/**
* Called from base class after successful login
*
* @param string username
*/
public function loginObserver($a_username, $a_auth)
{
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
$user_data = array_change_key_case($a_auth->getAuthData(), CASE_LOWER);
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius", $a_username);
if (!$user_data['ilInternalAccount']) {
if ($this->radius_settings->enabledCreation()) {
if ($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation) {
$a_auth->logout();
$_SESSION['tmp_auth_mode'] = 'radius';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
$_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
}
$this->initRADIUSAttributeToUser();
$new_name = $this->radius_user->create($a_username);
$a_auth->setAuth($new_name);
return true;
} else {
// No syncronisation allowed => create Error
$a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
} else {
$a_auth->setAuth($user_data['ilInternalAccount']);
return true;
}
}
/**
* Init cas settings
*/
protected function initFormSettings()
{
$this->lng->loadLanguageModule('auth');
$this->lng->loadLanguageModule('radius');
include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
$form = new ilPropertyFormGUI();
$form->setFormAction($this->ctrl->getFormAction($this));
$form->setTitle($this->lng->txt('auth_cas_auth'));
$form->setDescription($this->lng->txt("auth_cas_auth_desc"));
// Form checkbox
$check = new ilCheckboxInputGUI($this->lng->txt("active"), 'active');
$check->setChecked($this->getSettings()->isActive() ? true : false);
$check->setValue(1);
$form->addItem($check);
$text = new ilTextInputGUI($this->lng->txt('server'), 'server');
$text->setValue($this->getSettings()->getServer());
$text->setRequired(true);
$text->setInfo($this->lng->txt('auth_cas_server_desc'));
$text->setSize(64);
$text->setMaxLength(255);
$form->addItem($text);
$port = new ilNumberInputGUI($this->lng->txt("port"), 'port');
$port->setValue($this->getSettings()->getPort());
$port->setRequired(true);
$port->setMinValue(0);
$port->setMaxValue(65535);
$port->setSize(5);
$port->setMaxLength(5);
$port->setInfo($this->lng->txt('auth_cas_port_desc'));
$form->addItem($port);
$text = new ilTextInputGUI($this->lng->txt('uri'), 'uri');
$text->setValue($this->getSettings()->getUri());
$text->setRequired(true);
$text->setInfo($this->lng->txt('auth_cas_uri_desc'));
$text->setSize(64);
$text->setMaxLength(255);
$form->addItem($text);
// User synchronization
// 0: Disabled
// 1: CAS
// 2: LDAP
$sync = new ilRadioGroupInputGUI($this->lng->txt('auth_sync'), 'sync');
$sync->setRequired(true);
#$sync->setInfo($this->lng->txt('auth_radius_sync_info'));
$form->addItem($sync);
// Disabled
$dis = new ilRadioOption($this->lng->txt('disabled'), self::SYNC_DISABLED, '');
#$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info'));
$sync->addOption($dis);
// CAS
$rad = new ilRadioOption($this->lng->txt('auth_sync_cas'), self::SYNC_CAS, '');
$rad->setInfo($this->lng->txt('auth_sync_cas_info'));
$sync->addOption($rad);
$select = new ilSelectInputGUI($this->lng->txt('auth_user_default_role'), 'role');
$select->setOptions($this->prepareRoleSelection());
$select->setValue($this->getSettings()->getDefaultRole());
$rad->addSubItem($select);
// LDAP
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
$server_ids = ilLDAPServer::getAvailableDataSources(AUTH_CAS);
if (count($server_ids)) {
$ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), self::SYNC_LDAP, '');
$ldap->setInfo($this->lng->txt('auth_radius_ldap_info'));
$sync->addOption($ldap);
// TODO Handle more than one LDAP configuration
}
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
$sync->setValue(self::SYNC_LDAP);
} else {
$sync->setValue($this->getSettings()->isUserCreationEnabled() ? ilCASSettings::SYNC_CAS : ilCASSettings::SYNC_DISABLED);
}
$instruction = new ilTextAreaInputGUI($this->lng->txt('auth_login_instructions'), 'instruction');
$instruction->setCols(80);
$instruction->setRows(6);
$instruction->setValue($this->getSettings()->getLoginInstruction());
$form->addItem($instruction);
$create = new ilCheckboxInputGUI($this->lng->txt('auth_allow_local'), 'local');
$create->setInfo($this->lng->txt('auth_cas_allow_local_desc'));
$create->setChecked($this->getSettings()->isLocalAuthenticationEnabled() ? true : false);
$create->setValue(1);
$form->addItem($create);
$form->addCommandButton('save', $this->lng->txt('save'));
return $form;
}
/**
* @see ilAuthContainerBase::loginObserver()
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
$ilLog->write(__METHOD__ . ': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
include_once "./Services/CAS/lib/CAS.php";
if ($PHPCAS_CLIENT->getUser() != "") {
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$a_auth->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
} else {
$ilLog->write(__METHOD__ . ': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}
/**
* Show settings
*
* @access public
* @param
*
*/
public function settings()
{
include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
$this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.settings.html', 'Services/Radius');
$this->lng->loadLanguageModule('auth');
$form = new ilPropertyFormGUI();
$form->setFormAction($this->ctrl->getFormAction($this));
$form->setTitle($this->lng->txt('auth_radius_configure'));
// Form checkbox
$check = new ilCheckboxInputGUI($this->lng->txt('auth_radius_enable'), 'active');
$check->setChecked($this->settings->isActive() ? 1 : 0);
$check->setValue(1);
$form->addItem($check);
$text = new ilTextInputGUI($this->lng->txt('auth_radius_name'), 'name');
$text->setRequired(true);
$text->setInfo($this->lng->txt('auth_radius_name_desc'));
$text->setValue($this->settings->getName());
$text->setSize(32);
$text->setMaxLength(64);
$form->addItem($text);
$text = new ilTextInputGUI($this->lng->txt('auth_radius_server'), 'servers');
$text->setRequired(true);
$text->setInfo($this->lng->txt('auth_radius_server_desc'));
$text->setValue($this->settings->getServersAsString());
$text->setSize(64);
$text->setMaxLength(255);
$form->addItem($text);
$text = new ilTextInputGUI($this->lng->txt('auth_radius_port'), 'port');
$text->setRequired(true);
$text->setValue($this->settings->getPort());
$text->setSize(5);
$text->setMaxLength(5);
$form->addItem($text);
$text = new ilTextInputGUI($this->lng->txt('auth_radius_shared_secret'), 'secret');
$text->setRequired(true);
$text->setValue($this->settings->getSecret());
$text->setSize(16);
$text->setMaxLength(32);
$form->addItem($text);
$encoding = new ilSelectInputGUI($this->lng->txt('auth_radius_charset'), 'charset');
$encoding->setRequired(true);
$encoding->setOptions($this->prepareCharsetSelection());
$encoding->setValue($this->settings->getCharset());
$encoding->setInfo($this->lng->txt('auth_radius_charset_info'));
$form->addItem($encoding);
// User synchronization
// 0: Disabled
// 1: Radius
// 2: LDAP
$sync = new ilRadioGroupInputGUI($this->lng->txt('auth_radius_sync'), 'sync');
$sync->setRequired(true);
#$sync->setInfo($this->lng->txt('auth_radius_sync_info'));
$form->addItem($sync);
// Disabled
$dis = new ilRadioOption($this->lng->txt('disabled'), ilRadiusSettings::SYNC_DISABLED, '');
#$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info'));
$sync->addOption($dis);
// Radius
$rad = new ilRadioOption($this->lng->txt('auth_radius_sync_rad'), ilRadiusSettings::SYNC_RADIUS, '');
$rad->setInfo($this->lng->txt('auth_radius_sync_rad_info'));
$sync->addOption($rad);
$select = new ilSelectInputGUI($this->lng->txt('auth_radius_role_select'), 'role');
$select->setOptions($this->prepareRoleSelection());
$select->setValue($this->settings->getDefaultRole());
$rad->addSubItem($select);
$migr = new ilCheckboxInputGUI($this->lng->txt('auth_rad_migration'), 'migration');
$migr->setInfo($this->lng->txt('auth_rad_migration_info'));
$migr->setChecked($this->settings->isAccountMigrationEnabled() ? 1 : 0);
$migr->setValue(1);
$rad->addSubItem($migr);
// LDAP
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
$server_ids = ilLDAPServer::getAvailableDataSources(AUTH_RADIUS);
if (count($server_ids)) {
$ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), ilRadiusSettings::SYNC_LDAP, '');
$ldap->setInfo($this->lng->txt('auth_radius_ldap_info'));
$sync->addOption($ldap);
// TODO Handle more than one LDAP configuration
}
if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) {
$sync->setValue(ilRadiusSettings::SYNC_LDAP);
} else {
$sync->setValue($this->settings->enabledCreation() ? ilRadiusSettings::SYNC_RADIUS : ilRadiusSettings::SYNC_DISABLED);
}
$form->addCommandButton('save', $this->lng->txt('save'));
$this->tpl->setVariable('SETTINGS_TABLE', $form->getHTML());
}
