get(['output' => 'extend']); if (self::$params === false) { throw new Exception(_('Unable to load authentication API parameters.')); } } } /** * Returns SAML userdirectoryid. * * @return string * */ public static function getSamlUserdirectoryid(): string { $userdirectoryid = API::getApiService('userdirectory')->get([ 'output' => ['userdirectoryid'], 'filter' => ['idp_type' => IDP_TYPE_SAML] ]); if (!$userdirectoryid) { throw new Exception(_('Unable to find SAML userdirectory.')); } return $userdirectoryid[0]['userdirectoryid']; } /** * Returns SAML userdirectoryid if 'scim_status' is enabled. * * @return string * */ public static function getSamlUserdirectoryidForScim(): string { $userdirectoryid = API::getApiService('userdirectory')->get([ 'output' => ['userdirectoryid', 'scim_status'], 'filter' => ['idp_type' => IDP_TYPE_SAML] ]); if (!$userdirectoryid || $userdirectoryid[0]['scim_status'] == 0) { throw new Exception(_('Unable to find SAML userdirectory.')); } return $userdirectoryid[0]['userdirectoryid']; } /** * Check is LDAP provisioning enabled for specific userdirectory: * LDAP JIT provisioning is enabled, LDAP user directory provisioning is configured and enabled. * * @return bool */ public static function isLdapProvisionEnabled($userdirectoryid): bool { if ($userdirectoryid == 0 || self::get(self::LDAP_JIT_STATUS) != JIT_PROVISIONING_ENABLED) { return false; } return API::UserDirectory()->get([ 'countOutput' => true, 'userdirectoryids' => [$userdirectoryid], 'filter' => ['provision_status' => JIT_PROVISIONING_ENABLED, 'idp_type' => IDP_TYPE_LDAP] ]) > 0; } /** * Check is the given timestamp require user provisioning according jit_provision_interval. * * @param int $timestamp * * @return bool Is true when given timestamp require provisioning. */ public static function isTimeToProvision($timestamp): bool { $jit_interval = timeUnitToSeconds(self::get(self::JIT_PROVISION_INTERVAL)); return ($timestamp + $jit_interval) < time(); } }