/** 
  * Called from base class after successful login
  *
  * @param string username
  */
 public function loginObserver($a_username, $a_auth)
 {
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     $user_data = array_change_key_case($a_auth->getAuthData(), CASE_LOWER);
     $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius", $a_username);
     if (!$user_data['ilInternalAccount']) {
         if ($this->radius_settings->enabledCreation()) {
             if ($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation) {
                 $a_auth->logout();
                 $_SESSION['tmp_auth_mode'] = 'radius';
                 $_SESSION['tmp_external_account'] = $a_username;
                 $_SESSION['tmp_pass'] = $_POST['password'];
                 $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
             }
             $this->initRADIUSAttributeToUser();
             $new_name = $this->radius_user->create($a_username);
             $a_auth->setAuth($new_name);
             return true;
         } else {
             // No syncronisation allowed => create Error
             $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
             $a_auth->logout();
             return false;
         }
     } else {
         $a_auth->setAuth($user_data['ilInternalAccount']);
         return true;
     }
 }
Exemplo n.º 2
0
 /**
  * Init cas settings
  */
 protected function initFormSettings()
 {
     $this->lng->loadLanguageModule('auth');
     $this->lng->loadLanguageModule('radius');
     include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
     $form = new ilPropertyFormGUI();
     $form->setFormAction($this->ctrl->getFormAction($this));
     $form->setTitle($this->lng->txt('auth_cas_auth'));
     $form->setDescription($this->lng->txt("auth_cas_auth_desc"));
     // Form checkbox
     $check = new ilCheckboxInputGUI($this->lng->txt("active"), 'active');
     $check->setChecked($this->getSettings()->isActive() ? true : false);
     $check->setValue(1);
     $form->addItem($check);
     $text = new ilTextInputGUI($this->lng->txt('server'), 'server');
     $text->setValue($this->getSettings()->getServer());
     $text->setRequired(true);
     $text->setInfo($this->lng->txt('auth_cas_server_desc'));
     $text->setSize(64);
     $text->setMaxLength(255);
     $form->addItem($text);
     $port = new ilNumberInputGUI($this->lng->txt("port"), 'port');
     $port->setValue($this->getSettings()->getPort());
     $port->setRequired(true);
     $port->setMinValue(0);
     $port->setMaxValue(65535);
     $port->setSize(5);
     $port->setMaxLength(5);
     $port->setInfo($this->lng->txt('auth_cas_port_desc'));
     $form->addItem($port);
     $text = new ilTextInputGUI($this->lng->txt('uri'), 'uri');
     $text->setValue($this->getSettings()->getUri());
     $text->setRequired(true);
     $text->setInfo($this->lng->txt('auth_cas_uri_desc'));
     $text->setSize(64);
     $text->setMaxLength(255);
     $form->addItem($text);
     // User synchronization
     // 0: Disabled
     // 1: CAS
     // 2: LDAP
     $sync = new ilRadioGroupInputGUI($this->lng->txt('auth_sync'), 'sync');
     $sync->setRequired(true);
     #$sync->setInfo($this->lng->txt('auth_radius_sync_info'));
     $form->addItem($sync);
     // Disabled
     $dis = new ilRadioOption($this->lng->txt('disabled'), self::SYNC_DISABLED, '');
     #$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info'));
     $sync->addOption($dis);
     // CAS
     $rad = new ilRadioOption($this->lng->txt('auth_sync_cas'), self::SYNC_CAS, '');
     $rad->setInfo($this->lng->txt('auth_sync_cas_info'));
     $sync->addOption($rad);
     $select = new ilSelectInputGUI($this->lng->txt('auth_user_default_role'), 'role');
     $select->setOptions($this->prepareRoleSelection());
     $select->setValue($this->getSettings()->getDefaultRole());
     $rad->addSubItem($select);
     // LDAP
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     $server_ids = ilLDAPServer::getAvailableDataSources(AUTH_CAS);
     if (count($server_ids)) {
         $ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), self::SYNC_LDAP, '');
         $ldap->setInfo($this->lng->txt('auth_radius_ldap_info'));
         $sync->addOption($ldap);
         // TODO Handle more than one LDAP configuration
     }
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         $sync->setValue(self::SYNC_LDAP);
     } else {
         $sync->setValue($this->getSettings()->isUserCreationEnabled() ? ilCASSettings::SYNC_CAS : ilCASSettings::SYNC_DISABLED);
     }
     $instruction = new ilTextAreaInputGUI($this->lng->txt('auth_login_instructions'), 'instruction');
     $instruction->setCols(80);
     $instruction->setRows(6);
     $instruction->setValue($this->getSettings()->getLoginInstruction());
     $form->addItem($instruction);
     $create = new ilCheckboxInputGUI($this->lng->txt('auth_allow_local'), 'local');
     $create->setInfo($this->lng->txt('auth_cas_allow_local_desc'));
     $create->setChecked($this->getSettings()->isLocalAuthenticationEnabled() ? true : false);
     $create->setValue(1);
     $form->addItem($create);
     $form->addCommandButton('save', $this->lng->txt('save'));
     return $form;
 }
 /**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
     $ilLog->write(__METHOD__ . ': Successful CAS login.');
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     include_once "./Services/CAS/lib/CAS.php";
     if ($PHPCAS_CLIENT->getUser() != "") {
         $username = $PHPCAS_CLIENT->getUser();
         $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $a_auth->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
                 $a_auth->logout();
                 return false;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $a_auth->setAuth($local_user);
             return true;
         }
     } else {
         $ilLog->write(__METHOD__ . ': Login failed.');
         // This should never occur unless CAS is not configured properly
         $a_auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     return false;
 }
 /**
  * Show settings
  *
  * @access public
  * @param
  * 
  */
 public function settings()
 {
     include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
     $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.settings.html', 'Services/Radius');
     $this->lng->loadLanguageModule('auth');
     $form = new ilPropertyFormGUI();
     $form->setFormAction($this->ctrl->getFormAction($this));
     $form->setTitle($this->lng->txt('auth_radius_configure'));
     // Form checkbox
     $check = new ilCheckboxInputGUI($this->lng->txt('auth_radius_enable'), 'active');
     $check->setChecked($this->settings->isActive() ? 1 : 0);
     $check->setValue(1);
     $form->addItem($check);
     $text = new ilTextInputGUI($this->lng->txt('auth_radius_name'), 'name');
     $text->setRequired(true);
     $text->setInfo($this->lng->txt('auth_radius_name_desc'));
     $text->setValue($this->settings->getName());
     $text->setSize(32);
     $text->setMaxLength(64);
     $form->addItem($text);
     $text = new ilTextInputGUI($this->lng->txt('auth_radius_server'), 'servers');
     $text->setRequired(true);
     $text->setInfo($this->lng->txt('auth_radius_server_desc'));
     $text->setValue($this->settings->getServersAsString());
     $text->setSize(64);
     $text->setMaxLength(255);
     $form->addItem($text);
     $text = new ilTextInputGUI($this->lng->txt('auth_radius_port'), 'port');
     $text->setRequired(true);
     $text->setValue($this->settings->getPort());
     $text->setSize(5);
     $text->setMaxLength(5);
     $form->addItem($text);
     $text = new ilTextInputGUI($this->lng->txt('auth_radius_shared_secret'), 'secret');
     $text->setRequired(true);
     $text->setValue($this->settings->getSecret());
     $text->setSize(16);
     $text->setMaxLength(32);
     $form->addItem($text);
     $encoding = new ilSelectInputGUI($this->lng->txt('auth_radius_charset'), 'charset');
     $encoding->setRequired(true);
     $encoding->setOptions($this->prepareCharsetSelection());
     $encoding->setValue($this->settings->getCharset());
     $encoding->setInfo($this->lng->txt('auth_radius_charset_info'));
     $form->addItem($encoding);
     // User synchronization
     // 0: Disabled
     // 1: Radius
     // 2: LDAP
     $sync = new ilRadioGroupInputGUI($this->lng->txt('auth_radius_sync'), 'sync');
     $sync->setRequired(true);
     #$sync->setInfo($this->lng->txt('auth_radius_sync_info'));
     $form->addItem($sync);
     // Disabled
     $dis = new ilRadioOption($this->lng->txt('disabled'), ilRadiusSettings::SYNC_DISABLED, '');
     #$dis->setInfo($this->lng->txt('auth_radius_sync_disabled_info'));
     $sync->addOption($dis);
     // Radius
     $rad = new ilRadioOption($this->lng->txt('auth_radius_sync_rad'), ilRadiusSettings::SYNC_RADIUS, '');
     $rad->setInfo($this->lng->txt('auth_radius_sync_rad_info'));
     $sync->addOption($rad);
     $select = new ilSelectInputGUI($this->lng->txt('auth_radius_role_select'), 'role');
     $select->setOptions($this->prepareRoleSelection());
     $select->setValue($this->settings->getDefaultRole());
     $rad->addSubItem($select);
     $migr = new ilCheckboxInputGUI($this->lng->txt('auth_rad_migration'), 'migration');
     $migr->setInfo($this->lng->txt('auth_rad_migration_info'));
     $migr->setChecked($this->settings->isAccountMigrationEnabled() ? 1 : 0);
     $migr->setValue(1);
     $rad->addSubItem($migr);
     // LDAP
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     $server_ids = ilLDAPServer::getAvailableDataSources(AUTH_RADIUS);
     if (count($server_ids)) {
         $ldap = new ilRadioOption($this->lng->txt('auth_radius_ldap'), ilRadiusSettings::SYNC_LDAP, '');
         $ldap->setInfo($this->lng->txt('auth_radius_ldap_info'));
         $sync->addOption($ldap);
         // TODO Handle more than one LDAP configuration
     }
     if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) {
         $sync->setValue(ilRadiusSettings::SYNC_LDAP);
     } else {
         $sync->setValue($this->settings->enabledCreation() ? ilRadiusSettings::SYNC_RADIUS : ilRadiusSettings::SYNC_DISABLED);
     }
     $form->addCommandButton('save', $this->lng->txt('save'));
     $this->tpl->setVariable('SETTINGS_TABLE', $form->getHTML());
 }