ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilSamlIdp.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
22
23final class ilSamlIdp
24{
25 private const string PROP_IDP_ID = 'idp_id';
26 private const string PROP_IS_ACTIVE = 'is_active';
27 private const string PROP_DEFAULT_ROLE_ID = 'default_role_id';
28 private const string PROP_UID_CLAIM = 'uid_claim';
29 private const string PROP_LOGIN_CLAIM = 'login_claim';
30 private const string PROP_ENTITY_ID = 'entity_id';
31 private const string PROP_SYNC_STATUS = 'sync_status';
32 private const string PROP_ALLOW_LOCAL_AUTH = 'allow_local_auth';
33 private const string PROP_ACCOUNT_MIGR_STATUS = 'account_migr_status';
34
35 private readonly ilDBInterface $db;
37 private static array $instances = [];
38 private bool $is_active = false;
39 private bool $allow_local_auth = false;
40 private int $default_role_id = 0;
41 private string $uid_claim = '';
42 private string $login_claim = '';
43 private bool $sync_status = false;
44 private string $entity_id = '';
45 private bool $account_migration_status = false;
46
47 public function __construct(protected int $idp_id = 0)
48 {
49 $this->db = $GLOBALS['DIC']->database();
50
51 if ($this->idp_id > 0) {
52 $this->read();
53 }
54 }
55
56 public static function getFirstActiveIdp(): self
57 {
58 $idps = self::getActiveIdpList();
59 if ($idps !== []) {
60 return current($idps);
61 }
62
63 throw new ilSamlException('No active SAML IDP found');
64 }
65
66 public static function getInstanceByIdpId(int $a_idp_id): self
67 {
68 if (!isset(self::$instances[$a_idp_id]) || !(self::$instances[$a_idp_id] instanceof self)) {
69 self::$instances[$a_idp_id] = new self($a_idp_id);
70 }
71
72 return self::$instances[$a_idp_id];
73 }
74
75 private function read(): void
76 {
77 $query = 'SELECT * FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote($this->idp_id, ilDBConstants::T_INTEGER);
78 $res = $this->db->query($query);
79 while ($record = $this->db->fetchAssoc($res)) {
80 $this->bindDbRecord($record);
81 return;
82 }
83
84 throw new ilException('Could not find idp');
85 }
86
87 public function persist(): void
88 {
89 if ($this->idp_id === 0) {
90 $this->setIdpId($this->db->nextId('saml_idp_settings'));
91 }
92
93 $this->db->replace(
94 'saml_idp_settings',
95 [
96 self::PROP_IDP_ID => [ilDBConstants::T_INTEGER, $this->idp_id]
97 ],
98 [
99 self::PROP_IS_ACTIVE => [ilDBConstants::T_INTEGER, (int) $this->is_active],
100 self::PROP_DEFAULT_ROLE_ID => [ilDBConstants::T_INTEGER, $this->default_role_id],
101 self::PROP_UID_CLAIM => [ilDBConstants::T_TEXT, $this->uid_claim],
102 self::PROP_LOGIN_CLAIM => [ilDBConstants::T_TEXT, $this->login_claim],
103 self::PROP_ENTITY_ID => [ilDBConstants::T_TEXT, $this->entity_id],
104 self::PROP_SYNC_STATUS => [ilDBConstants::T_INTEGER, (int) $this->sync_status],
105 self::PROP_ALLOW_LOCAL_AUTH => [ilDBConstants::T_INTEGER, (int) $this->allow_local_auth],
106 self::PROP_ACCOUNT_MIGR_STATUS => [ilDBConstants::T_INTEGER, (int) $this->account_migration_status]
107 ]
108 );
109 }
110
115 public function delete(): void
116 {
117 $mapping = new ilExternalAuthUserAttributeMapping('saml', $this->idp_id);
118 $mapping->delete();
119
120 $this->db->manipulateF(
121 'UPDATE usr_data SET auth_mode = %s WHERE auth_mode = %s',
123 ['default', ilAuthUtils::AUTH_SAML . '_' . $this->idp_id]
124 );
125
126 $this->db->manipulate('DELETE FROM saml_idp_settings WHERE idp_id = ' . $this->db->quote(
127 $this->idp_id,
129 ));
130 }
131
135 public function toArray(): array
136 {
137 return [
138 self::PROP_IDP_ID => $this->idp_id,
139 self::PROP_IS_ACTIVE => $this->is_active,
140 self::PROP_DEFAULT_ROLE_ID => $this->default_role_id,
141 self::PROP_UID_CLAIM => $this->uid_claim,
142 self::PROP_LOGIN_CLAIM => $this->login_claim,
143 self::PROP_SYNC_STATUS => $this->sync_status,
144 self::PROP_ACCOUNT_MIGR_STATUS => $this->account_migration_status,
145 self::PROP_ALLOW_LOCAL_AUTH => $this->allow_local_auth,
146 self::PROP_ENTITY_ID => $this->entity_id
147 ];
148 }
149
153 public function bindDbRecord(array $record): void
154 {
155 $this->setIdpId((int) $record[self::PROP_IDP_ID]);
156 $this->setActive((bool) $record[self::PROP_IS_ACTIVE]);
157 $this->setDefaultRoleId((int) $record[self::PROP_DEFAULT_ROLE_ID]);
158 $this->setUidClaim((string) $record[self::PROP_UID_CLAIM]);
159 $this->setLoginClaim((string) $record[self::PROP_LOGIN_CLAIM]);
160 $this->setSynchronizationStatus((bool) $record[self::PROP_SYNC_STATUS]);
161 $this->setAccountMigrationStatus((bool) $record[self::PROP_ACCOUNT_MIGR_STATUS]);
162 $this->setLocalLocalAuthenticationStatus((bool) $record[self::PROP_ALLOW_LOCAL_AUTH]);
163 $this->setEntityId((string) $record[self::PROP_ENTITY_ID]);
164 }
165
166 public function bindForm(StandardForm $form): void
167 {
168 $data = $form->getData();
169 $this->setUidClaim((string) ($data[self::PROP_UID_CLAIM] ?? ''));
170 $this->setEntityId((string) ($data[self::PROP_ENTITY_ID] ?? ''));
171 $this->setLocalLocalAuthenticationStatus((bool) ($data[self::PROP_ALLOW_LOCAL_AUTH] ?? false));
172 $this->setSynchronizationStatus(($data[self::PROP_SYNC_STATUS] ?? null) !== null);
173
174 $this->setLoginClaim('');
175 $this->setDefaultRoleId(0);
176 $this->setAccountMigrationStatus(true);
177 if ($this->isSynchronizationEnabled()) {
178 $sync_status_data = $data[self::PROP_SYNC_STATUS];
179 $this->setLoginClaim($sync_status_data[self::PROP_LOGIN_CLAIM]);
180 $this->setDefaultRoleId((int) $sync_status_data[self::PROP_DEFAULT_ROLE_ID]);
181 $this->setAccountMigrationStatus((bool) $sync_status_data[self::PROP_ACCOUNT_MIGR_STATUS]);
182 }
183 }
184
185 public static function isAuthModeSaml(string $a_auth_mode): bool
186 {
187 if ('' === $a_auth_mode) {
188 return false;
189 }
190
191 $auth_arr = explode('_', $a_auth_mode);
192 return (
193 count($auth_arr) === 2 &&
194 (int) $auth_arr[0] === ilAuthUtils::AUTH_SAML &&
195 is_string($auth_arr[1]) && $auth_arr[1] !== ''
196 );
197 }
198
199 public static function getIdpIdByAuthMode(string $a_auth_mode): ?int
200 {
201 if (self::isAuthModeSaml($a_auth_mode)) {
202 $auth_arr = explode('_', $a_auth_mode);
203 return (int) $auth_arr[1];
204 }
205
206 return null;
207 }
208
209 public static function geIdpIdByEntityId(string $entityId): int
210 {
211 foreach (self::getAllIdps() as $idp) {
212 if ($idp->isActive() && $idp->getEntityId() === $entityId) {
213 return $idp->getIdpId();
214 }
215 }
216
217 return 0;
218 }
219
223 public static function getActiveIdpList(): array
224 {
225 $idps = [];
226 foreach (self::getAllIdps() as $idp) {
227 if ($idp->isActive()) {
228 $idps[] = $idp;
229 }
230 }
231
232 return $idps;
233 }
234
238 public static function getAllIdps(): array
239 {
240 global $DIC;
241
242 $res = $DIC->database()->query('SELECT * FROM saml_idp_settings');
243
244 $idps = [];
245 while ($row = $DIC->database()->fetchAssoc($res)) {
246 $idp = new self();
247 $idp->bindDbRecord($row);
248
249 $idps[] = $idp;
250 }
251
252 return $idps;
253 }
254
255 public static function getAuthModeByKey(string $a_auth_key): string
256 {
257 $auth_arr = explode('_', $a_auth_key);
258 if (count($auth_arr) > 1) {
259 return 'saml_' . $auth_arr[1];
260 }
261
262 return 'saml';
263 }
264
265 public static function getKeyByAuthMode(string $a_auth_mode): string
266 {
267 $auth_arr = explode('_', $a_auth_mode);
268 if (count($auth_arr) > 1) {
269 return ilAuthUtils::AUTH_SAML . '_' . $auth_arr[1];
270 }
271
272 return (string) ilAuthUtils::AUTH_SAML;
273 }
274
275 public function getEntityId(): string
276 {
277 return $this->entity_id;
278 }
279
280 public function setEntityId(string $entity_id): void
281 {
282 $this->entity_id = $entity_id;
283 }
284
285 public function isActive(): bool
286 {
287 return $this->is_active;
288 }
289
290 public function setActive(bool $is_active): void
291 {
292 $this->is_active = $is_active;
293 }
294
295 public function getIdpId(): int
296 {
297 return $this->idp_id;
298 }
299
300 public function setIdpId(int $idp_id): void
301 {
302 $this->idp_id = $idp_id;
303 }
304
305 public function allowLocalAuthentication(): bool
306 {
308 }
309
310 public function setLocalLocalAuthenticationStatus(bool $status): void
311 {
312 $this->allow_local_auth = $status;
313 }
314
315 public function getDefaultRoleId(): int
316 {
318 }
319
320 public function setDefaultRoleId(int $role_id): void
321 {
322 $this->default_role_id = $role_id;
323 }
324
325 public function setUidClaim(string $claim): void
326 {
327 $this->uid_claim = $claim;
328 }
329
330 public function getUidClaim(): string
331 {
332 return $this->uid_claim;
333 }
334
335 public function setLoginClaim(string $claim): void
336 {
337 $this->login_claim = $claim;
338 }
339
340 public function getLoginClaim(): string
341 {
342 return $this->login_claim;
343 }
344
345 public function isSynchronizationEnabled(): bool
346 {
347 return $this->sync_status;
348 }
349
350 public function setSynchronizationStatus(bool $sync): void
351 {
352 $this->sync_status = $sync;
353 }
354
355 public function isAccountMigrationEnabled(): bool
356 {
358 }
359
360 public function setAccountMigrationStatus(bool $status): void
361 {
362 $this->account_migration_status = $status;
363 }
364}
const int AUTH_SAML
Base class for ILIAS Exception handling.
static getActiveIdpList()
const string PROP_SYNC_STATUS
static geIdpIdByEntityId(string $entityId)
const string PROP_DEFAULT_ROLE_ID
static array $instances
bool $account_migration_status
setLocalLocalAuthenticationStatus(bool $status)
setUidClaim(string $claim)
const string PROP_ALLOW_LOCAL_AUTH
string $uid_claim
const string PROP_IDP_ID
static getIdpIdByAuthMode(string $a_auth_mode)
bool $allow_local_auth
setLoginClaim(string $claim)
setDefaultRoleId(int $role_id)
bindForm(StandardForm $form)
static getAuthModeByKey(string $a_auth_key)
static isAuthModeSaml(string $a_auth_mode)
setIdpId(int $idp_id)
isAccountMigrationEnabled()
static getInstanceByIdpId(int $a_idp_id)
string $entity_id
static getFirstActiveIdp()
__construct(protected int $idp_id=0)
isSynchronizationEnabled()
const string PROP_LOGIN_CLAIM
int $default_role_id
setSynchronizationStatus(bool $sync)
const string PROP_ACCOUNT_MIGR_STATUS
string $login_claim
readonly ilDBInterface $db
setAccountMigrationStatus(bool $status)
const string PROP_IS_ACTIVE
setActive(bool $is_active)
const string PROP_ENTITY_ID
static getAllIdps()
static getKeyByAuthMode(string $a_auth_mode)
const string PROP_UID_CLAIM
allowLocalAuthentication()
bindDbRecord(array $record)
setEntityId(string $entity_id)
This describes a standard form.
Definition: Standard.php:29
Interface ilDBInterface.
$res
Definition: ltiservices.php:69
global $DIC
Definition: shib_login.php:26
$GLOBALS["DIC"]
Definition: wac.php:54