/** * Called from base class after successful login * * @param string username */ public function loginObserver($a_username, $a_auth) { // Radius with ldap as data source include_once './Services/LDAP/classes/class.ilLDAPServer.php'; if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) { return $this->handleLDAPDataSource($a_auth, $a_username); } $user_data = array_change_key_case($a_auth->getAuthData(), CASE_LOWER); $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius", $a_username); if (!$user_data['ilInternalAccount']) { if ($this->radius_settings->enabledCreation()) { if ($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation) { $a_auth->logout(); $_SESSION['tmp_auth_mode'] = 'radius'; $_SESSION['tmp_external_account'] = $a_username; $_SESSION['tmp_pass'] = $_POST['password']; $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole()); ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui'); } $this->initRADIUSAttributeToUser(); $new_name = $this->radius_user->create($a_username); $a_auth->setAuth($new_name); return true; } else { // No syncronisation allowed => create Error $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER; $a_auth->logout(); return false; } } else { $a_auth->setAuth($user_data['ilInternalAccount']); return true; } }
/** * Init cas settings */ protected function initFormSettings() { $this->lng->loadLanguageModule('auth'); $this->lng->loadLanguageModule('radius'); include_once "./Services/Form/classes/class.ilPropertyFormGUI.php"; $form = new ilPropertyFormGUI(); $form->setFormAction($this->ctrl->getFormAction($this)); $form->setTitle($this->lng->txt('auth_cas_auth')); $form->setDescription($this->lng->txt("auth_cas_auth_desc")); // Form checkbox $check = new ilCheckboxInputGUI($this->lng->txt("active"), 'active'); $check->setChecked($this->getSettings()->isActive() ? true : false); $check->setValue(1); $form->addItem($check); $text = new ilTextInputGUI($this->lng->txt('server'), 'server'); $text->setValue($this->getSettings()->getServer()); $text->setRequired(true); $text->setInfo($this->lng->txt('auth_cas_server_desc')); $text->setSize(64); $text->setMaxLength(255); $form->addItem($text); $port = new ilNumberInputGUI($this->lng->txt("port"), 'port'); $port->setValue($this->getSettings()->getPort()); $port->setRequired(true); $port->setMinValue(0); $port->setMaxValue(65535); $port->setSize(5); $port->setMaxLength(5); $port->setInfo($this->lng->txt('auth_cas_port_desc')); $form->addItem($port); $text = new ilTextInputGUI($this->lng->txt('uri'), 'uri'); $text->setValue($this->getSettings()->getUri()); $text->setRequired(true); $text->setInfo($this->lng->txt('auth_cas_uri_desc')); $text->setSize(64); $text->setMaxLength(255); $form->addItem($text); // User synchronization // 0: Disabled // 1: CAS // 2: LDAP $sync = new ilRadioGroupInputGUI($this->lng->txt('auth_sync'), 'sync'); $sync->setRequired(true); #$sync->setInfo($this->lng->txt('auth_radius_sync_info')); $form->addItem($sync); // Disabled $dis = new ilRadioOption($this->lng->txt('disabled'), self::SYNC_DISABLED, ''); #$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info')); $sync->addOption($dis); // CAS $rad = new ilRadioOption($this->lng->txt('auth_sync_cas'), self::SYNC_CAS, ''); $rad->setInfo($this->lng->txt('auth_sync_cas_info')); $sync->addOption($rad); $select = new ilSelectInputGUI($this->lng->txt('auth_user_default_role'), 'role'); $select->setOptions($this->prepareRoleSelection()); $select->setValue($this->getSettings()->getDefaultRole()); $rad->addSubItem($select); // LDAP include_once './Services/LDAP/classes/class.ilLDAPServer.php'; $server_ids = ilLDAPServer::getAvailableDataSources(AUTH_CAS); if (count($server_ids)) { $ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), self::SYNC_LDAP, ''); $ldap->setInfo($this->lng->txt('auth_radius_ldap_info')); $sync->addOption($ldap); // TODO Handle more than one LDAP configuration } if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) { $sync->setValue(self::SYNC_LDAP); } else { $sync->setValue($this->getSettings()->isUserCreationEnabled() ? ilCASSettings::SYNC_CAS : ilCASSettings::SYNC_DISABLED); } $instruction = new ilTextAreaInputGUI($this->lng->txt('auth_login_instructions'), 'instruction'); $instruction->setCols(80); $instruction->setRows(6); $instruction->setValue($this->getSettings()->getLoginInstruction()); $form->addItem($instruction); $create = new ilCheckboxInputGUI($this->lng->txt('auth_allow_local'), 'local'); $create->setInfo($this->lng->txt('auth_cas_allow_local_desc')); $create->setChecked($this->getSettings()->isLocalAuthenticationEnabled() ? true : false); $create->setValue(1); $form->addItem($create); $form->addCommandButton('save', $this->lng->txt('save')); return $form; }
/** * @see ilAuthContainerBase::loginObserver() */ public function loginObserver($a_username, $a_auth) { global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT; $ilLog->write(__METHOD__ . ': Successful CAS login.'); // Radius with ldap as data source include_once './Services/LDAP/classes/class.ilLDAPServer.php'; if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) { return $this->handleLDAPDataSource($a_auth, $a_username); } include_once "./Services/CAS/lib/CAS.php"; if ($PHPCAS_CLIENT->getUser() != "") { $username = $PHPCAS_CLIENT->getUser(); $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php'; $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username); if ($local_user != "") { $a_auth->setAuth($local_user); } else { if (!$ilSetting->get("cas_create_users")) { $a_auth->status = AUTH_CAS_NO_ILIAS_USER; $a_auth->logout(); return false; } $userObj = new ilObjUser(); $local_user = ilAuthUtils::_generateLogin($username); $newUser["firstname"] = $local_user; $newUser["lastname"] = ""; $newUser["login"] = $local_user; // set "plain md5" password (= no valid password) $newUser["passwd"] = ""; $newUser["passwd_type"] = IL_PASSWD_MD5; //$newUser["gender"] = "m"; $newUser["auth_mode"] = "cas"; $newUser["ext_account"] = $username; $newUser["profile_incomplete"] = 1; // system data $userObj->assignData($newUser); $userObj->setTitle($userObj->getFullname()); $userObj->setDescription($userObj->getEmail()); // set user language to system language $userObj->setLanguage($ilSetting->get("language")); // Time limit $userObj->setTimeLimitOwner(7); $userObj->setTimeLimitUnlimited(1); $userObj->setTimeLimitFrom(time()); $userObj->setTimeLimitUntil(time()); // Create user in DB $userObj->setOwner(0); $userObj->create(); $userObj->setActive(1); $userObj->updateOwner(); //insert user data in table user_data $userObj->saveAsNew(); // setup user preferences $userObj->writePrefs(); // to do: test this $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true); unset($userObj); $a_auth->setAuth($local_user); return true; } } else { $ilLog->write(__METHOD__ . ': Login failed.'); // This should never occur unless CAS is not configured properly $a_auth->status = AUTH_WRONG_LOGIN; return false; } return false; }
/** * Show settings * * @access public * @param * */ public function settings() { include_once "./Services/Form/classes/class.ilPropertyFormGUI.php"; $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.settings.html', 'Services/Radius'); $this->lng->loadLanguageModule('auth'); $form = new ilPropertyFormGUI(); $form->setFormAction($this->ctrl->getFormAction($this)); $form->setTitle($this->lng->txt('auth_radius_configure')); // Form checkbox $check = new ilCheckboxInputGUI($this->lng->txt('auth_radius_enable'), 'active'); $check->setChecked($this->settings->isActive() ? 1 : 0); $check->setValue(1); $form->addItem($check); $text = new ilTextInputGUI($this->lng->txt('auth_radius_name'), 'name'); $text->setRequired(true); $text->setInfo($this->lng->txt('auth_radius_name_desc')); $text->setValue($this->settings->getName()); $text->setSize(32); $text->setMaxLength(64); $form->addItem($text); $text = new ilTextInputGUI($this->lng->txt('auth_radius_server'), 'servers'); $text->setRequired(true); $text->setInfo($this->lng->txt('auth_radius_server_desc')); $text->setValue($this->settings->getServersAsString()); $text->setSize(64); $text->setMaxLength(255); $form->addItem($text); $text = new ilTextInputGUI($this->lng->txt('auth_radius_port'), 'port'); $text->setRequired(true); $text->setValue($this->settings->getPort()); $text->setSize(5); $text->setMaxLength(5); $form->addItem($text); $text = new ilTextInputGUI($this->lng->txt('auth_radius_shared_secret'), 'secret'); $text->setRequired(true); $text->setValue($this->settings->getSecret()); $text->setSize(16); $text->setMaxLength(32); $form->addItem($text); $encoding = new ilSelectInputGUI($this->lng->txt('auth_radius_charset'), 'charset'); $encoding->setRequired(true); $encoding->setOptions($this->prepareCharsetSelection()); $encoding->setValue($this->settings->getCharset()); $encoding->setInfo($this->lng->txt('auth_radius_charset_info')); $form->addItem($encoding); // User synchronization // 0: Disabled // 1: Radius // 2: LDAP $sync = new ilRadioGroupInputGUI($this->lng->txt('auth_radius_sync'), 'sync'); $sync->setRequired(true); #$sync->setInfo($this->lng->txt('auth_radius_sync_info')); $form->addItem($sync); // Disabled $dis = new ilRadioOption($this->lng->txt('disabled'), ilRadiusSettings::SYNC_DISABLED, ''); #$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info')); $sync->addOption($dis); // Radius $rad = new ilRadioOption($this->lng->txt('auth_radius_sync_rad'), ilRadiusSettings::SYNC_RADIUS, ''); $rad->setInfo($this->lng->txt('auth_radius_sync_rad_info')); $sync->addOption($rad); $select = new ilSelectInputGUI($this->lng->txt('auth_radius_role_select'), 'role'); $select->setOptions($this->prepareRoleSelection()); $select->setValue($this->settings->getDefaultRole()); $rad->addSubItem($select); $migr = new ilCheckboxInputGUI($this->lng->txt('auth_rad_migration'), 'migration'); $migr->setInfo($this->lng->txt('auth_rad_migration_info')); $migr->setChecked($this->settings->isAccountMigrationEnabled() ? 1 : 0); $migr->setValue(1); $rad->addSubItem($migr); // LDAP include_once './Services/LDAP/classes/class.ilLDAPServer.php'; $server_ids = ilLDAPServer::getAvailableDataSources(AUTH_RADIUS); if (count($server_ids)) { $ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), ilRadiusSettings::SYNC_LDAP, ''); $ldap->setInfo($this->lng->txt('auth_radius_ldap_info')); $sync->addOption($ldap); // TODO Handle more than one LDAP configuration } if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) { $sync->setValue(ilRadiusSettings::SYNC_LDAP); } else { $sync->setValue($this->settings->enabledCreation() ? ilRadiusSettings::SYNC_RADIUS : ilRadiusSettings::SYNC_DISABLED); } $form->addCommandButton('save', $this->lng->txt('save')); $this->tpl->setVariable('SETTINGS_TABLE', $form->getHTML()); }