/**
* @param array $a_data
*
* @return bool
*/
public function doesMatch(array $a_data)
{
if ($this->isPluginActive()) {
return ilShibbolethRoleAssignmentRules::callPlugin($this->getPluginId(), $a_data);
}
if (!isset($a_data[$this->getName()])) {
return false;
}
$values = $a_data[$this->getName()];
if (is_array($values)) {
return in_array($this->getValue(), $values);
} else {
$pattern = str_replace('*', '.*?', $this->getValue());
return (bool) preg_match('/^' . $pattern . '$/us', $values);
}
}
/**
* Login function
*
* @access private
* @return void
*/
public function login()
{
$shibServerData = shibServerData::getInstance($_SERVER);
if ($shibServerData->getLogin()) {
$shibUser = shibUser::getInstance($shibServerData);
if ($shibUser->isNew()) {
$shibUser->createFields();
$shibUser = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shibUser);
$shibUser->create();
$shibUser->updateOwner();
$shibUser->saveAsNew();
$shibUser = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shibUser);
ilShibbolethRoleAssignmentRules::doAssignments($shibUser->getId(), $_SERVER);
} else {
$shibUser->updateFields();
$shibUser->update();
$shibUser = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shibUser);
$shibUser->update();
$shibUser = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shibUser);
ilShibbolethRoleAssignmentRules::updateAssignments($shibUser->getId(), $_SERVER);
}
$this->setAuth($shibUser->getLogin(), $shibUser);
ilObjUser::_updateLastLogin($shibUser->getId());
if ($_GET['target'] != '') {
ilUtil::redirect('goto.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
}
} else {
$this->status = AUTH_WRONG_LOGIN;
}
}
/**
* @param $a_plugin_id
* @param $a_user_data
*
* @return bool
*/
public static function callPlugin($a_plugin_id, $a_user_data)
{
global $ilPluginAdmin;
if (self::$active_plugins == NULL) {
self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
}
$assigned = false;
foreach (self::$active_plugins as $plugin_name) {
$ok = false;
$plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
$ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
}
if ($ok) {
$assigned = true;
}
}
return $assigned;
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
// Store user's Shibboleth sessionID for logout
$this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
// Get loginname of user, new login name is generated if user is new
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!ilObjUser::getUserIdByLogin($username)) {
$newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
$newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
$newUser["passwd_type"] = IL_PASSWD_MD5;
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
}
// Save mapping between ILIAS user and Shibboleth uniqueID
$newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
$newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
$newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
$newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
// Create use in DB
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// Default prefs
$userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
// setup user preferences
$userObj->writePrefs();
//set role entries
#$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
// New role assignment
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
// Authorize this user
$this->setAuth($userObj->getLogin());
} else {
// Update user account
$uid = $userObj->checkUserId();
$userObj->setId($uid);
$userObj->read($uid);
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
}
if ($ilias->getSetting('shib_update_title')) {
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
}
$userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
$userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution')) {
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
}
if ($ilias->getSetting('shib_update_department')) {
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
}
if ($ilias->getSetting('shib_update_street')) {
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
}
if ($ilias->getSetting('shib_update_city')) {
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
}
if ($ilias->getSetting('shib_update_zipcode')) {
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
}
if ($ilias->getSetting('shib_update_country')) {
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
}
if ($ilias->getSetting('shib_update_phone_office')) {
$userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
}
if ($ilias->getSetting('shib_update_phone_home')) {
$userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
}
if ($ilias->getSetting('shib_update_phone_mobile')) {
$userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
}
if ($ilias->getSetting('shib_update_fax')) {
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
}
if ($ilias->getSetting('shib_update_matriculation')) {
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
}
if ($ilias->getSetting('shib_update_email')) {
$userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
}
if ($ilias->getSetting('shib_update_hobby')) {
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
}
if ($ilias->getSetting('shib_update_language')) {
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
}
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
$userObj->update();
// Update role assignments
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
}
// we are authenticated: redirect, if possible
if ($_GET["target"] != "") {
ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
}
} else {
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
protected function setSubTabs()
{
global $ilSetting;
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
return false;
}
// DONE: show sub tabs if there is any role assignment rule
$this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
$this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
return true;
}
/**
* Login function
*
* @access private
* @return void
*/
public function login()
{
global $ilias, $ilSetting;
// for backword compatibility of hook environment variables
$shibServerData = shibServerData::getInstance($_SERVER);
if ($shibServerData->getLogin()) {
$shibUser = shibUser::buildInstance($shibServerData);
// for backword compatibility of hook environment variables
$userObj =& $shibUser;
// For shib_data_conv included Script
$newUser = $shibUser->isNew();
// For shib_data_conv included Script
if ($shibUser->isNew()) {
$shibUser->createFields();
$shibUser->setPref('hits_per_page', $ilSetting->get('hits_per_page'));
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') and $ilias->getSetting('shib_data_conv') != '' and is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
$shibUser = ilShibbolethPluginWrapper::getInstance()->beforeCreateUser($shibUser);
$shibUser->create();
$shibUser->updateOwner();
$shibUser->saveAsNew();
$shibUser->writePrefs();
$shibUser = ilShibbolethPluginWrapper::getInstance()->afterCreateUser($shibUser);
ilShibbolethRoleAssignmentRules::doAssignments($shibUser->getId(), $_SERVER);
} else {
$shibUser->updateFields();
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') and $ilias->getSetting('shib_data_conv') != '' and is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
// $shibUser->update();
$shibUser = ilShibbolethPluginWrapper::getInstance()->beforeUpdateUser($shibUser);
$shibUser->update();
$shibUser = ilShibbolethPluginWrapper::getInstance()->afterUpdateUser($shibUser);
ilShibbolethRoleAssignmentRules::updateAssignments($shibUser->getId(), $_SERVER);
}
$this->setAuth($shibUser->getLogin(), $shibUser);
ilObjUser::_updateLastLogin($shibUser->getId());
if ($_GET['target'] != '') {
ilUtil::redirect('goto.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
}
} else {
$this->status = AUTH_WRONG_LOGIN;
}
}
public function matches($a_data)
{
if ($this->isPluginActive()) {
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
return ilShibbolethRoleAssignmentRules::callPlugin($this->getPluginId(), $a_data);
}
// No value
if (!isset($a_data[$this->getName()])) {
return false;
}
$values = $a_data[$this->getName()];
if (is_array($values)) {
return in_array($this->getValue(), $values);
} else {
return $this->wildcardCompare($this->getValue(), $values);
#return $this->getValue() == $values;
}
}