ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilAuthProviderCAS.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
25 class ilAuthProviderCAS extends ilAuthProvider
26 {
27  private ilCASSettings $settings;
28 
29  public function __construct(ilAuthCredentials $credentials)
30  {
31  parent::__construct($credentials);
32  $this->settings = ilCASSettings::getInstance();
33  }
34 
35  protected function getSettings(): ilCASSettings
36  {
37  return $this->settings;
38  }
39 
40  public function doAuthentication(ilAuthStatus $status): bool
41  {
42  $this->getLogger()->debug('Starting cas authentication attempt... ');
43 
44  try {
45  // Uncomment the following line to get trace-level loggin by CAS
46  //phpCAS::setLogger($this->getLogger());
47  // Caution: If you set this to "true", there might be output
48  // and the redirect won't work and you get an ILIAS Whoopsy
49  // Though, you may need to for debugging other issues.
50  phpCAS::setVerbose(false);
51  $this->getLogger()->debug('Create client... ');
52  phpCAS::client(
53  CAS_VERSION_2_0,
54  $this->getSettings()->getServer(),
55  $this->getSettings()->getPort(),
56  $this->getSettings()->getUri(),
57  ilUtil::_getHttpPath()
58  );
59 
60  phpCAS::setNoCasServerValidation();
61  $this->getLogger()->debug('Fore CAS auth... ');
62  phpCAS::forceAuthentication();
63  $this->getLogger()->debug('Fore CAS auth done.');
64  } catch (Exception $e) {
65  $this->getLogger()->error('Cas authentication failed with message: ' . $e->getMessage());
66  $this->handleAuthenticationFail($status, 'err_wrong_login');
67  return false;
68  }
69 
70  if (phpCAS::getUser() === '') {
71  $this->getLogger()->debug('CAS user is empty.');
72  return $this->handleAuthenticationFail($status, 'err_wrong_login');
73  }
74  $this->getCredentials()->setUsername(phpCAS::getUser());
75  $this->getLogger()->debug('user name set to CAS user.');
76 
77  // check and handle ldap data sources
78  if (ilLDAPServer::isDataSourceActive(ilAuthUtils::AUTH_CAS)) {
79  return $this->handleLDAPDataSource($status);
80  }
81 
82  // Check account available
83  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->getCredentials()->getUsername());
84  if ($local_user !== '' && $local_user !== null) {
85  $this->getLogger()->debug('CAS authentication successful.');
86  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
87  $status->setAuthenticatedUserId(ilObjUser::_lookupId($local_user));
88  return true;
89  }
90 
91  if (!$this->getSettings()->isUserCreationEnabled()) {
92  $this->getLogger()->debug('User creation disabled. No valid local account found');
93  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
94  return false;
95  }
96 
97  $importer = new ilCASAttributeToUser($this->getSettings());
98  $new_name = $importer->create($this->getCredentials()->getUsername());
99 
100  if ($new_name === '') {
101  $this->getLogger()->debug('User creation failed.');
102  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
103  return false;
104  }
105 
106  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
107  $status->setAuthenticatedUserId(ilObjUser::_lookupId($new_name));
108  return true;
109  }
110 
111  protected function handleLDAPDataSource(ilAuthStatus $status): bool
112  {
113  $server = ilLDAPServer::getInstanceByServerId(
114  ilLDAPServer::getDataSource(ilAuthUtils::AUTH_CAS)
115  );
116 
117  $this->getLogger()->debug('Using ldap data source for user: ' . $this->getCredentials()->getUsername());
118 
119  $sync = new ilLDAPUserSynchronisation('cas', $server->getServerId());
120  $sync->setExternalAccount($this->getCredentials()->getUsername());
121  $sync->setUserData(array());
122  $sync->forceCreation(true);
123 
124  try {
125  $internal_account = $sync->sync();
126  } catch (UnexpectedValueException $e) {
127  $this->getLogger()->warning('Authentication failed with message: ' . $e->getMessage());
128  $this->handleAuthenticationFail($status, 'err_wrong_login');
129  return false;
130  } catch (ilLDAPSynchronisationFailedException $e) {
131  $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
132  return false;
133  } catch (ilLDAPSynchronisationForbiddenException|ilLDAPAccountMigrationRequiredException $e) {
134  // No syncronisation allowed => create Error
135  $this->getLogger()->warning('User creation disabled. No valid local account found');
136  $this->handleAuthenticationFail($status, 'err_auth_cas_no_ilias_user');
137  return false;
138  }
139  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
140  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
141  return true;
142  }
143 }
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:325
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:27
ilAuthProviderCAS
CAS authentication provider.
Definition: class.ilAuthProviderCAS.php:25
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPSynchronisationFailedException
Thrown in case of failed synchronisation settings.
Definition: class.ilLDAPSynchronisationFailedException.php:26
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, cas,...
Definition: class.ilLDAPUserSynchronisation.php:26
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2746
ilAuthProviderCAS\doAuthentication
doAuthentication(ilAuthStatus $status)
Definition: class.ilAuthProviderCAS.php:40
ilCASAttributeToUser
CAS user creation helper.
Definition: class.ilCASAttributeToUser.php:26
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthProvider
Base class for authentication providers (ldap, apache, ...)
Definition: class.ilAuthProvider.php:27
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:309
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount(string $a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:66
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilAuthProvider\$credentials
ilAuthCredentials $credentials
Definition: class.ilAuthProvider.php:37
getUser
getUser()
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthProviderCAS\handleLDAPDataSource
handleLDAPDataSource(ilAuthStatus $status)
Definition: class.ilAuthProviderCAS.php:111
ILIAS\UI\examples\Progress\Bar\client
client()
description: > This example shows how a Progress Bar can be rendered and used on the client...
Definition: client.php:37
ilAuthProviderCAS\__construct
__construct(ilAuthCredentials $credentials)
Definition: class.ilAuthProviderCAS.php:29
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1321
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
$server
$server
Definition: shib_login.php:24
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:27
ilCASSettings\getInstance
static getInstance()
Get singleton instance.
Definition: class.ilCASSettings.php:57