
477  }
478 
479  public function cancelObject(): void
480  {
481  $this->ctrl->redirect($this, 'authSettings');
482  }
483 
484  public function setAuthModeObject(): void
485  {
486  if (!$this->rbac_system->checkAccess('write', $this->object->getRefId())) {
487  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
488  }
489  $this->logger->debug('auth mode available:' . $this->request_wrapper->has('auth_mode'));
490 
491  if (!$this->http->wrapper()->post()->has('auth_mode')) {
492  $this->ilias->raiseError($this->lng->txt('auth_err_no_mode_selected'), $this->ilias->error_obj->MESSAGE);
493  }
494  $new_auth_mode = $this->http->wrapper()->post()->retrieve('auth_mode', $this->refinery->to()->string());
495  $this->logger->debug('auth mode:' . $new_auth_mode);
496  $current_auth_mode = $this->settings->get('auth_mode', '');
497  if ($new_auth_mode === $current_auth_mode) {
498  $this->tpl->setOnScreenMessage(
499  'info',
500  $this->lng->txt('auth_mode') . ': ' . $this->getAuthModeTitle() . ' ' . $this->lng->txt(
501  'auth_mode_not_changed'
502  ),
503  true
504  );
505  $this->ctrl->redirect($this, 'authSettings');
506  }
507 
508  switch ((int) $new_auth_mode) {
509  case ilAuthUtils::AUTH_SAML:
510  break;
511 
512  // @fix changed from AUTH_SHIB > is not defined
513  case ilAuthUtils::AUTH_SHIBBOLETH:
514  if ($this->object->checkAuthSHIB() !== true) {
515  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('auth_shib_not_configured'), true);
516  ilUtil::redirect(
517  $this->getReturnLocation(
518  'authSettings',
519  $this->ctrl->getLinkTargetByClass(
520  ilAuthShibbolethSettingsGUI::class,
521  'settings',
522  '',
523  false,
524  false
525  )
526  )
527  );
528  }
529  break;
530 
531  case ilAuthUtils::AUTH_SCRIPT:
532  if ($this->object->checkAuthScript() !== true) {
533  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('auth_script_not_configured'), true);
534  ilUtil::redirect(
535  $this->getReturnLocation(
536  'authSettings',
537  $this->ctrl->getLinkTarget($this, 'editScript', '', false, false)
538  )
539  );
540  }
541  break;
542  }
543 
544  $this->ilias->setSetting('auth_mode', $new_auth_mode);
545 
546  $this->tpl->setOnScreenMessage(
547  'success',
548  $this->lng->txt('auth_default_mode_changed_to') . ' ' . $this->getAuthModeTitle(),
549  true
550  );
551  $this->ctrl->redirect($this, 'authSettings');
552  }
553 
554  private function buildSOAPForm(
555  string $submit_action
556  ): \ILIAS\UI\Component\Input\Container\Form\Form {
557  $role_list = $this->rbac_review->getRolesByFilter(2, $this->object->getId());
558  $roles = [];
559 
560  foreach ($role_list as $role) {
561  $roles[$role['obj_id']] = $role['title'];
562  }
563 
564  $active = $this->ui_factory
565  ->input()
566  ->field()
567  ->checkbox($this->lng->txt('active'))
568  ->withValue((bool) $this->settings->get('soap_auth_active', ''));
569 
570  $server = $this->ui_factory
571  ->input()
572  ->field()
573  ->text(
574  $this->lng->txt('server'),
575  $this->lng->txt('auth_soap_server_desc')
576  )
577  ->withMaxLength(256)
578  ->withRequired(true)
579  ->withValue($this->settings->get('soap_auth_server', ''));
580 
581  $port = $this->ui_factory
582  ->input()
583  ->field()
584  ->numeric(
585  $this->lng->txt('port'),
586  $this->lng->txt('auth_soap_port_desc')
587  )
588  ->withAdditionalTransformation($this->refinery->int()->isGreaterThan(0))
589  ->withAdditionalTransformation(
590  $this->refinery->int()->isLessThan(65536)
591  )
592  ->withValue((int) $this->settings->get('soap_auth_port', '0'));
593 
594  $use_https = $this->ui_factory
595  ->input()
596  ->field()
597  ->checkbox($this->lng->txt('auth_soap_use_https'))
598  ->withValue((bool) $this->settings->get('soap_auth_use_https', ''));
599 
600  $uri = $this->ui_factory
601  ->input()
602  ->field()
603  ->text(
604  $this->lng->txt('uri'),
605  $this->lng->txt('auth_soap_uri_desc')
606  )
607  ->withMaxLength(256)
608  ->withValue($this->settings->get('soap_auth_uri', ''));
609 
610  $namespace = $this->ui_factory
611  ->input()
612  ->field()
613  ->text(
614  $this->lng->txt('auth_soap_namespace'),
615  $this->lng->txt('auth_soap_namespace_desc')
616  )
617  ->withMaxLength(256)
618  ->withValue($this->settings->get('soap_auth_namespace', ''));
619 
620  $dotnet = $this->ui_factory
621  ->input()
622  ->field()
623  ->checkbox($this->lng->txt('auth_soap_use_dotnet'))
624  ->withValue((bool) $this->settings->get('soap_auth_use_dotnet', ''));
625 
626  $createuser = $this->ui_factory
627  ->input()
628  ->field()
629  ->checkbox(
630  $this->lng->txt('auth_create_users'),
631  $this->lng->txt('auth_soap_create_users_desc')
632  )
633  ->withValue((bool) $this->settings->get('soap_auth_create_users', ''));
634 
635  $sendmail = $this->ui_factory
636  ->input()
637  ->field()
638  ->checkbox(
639  $this->lng->txt('user_send_new_account_mail'),
640  $this->lng->txt('auth_new_account_mail_desc')
641  )
642  ->withValue((bool) $this->settings->get('soap_auth_account_mail', ''));
643 
644  $defaultrole = $this->ui_factory
645  ->input()
646  ->field()
647  ->select(
648  $this->lng->txt('auth_user_default_role'),
649  $roles,
650  $this->lng->txt('auth_soap_user_default_role_desc')
651  )
652  ->withValue($this->settings->get('soap_auth_user_default_role', '4'))
653  ->withAdditionalTransformation($this->refinery->int()->isGreaterThan(0));
654 
655  $allowlocal = $this->ui_factory
656  ->input()
657  ->field()
658  ->checkbox(
659  $this->lng->txt('auth_allow_local'),
660  $this->lng->txt('auth_soap_allow_local_desc')
661  )
662  ->withValue((bool) $this->settings->get('soap_auth_user_default_role', ''));
663 
664  $form = $this->ui_factory->input()->container()->form()->standard(
665  $submit_action,
666  [
667  'active' => $active,
668  'server' => $server,
669  'port' => $port,
670  'use_https' => $use_https,
671  'uri' => $uri,
672  'namespace' => $namespace,
673  'dotnet' => $dotnet,
674  'createuser' => $createuser,
675  'sendmail' => $sendmail,
676  'defaultrole' => $defaultrole,
677  'allowlocal' => $allowlocal
678  ]
679  );
680  return $form;
681  }
682 
683  private function buildSOAPTestForm(
684  string $submit_action
685  ): \ILIAS\UI\Component\Input\Container\Form\Form {
686  $ext_uid = $this->ui_factory->input()->field()->text(
687  'ext_uid'
688  );
689  $soap_pw = $this->ui_factory->input()->field()->text(
690  'soap_pw'
691  );
692  $new_user = $this->ui_factory->input()->field()
693  ->checkbox('new_user');
694  return $this->ui_factory->input()->container()->form()->standard(
695  $submit_action,
696  [
697  'ext_uid' => $ext_uid,
698  'soap_pw' => $soap_pw,
699  'new_user' => $new_user
700  ]
701  )->withSubmitLabel('Send');
702  }
703 
704  public function editSOAPObject(): void
705  {
706  if (!$this->rbac_system->checkAccess('read', $this->object->getRefId())) {
707  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
708  }
709 
710  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, 'saveSOAP'));
711  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, 'testSoapAuthConnection'));
712 
713  $this->tabs_gui->setTabActive('auth_soap');
714  $panel = $this->ui_factory->panel()->standard('SOAP', [$soap_form, $test_form]);
715  $this->tpl->setContent($this->ui_renderer->render($panel));
716  }
717 
718  public function testSoapAuthConnectionObject(): void
719  {
720  if (!$this->rbac_system->checkAccess('read', $this->object->getRefId())) {
721  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
722  }
723 
724  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, 'saveSOAP'));
725  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, 'testSoapAuthConnection'));
726  $panel_content = [$soap_form, $test_form];
727  if ($this->request->getMethod() === 'POST') {
728  $test_form = $test_form->withRequest($this->request);
729  $result = $test_form->getData();
730  if (!is_null($result)) {
731  $panel_content[] = $this->ui_factory->legacy()->content(
732  ilSOAPAuth::testConnection($result['ext_uid'], $result['soap_pw'], $result['new_user'])
733  );
734  }
735  }
736  $this->tabs_gui->setTabActive('auth_soap');
737  $panel = $this->ui_factory->panel()->standard('SOAP', $panel_content);
738  $this->tpl->setContent($this->ui_renderer->render($panel));
739  }
740 
741  public function saveSOAPObject(): void
742  {
743  if (!$this->rbac_system->checkAccess('write', $this->object->getRefId())) {
744  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
745  }
746 
747  $soap_form = $this->buildSOAPForm($this->ctrl->getFormAction($this, 'saveSOAP'));
748  $test_form = $this->buildSOAPTestForm($this->ctrl->getFormAction($this, 'testSoapAuthConnection'));
749  if ($this->request->getMethod() === 'POST') {
750  $soap_form = $soap_form->withRequest($this->request);
751  $result = $soap_form->getData();
752  if (!is_null($result)) {
753  $this->settings->set('soap_auth_active', (string) $result['active']);
754  $this->settings->set('soap_auth_server', $result['server']);
755  $this->settings->set('soap_auth_port', (string) $result['port']);
756  $this->settings->set('soap_auth_use_https', (string) $result['use_https']);
757  $this->settings->set('soap_auth_uri', $result['uri']);
758  $this->settings->set('soap_auth_namespace', $result['namespace']);
759  $this->settings->set('soap_auth_use_dotnet', (string) $result['dotnet']);
760  $this->settings->set('soap_auth_create_users', (string) $result['createuser']);
761  $this->settings->set('soap_auth_account_mail', (string) $result['sendmail']);
762  $this->settings->set('soap_auth_user_default_role', (string) $result['defaultrole']);
763  $this->settings->set('soap_auth_allow_local', (string) $result['allowlocal']);
764 
765  $this->tpl->setOnScreenMessage('success', $this->lng->txt('auth_soap_settings_saved'), true);
766  $this->logger->info('data' . print_r($result, true));
767  $this->ctrl->redirect($this, 'editSOAP');
768  }
769  }
770 
771  $this->tabs_gui->setTabActive('auth_soap');
772  $panel = $this->ui_factory->panel()->standard('SOAP', [$soap_form, $test_form]);
773  $this->tpl->setContent($this->ui_renderer->render($panel));
774  }
775 
776  public function editScriptObject(): void
777  {
778  if (!$this->rbac_system->checkAccess('write', $this->object->getRefId())) {
779  $this->ilias->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->MESSAGE);
780  }
781 
782  if ($_SESSION['error_post_vars']) {
783  $this->tpl->setVariable('AUTH_SCRIPT_NAME', $_SESSION['error_post_vars']['auth_script']['name']);
784  } else {
785  $settings = $this->ilias->getAllSettings();
786 
787  $this->tpl->setVariable('AUTH_SCRIPT_NAME', $settings['auth_script_name']);
788  }
789 
790  $this->tabs_gui->setTabActive('auth_script');
791 
792  $this->tpl->addBlockFile(
793  'ADM_CONTENT',
794  'adm_content',
795  'tpl.auth_script.html',
796  'components/ILIAS/Authentication'
797  );
798 
799  $this->tpl->setVariable('FORMACTION', $this->ctrl->getFormAction($this));
800  $this->tpl->setVariable('COLSPAN', 3);
801  $this->tpl->setVariable('TXT_AUTH_SCRIPT_TITLE', $this->lng->txt('auth_script_configure'));
802  $this->tpl->setVariable('TXT_OPTIONS', $this->lng->txt('options'));
803  $this->tpl->setVariable('TXT_AUTH_SCRIPT_NAME', $this->lng->txt('auth_script_name'));
804 
805  $this->tpl->setVariable('TXT_REQUIRED_FLD', $this->lng->txt('required_field'));
806  $this->tpl->setVariable('TXT_CANCEL', $this->lng->txt('cancel'));
807  $this->tpl->setVariable('TXT_SUBMIT', $this->lng->txt('save'));
808  $this->tpl->setVariable('CMD_SUBMIT', 'saveScript');
809  }
810 
811  public function saveScriptObject(): void
812  {
813  if (!$_POST['auth_script']['name']) {
814  $this->ilias->raiseError($this->lng->txt('fill_out_all_required_fields'), $this->ilias->error_obj->MESSAGE);
815  }
816 
817  $this->ilias->setSetting('auth_script_name', $_POST['auth_script']['name']);
818  $this->ilias->setSetting('auth_mode', (string) ilAuthUtils::AUTH_SCRIPT);
819 
820  $this->tpl->setOnScreenMessage(
821  'success',
822  $this->lng->txt('auth_mode_changed_to') . ' ' . $this->getAuthModeTitle(),
823  true
824  );
825  $this->ctrl->redirect($this, 'editScript');
826  }
827 
828  private function getAuthModeTitle(): string
829  {
830  return match ((int) $this->ilias->getSetting('auth_mode')) {
831  ilAuthUtils::AUTH_LOCAL => $this->lng->txt('auth_local'),
832  ilAuthUtils::AUTH_LDAP => $this->lng->txt('auth_ldap'),
833  ilAuthUtils::AUTH_SHIBBOLETH => $this->lng->txt('auth_shib'),
834  ilAuthUtils::AUTH_SAML => $this->lng->txt('auth_saml'),
835  ilAuthUtils::AUTH_SCRIPT => $this->lng->txt('auth_script'),
836  ilAuthUtils::AUTH_APACHE => $this->lng->txt('auth_apache'),
837  default => $this->lng->txt('unknown'),
838  };
839  }
840 
841  public function executeCommand(): void
842  {
843  $next_class = $this->ctrl->getNextClass($this) ?? '';
844  $cmd = $this->ctrl->getCmd() ?? '';
845  $this->prepareOutput();
846 
847  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
848  $this->error->raiseError($this->lng->txt('msg_no_perm_read'), $this->error->WARNING);
849  }
850 
851  switch ($next_class) {
852  case 'ilopenidconnectsettingsgui':
853  $this->tabs_gui->activateTab('auth_oidconnect');
854 
855  $oid = new ilOpenIdConnectSettingsGUI($this->object->getRefId());
856  $this->ctrl->forwardCommand($oid);
857  break;
858 
859  case 'ilsamlsettingsgui':
860  $this->tabs_gui->setTabActive('auth_saml');
861 
862  $os = new ilSamlSettingsGUI($this->object->getRefId());
863  $this->ctrl->forwardCommand($os);
864  break;
865 
866  case 'ilregistrationsettingsgui':
867  $this->tabs_gui->setTabActive('registration_settings');
868 
869  $registration_gui = new ilRegistrationSettingsGUI();
870  $this->ctrl->forwardCommand($registration_gui);
871  break;
872 
873  case 'ilpermissiongui':
874  $this->tabs_gui->setTabActive('perm_settings');
875 
876  $perm_gui = new ilPermissionGUI($this);
877  $this->ctrl->forwardCommand($perm_gui);
878  break;
879 
880  case 'illdapsettingsgui':
881  $this->tabs_gui->setTabActive('auth_ldap');
882 
883  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
884  $this->ctrl->forwardCommand($ldap_settings_gui);
885  break;
886 
887  case 'ilauthshibbolethsettingsgui':
888  $this->tabs_gui->setTabActive('auth_shib');
889 
890  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
891  $this->ctrl->forwardCommand($shib_settings_gui);
892  break;
893 
894  case 'ilcassettingsgui':
895  $this->tabs_gui->setTabActive('auth_cas');
896 
897  $cas_settings = new ilCASSettingsGUI($this->object->getRefId());
898  $this->ctrl->forwardCommand($cas_settings);
899  break;
900 
901  case strtolower(ilAuthPageEditorGUI::class):
902  $this->setSubTabs('authSettings');
903  $this->tabs_gui->setTabActive('authentication_settings');
904  $this->tabs_gui->setSubTabActive('auth_login_editor');
905 
906  $lpe = new ilAuthPageEditorGUI($this->object->getRefId());
907  $this->ctrl->forwardCommand($lpe);
908  break;
909 
910  case strtolower(ilObjectContentStyleSettingsGUI::class):
911  $this->checkPermission('write');
912  $this->setTitleAndDescription();
913  $this->setSubTabs('authSettings');
914  $this->tabs_gui->activateTab('authentication_settings');
915  $this->tabs_gui->activateSubTab('style');
916 
917  $settings_gui = $this->content_style_gui
918  ->objectSettingsGUIForRefId(
919  null,
920  $this->object->getRefId()
921  );
922  $this->ctrl->forwardCommand($settings_gui);
923  break;
924 
925  case strtolower(ilAuthLogoutBehaviourGUI::class):
926  $this->setSubTabs('authSettings');
927  $this->tabs_gui->setTabActive('authentication_settings');
928  $this->tabs_gui->setSubTabActive('logout_behaviour');
929 
930  $gui = new ilAuthLogoutBehaviourGUI();
931  $this->ctrl->forwardCommand($gui);
932  break;
933 
934  default:
935  if (!$cmd) {
936  $cmd = 'authSettings';
937  }
938  $cmd .= 'Object';
939  $this->$cmd();
940 
941  break;
942  }
943  }
944 
945  public function getAdminTabs(): void
946  {
947  $this->getTabs();
948  }
949 
950  protected function getTabs(): void
951  {
952  $this->ctrl->setParameter($this, 'ref_id', $this->object->getRefId());
953 
954  if ($this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
955  $this->tabs_gui->addTarget(
956  'authentication_settings',
957  $this->ctrl->getLinkTarget($this, 'authSettings'),
958  '',
959  '',
960  ''
961  );
962 
963  $this->tabs_gui->addTarget(
964  'registration_settings',
965  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui', 'view')
966  );
967 
968  $this->tabs_gui->addTarget(
969  'auth_ldap',
970  $this->ctrl->getLinkTargetByClass('illdapsettingsgui', 'serverList'),
971  '',
972  '',
973  ''
974  );
975 
976  $this->tabs_gui->addTarget(
977  'auth_shib',
978  $this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui', 'settings')
979  );
980 
981  $this->tabs_gui->addTarget(
982  'auth_cas',
983  $this->ctrl->getLinkTargetByClass('ilcassettingsgui', 'settings')
984  );
985 
986  $this->tabs_gui->addTarget(
987  'auth_soap',
988  $this->ctrl->getLinkTarget($this, 'editSOAP'),
989  '',
990  '',
991  ''
992  );
993 
994  $this->tabs_gui->addTarget(
995  'apache_auth_settings',
996  $this->ctrl->getLinkTarget($this, 'apacheAuthSettings'),
997  '',
998  '',
999  ''
1000  );
1001 
1002  $this->tabs_gui->addTarget(
1003  'auth_saml',
1004  $this->ctrl->getLinkTargetByClass('ilsamlsettingsgui', ilSamlSettingsGUI::DEFAULT_CMD),
1005  '',
1006  '',
1007  ''
1008  );
1009 
1010  $this->tabs_gui->addTab(
1011  'auth_oidconnect',
1012  $this->lng->txt('auth_oidconnect'),
1013  $this->ctrl->getLinkTargetByClass('ilopenidconnectsettingsgui')
1014  );
1015  }
1016 
1017  if ($this->rbac_system->checkAccess('edit_permission', $this->object->getRefId())) {
1018  $this->tabs_gui->addTarget(
1019  'perm_settings',
1020  $this->ctrl->getLinkTargetByClass([get_class($this), 'ilpermissiongui'], 'perm'),
1021  ['perm', 'info', 'owner'],
1022  'ilpermissiongui'
1023  );
1024  }
1025  }
1026 
1027  public function setSubTabs(string $a_tab): void
1028  {
1029  $this->lng->loadLanguageModule('auth');
1030 
1031  if ($a_tab === 'authSettings' && $this->access->checkAccess('write', '', $this->object->getRefId())) {
1032  $this->tabs_gui->addSubTabTarget(
1033  'auth_settings',
1034  $this->ctrl->getLinkTarget($this, 'authSettings'),
1035  ''
1036  );
1037 
1038  foreach (AuthPageEditorContext::cases() as $auth_ipe_context) {
1039  $this->ctrl->setParameterByClass(
1040  ilAuthPageEditorGUI::class,
1041  ilAuthPageEditorGUI::CONTEXT_HTTP_PARAM,
1042  $auth_ipe_context->value
1043  );
1044  $this->tabs_gui->addSubTabTarget(
1045  $auth_ipe_context->tabIdentifier(),
1046  $this->ctrl->getLinkTargetByClass(
1047  ilAuthPageEditorGUI::class,
1048  ilAuthPageEditorGUI::DEFAULT_COMMAND
1049  )
1050  );
1051  $this->ctrl->setParameterByClass(
1052  ilAuthPageEditorGUI::class,
1053  ilAuthPageEditorGUI::CONTEXT_HTTP_PARAM,
1054  null
1055  );
1056  }
1057 
1058  $this->tabs_gui->addSubTabTarget(
1059  'logout_behaviour',
1060  $this->ctrl->getLinkTargetByClass(ilAuthLogoutBehaviourGUI::class, ''),
1061  ''
1062  );
1063 
1064  $this->tabs_gui->addSubTab(
1065  'style',
1066  $this->lng->txt('cont_style'),
1067  $this->ctrl->getLinkTargetByClass(ilObjectContentStyleSettingsGUI::class)
1068  );
1069  }
1070  }
1071 
1072  public function apacheAuthSettingsObject(?ilPropertyFormGUI $form = null): void
1073  {
1074  $this->tabs_gui->setTabActive('apache_auth_settings');
1075 
1076  if ($form === null) {
1077  $form = $this->getApacheAuthSettingsForm();
1078 
1079  $settings = new ilSetting('apache_auth');
1080  $settingsMap = $settings->getAll();
1081 
1082  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1083  if (file_exists($path) && is_readable($path)) {
1084  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1085  }
1086 
1087  $form->setValuesByArray($settingsMap);
1088  }
1089  $this->tpl->setVariable('ADM_CONTENT', $form->getHtml());
1090  }
1091 
1092  public function saveApacheSettingsObject(): void
1093  {
1094  $form = $this->getApacheAuthSettingsForm();
1095  $form->setValuesByPost();
1096  if ($form->checkInput()) {
1097  $settings = new ilSetting('apache_auth');
1098  $fields = [
1099  'apache_auth_indicator_name',
1100  'apache_auth_indicator_value',
1101  'apache_enable_auth',
1102  'apache_enable_local',
1103  'apache_local_autocreate',
1104  'apache_enable_ldap',
1105  'apache_auth_username_config_type',
1106  'apache_auth_username_direct_mapping_fieldname',
1107  'apache_default_role',
1108  'apache_auth_target_override_login_page',
1109  'apache_auth_enable_override_login_page',
1110  'apache_auth_authenticate_on_login_page',
1111  'apache_ldap_sid'
1112  ];
1113 
1114  foreach ($fields as $field) {
1115  $settings->set($field, (string) $form->getInput($field));
1116  }
1117 
1118  if ($form->getInput('apache_enable_auth')) {
1119  $this->ilias->setSetting('apache_active', '1');
1120  } else {
1121  $this->ilias->setSetting('apache_active', '0');
1122  global $DIC;
1123 
1124  $ilSetting = $DIC['ilSetting'];
1125  if ((int) $ilSetting->get('auth_mode', '0') === ilAuthUtils::AUTH_APACHE) {
1126  $ilSetting->set('auth_mode', (string) ilAuthUtils::AUTH_LOCAL);
1127  }
1128  }
1129 
1130  $allowedDomains = $this->validateApacheAuthAllowedDomains((string) $form->getInput('apache_auth_domains'));
1131  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1132 
1133  $this->tpl->setOnScreenMessage('success', $this->lng->txt('apache_settings_changed_success'), true);
1134  $this->ctrl->redirect($this, 'apacheAuthSettings');
1135  } else {
1136  $this->apacheAuthSettingsObject($form);
1137  }
1138  }
1139 
1140  public function getApacheAuthSettingsForm(): ilPropertyFormGUI
1141  {
1142  $form = new ilPropertyFormGUI();
1143  $form->setFormAction($this->ctrl->getFormAction($this));
1144  $form->setTitle($this->lng->txt('apache_settings'));
1145 
1146  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1147  $chb_enabled->setValue('1');
1148  $form->addItem($chb_enabled);
1149 
1150  $chb_local_create_account = new ilCheckboxInputGUI(
1151  $this->lng->txt('apache_autocreate'),
1152  'apache_local_autocreate'
1153  );
1154  $chb_local_create_account->setValue('1');
1155  $chb_enabled->addSubitem($chb_local_create_account);
1156 
1157  $roles = $this->rbac_review->getGlobalRolesArray();
1158  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1159  $roleOptions = [];
1160  foreach ($roles as $role) {
1161  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1162  }
1163  $select->setOptions($roleOptions);
1164  $select->setValue(4);
1165 
1166  $chb_local_create_account->addSubitem($select);
1167 
1168  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1169  $chb_local->setValue('1');
1170  $form->addItem($chb_local);
1171 
1172  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1173  $chb_local->setValue('1');
1174 
1175  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1176 
1177  $this->lng->loadLanguageModule('auth');
1178 
1179  $servers = ilLDAPServer::getServerIds();
1180  if (count($servers)) {
1181  $ldap_server_select = new ilSelectInputGUI($this->lng->txt('auth_ldap_server_ds'), 'apache_ldap_sid');
1182  $options[0] = $this->lng->txt('select_one');
1183  foreach ($servers as $server_id) {
1184  $ldap_server = new ilLDAPServer($server_id);
1185  $options[$server_id] = $ldap_server->getName();
1186  }
1187  $ldap_server_select->setOptions($options);
1188  $ldap_server_select->setRequired(true);
1189 
1190  $ds = ilLDAPServer::getDataSource(ilAuthUtils::AUTH_APACHE);
1191  $ldap_server_select->setValue($ds);
1192 
1193  $chb_ldap->addSubItem($ldap_server_select);
1194  }
1195  $form->addItem($chb_ldap);
1196 
1197  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1198  $txt->setRequired(true);
1199  $form->addItem($txt);
1200 
1201  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1202  $txt->setRequired(true);
1203  $form->addItem($txt);
1204 
1205  $chb = new ilCheckboxInputGUI(
1206  $this->lng->txt('apache_auth_enable_override_login'),
1207  'apache_auth_enable_override_login_page'
1208  );
1209  $chb->setValue('1');
1210  $form->addItem($chb);
1211 
1212  $txt = new ilTextInputGUI(
1213  $this->lng->txt('apache_auth_target_override_login'),
1214  'apache_auth_target_override_login_page'
1215  );
1216  $txt->setRequired(true);
1217  $chb->addSubItem($txt);
1218 
1219  $chb = new ilCheckboxInputGUI(
1220  $this->lng->txt('apache_auth_authenticate_on_login_page'),
1221  'apache_auth_authenticate_on_login_page'
1222  );
1223  $chb->setValue('1');
1224  $form->addItem($chb);
1225 
1226  $sec = new ilFormSectionHeaderGUI();
1227  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1228  $form->addItem($sec);
1229 
1230  $rag = new ilRadioGroupInputGUI(
1231  $this->lng->txt('apache_auth_username_config_type'),
1232  'apache_auth_username_config_type'
1233  );
1234  $form->addItem($rag);
1235 
1236  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), '1');
1237  $rag->addOption($rao);
1238 
1239  $txt = new ilTextInputGUI(
1240  $this->lng->txt('apache_auth_username_direct_mapping_fieldname'),
1241  'apache_auth_username_direct_mapping_fieldname'
1242  );
1243  $rao->addSubItem($txt);
1244 
1245  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), '2');
1246  $rao->setDisabled(true);
1247  $rag->addOption($rao);
1248 
1249  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), '3');
1250  $rag->addOption($rao);
1251 
1252  $sec = new ilFormSectionHeaderGUI();
1253  $sec->setTitle($this->lng->txt('apache_auth_security'));
1254  $form->addItem($sec);
1255 
1256  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1257  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1258 
1259  $form->addItem($txt);
1260 
1261  if ($this->access->checkAccess('write', '', $this->ref_id)) {
1262  $form->addCommandButton('saveApacheSettings', $this->lng->txt('save'));
1263  }
1264  $form->addCommandButton('cancel', $this->lng->txt('cancel'));
1265 
1266  return $form;
1267  }
1268 
1269  private function validateApacheAuthAllowedDomains(string $text): string
1270  {
1271  return implode("\n", preg_split("/[\r\n]+/", $text));
1272  }
1273 
1274  public function registrationSettingsObject(): void
1275  {
1276  $registration_gui = new ilRegistrationSettingsGUI();
1277  $this->ctrl->redirect($registration_gui);
1278  }
1279 }
$namespace
if($err=$client->getError()) $namespace
Definition: dummy_client.php:57
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:26
ilSamlIdp\isAuthModeSaml
static isAuthModeSaml(string $a_auth_mode)
Definition: class.ilSamlIdp.php:178
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:325
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:31
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilObjRole\_lookupRegisterAllowed
static _lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:217
ilRadioOption\setDisabled
setDisabled(bool $a_disabled)
Definition: class.ilRadioOption.php:74
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:301
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
ilSetting\set
set(string $a_key, string $a_val)
Definition: class.ilSetting.php:145
ilObjAuthSettingsGUI\__construct
__construct($a_data, int $a_id, bool $a_call_by_reference, bool $a_prepare_output=true)
Definition: class.ilObjAuthSettingsGUI.php:40
$ext_uid
$ext_uid
Definition: dummy_client.php:26
ILIAS\Style\Content\GUIService
Facade for consumer gui interface.
Definition: class.GUIService.php:31
ilSelectInputGUI\setOptions
setOptions(array $a_options)
Definition: class.ilSelectInputGUI.php:48
ilAuthUtils\_getActiveAuthModes
static _getActiveAuthModes()
Definition: class.ilAuthUtils.php:261
ilObjAuthSettingsGUI\buildSOAPTestForm
buildSOAPTestForm(string $submit_action)
Definition: class.ilObjAuthSettingsGUI.php:683
ilSamlIdp\getInstanceByIdpId
static getInstanceByIdpId(int $a_idp_id)
Definition: class.ilSamlIdp.php:64
ilSamlIdp\getIdpIdByAuthMode
static getIdpIdByAuthMode(string $a_auth_mode)
Definition: class.ilSamlIdp.php:192
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:208
ilAuthLogoutBehaviourGUI
ilAuthLogoutBehaviourGUI: ilObjAuthSettingsGUI ilAuthLogoutBehaviourGUI: ilLoginPageGUI ...
Definition: class.ilAuthLogoutBehaviourGUI.php:34
$path
$path
Definition: ltiservices.php:29
ilObjAuthSettingsGUI\buildSOAPForm
buildSOAPForm(string $submit_action)
Definition: class.ilObjAuthSettingsGUI.php:554
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
ilAuthUtils\getAuthPlugins
static getAuthPlugins()
Get active enabled auth plugins.
Definition: class.ilAuthUtils.php:664
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ilObjAuthSettingsGUI\apacheAuthSettingsObject
apacheAuthSettingsObject(?ilPropertyFormGUI $form=null)
Definition: class.ilObjAuthSettingsGUI.php:1072
ilObjAuthSettingsGUI\authSettingsObject
authSettingsObject(?ILIAS\UI\Component\Input\Container\Form\Form $auth_mode_determination_form=null, ?ILIAS\UI\Component\Input\Container\Form\Form $registration_role_mapping_form=null)
Definition: class.ilObjAuthSettingsGUI.php:61
ilObjUser\_getNumberOfUsersPerAuthMode
static _getNumberOfUsersPerAuthMode()
get number of users per auth mode
Definition: class.ilObjUser.php:2808
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:46
ilAuthPageEditorGUI
ilAuthPageEditorGUI: ilObjAuthSettingsGUI ilAuthPageEditorGUI: ilLoginPageGUI, ilLogoutPageGUI ...
Definition: class.ilAuthPageEditorGUI.php:29
$soap_pw
$soap_pw
Definition: dummy_client.php:28
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
$DIC
global $DIC
Definition: shib_login.php:22
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:66
ilRegistrationSettingsGUI
Class ilRegistrationSettingsGUI.
Definition: class.ilRegistrationSettingsGUI.php:28
ilias
Class ilObjForumAdministration.
$txt
$txt
Definition: error.php:31
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:61
ILIAS_DATA_DIR
const ILIAS_DATA_DIR
Definition: constants.php:44
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:937
$new_user
$new_user
Definition: dummy_client.php:30
ilSOAPAuth\testConnection
static testConnection(string $a_ext_uid, string $a_soap_pw, bool $a_new_user)
Definition: class.ilSOAPAuth.php:23
ilAuthUtils\_getAllAuthModes
static _getAllAuthModes()
Definition: class.ilAuthUtils.php:324
$ilSetting
global $ilSetting
Definition: privfeed.php:31
ilObjAuthSettingsGUI
ilObjAuthSettingsGUI: ilPermissionGUI, ilRegistrationSettingsGUI, ilLDAPSettingsGUI ilObjAuthSetting...
Definition: class.ilObjAuthSettingsGUI.php:30
ilObjRole\_updateAuthMode
static _updateAuthMode(array $a_roles)
Definition: class.ilObjRole.php:439
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjectGUI\getReturnLocation
getReturnLocation(string $cmd, string $default_location="")
Get return location for command (command is method name without "Object", e.g.
Definition: class.ilObjectGUI.php:1584
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:382
$server
$server
Definition: shib_login.php:24
ilObjAuthSettingsGUI\$http
ILIAS HTTP GlobalHttpState $http
Definition: class.ilObjAuthSettingsGUI.php:36
ilObjectGUI\$settings
ilSetting $settings
Definition: class.ilObjectGUI.php:65
ilObjectGUI\checkPermission
checkPermission(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1936