diff --git a/lib/Auth/Process/PerunCreateMember.php b/lib/Auth/Process/PerunCreateMember.php
index 4ea7e2c76184e599be6d35e8534f1eb9d2126ce4..c070cee374ddbe324f4dbd4c4d41d56beb481bc1 100644
--- a/lib/Auth/Process/PerunCreateMember.php
+++ b/lib/Auth/Process/PerunCreateMember.php
@@ -6,6 +6,7 @@ use SimpleSAML\Auth\State;
use SimpleSAML\Configuration;
use SimpleSAML\Auth\ProcessingFilter;
use SimpleSAML\Error\Exception;
+use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\Module\perun\AdapterRpc;
use SimpleSAML\Module\perun\Exception as PerunException;
@@ -100,6 +101,12 @@ class PerunCreateMember extends ProcessingFilter
$extSource = $this->adapter->getExtSourceByName($this->idpEntityId);
$vo = $this->adapter->getVoByShortName($this->voShortName);
$this->adapter->createMember($vo->getId(), $extSource["id"], $uid);
+
+ Logger::debug(
+ self::DEBUG_PREFIX .
+ 'Created new member in VO ' . $vo->getId() . ' for extSource \'' . $extSource["id"]
+ . '\' with login \'' . $uid . '\'.'
+ );
} catch (PerunException $e) {
if ($e->getName() === 'AlreadyMemberException') {
$alreadyMember = true;
diff --git a/lib/Auth/Process/PerunEntitlement.php b/lib/Auth/Process/PerunEntitlement.php
index 0a4986e1686c0c9b3cf886c5e7a062488df96833..f5da16e3506762c15a107ec8d687f4bde5f326da 100644
--- a/lib/Auth/Process/PerunEntitlement.php
+++ b/lib/Auth/Process/PerunEntitlement.php
@@ -159,6 +159,12 @@ class PerunEntitlement extends ProcessingFilter
$capabilities ?? []
) ?? []
);
+
+ if (! empty($request['Attributes'][$this->eduPersonEntitlement])) {
+ Logger::info('perun:PerunEntitlement: Adding entitlements to request, attribute '
+ . $this->eduPersonEntitlement . ':\''
+ . implode(', ', $request['Attributes'][$this->eduPersonEntitlement]) . '\'.');
+ }
}
/**
diff --git a/lib/Auth/Process/PerunEntitlementExtended.php b/lib/Auth/Process/PerunEntitlementExtended.php
index 1ab314a494391535544da1505427a3c3f686f9b2..e8e593bdfc039193253d174d3cd9b15eceee688b 100644
--- a/lib/Auth/Process/PerunEntitlementExtended.php
+++ b/lib/Auth/Process/PerunEntitlementExtended.php
@@ -161,6 +161,12 @@ class PerunEntitlementExtended extends ProcessingFilter
)
?? []
);
+
+ if (! empty($request['Attributes'][$this->outputAttrName])) {
+ Logger::info('perun:PerunEntitlement: Adding entitlements to request, attribute '
+ . $this->outputAttrName . ':\'' . implode(', ', $request['Attributes'][$this->outputAttrName])
+ . '\'.');
+ }
}
private function getEduPersonEntitlementExtended(&$request)
diff --git a/lib/Auth/Process/PerunUserGroups.php b/lib/Auth/Process/PerunUserGroups.php
index 3d58e8ebfaa0cc78ff42ecb47376c86ae8c6931c..c4a5bc180ccb9255d8640f1d27f758df6a59e941 100644
--- a/lib/Auth/Process/PerunUserGroups.php
+++ b/lib/Auth/Process/PerunUserGroups.php
@@ -48,6 +48,9 @@ class PerunUserGroups extends ProcessingFilter
);
}
+ Logger::info(self::DEBUG_PREFIX . 'User was found:'
+ . $user->getName() . ' with id: ' . $user->getId() . '.');
+
$spEntityId = $request[PerunConstants::SP_METADATA][PerunConstants::SP_METADATA_ENTITYID] ?? null;
if (empty($spEntityId)) {
Logger::debug(self::DEBUG_PREFIX . 'No SP EntityID available, user groups will be empty');
@@ -56,5 +59,11 @@ class PerunUserGroups extends ProcessingFilter
$groups = $this->adapter->getUsersGroupsOnFacility($spEntityId, $user->getId());
$request[PerunConstants::PERUN][PerunConstants::USER_GROUPS] = $groups;
+
+ $groupIds = array_map(function ($group) {
+ return $group->getId();
+ }, $groups);
+ Logger::info(self::DEBUG_PREFIX . 'Adding user groups related to facility ' . $spEntityId->getId()
+ . ' to the request - group(s) id:' . implode(',', $groupIds) . '.');
}
}
diff --git a/lib/Auth/Process/SpAuthorization.php b/lib/Auth/Process/SpAuthorization.php
index 9024f180333c43852a2393b8cba4e400a23a2930..15c1182cde450afde1174a1521bc85499fca191b 100644
--- a/lib/Auth/Process/SpAuthorization.php
+++ b/lib/Auth/Process/SpAuthorization.php
@@ -218,7 +218,12 @@ class SpAuthorization extends ProcessingFilter
$userGroups = $this->adapter->getUsersGroupsOnSp($facility, $user->getId());
if (!empty($userGroups)) {
- Logger::info(self::DEBUG_PREFIX . 'User satisfies the group membership check.');
+ $groupIds = array_map(function ($group) {
+ return $group->getId();
+ }, $userGroups);
+
+ Logger::info(self::DEBUG_PREFIX . 'User satisfies the group membership check
+ on facility ' . $facility->getId() . ' in group(s) with id ' . implode(',', $groupIds) . '.');
} else {
$this->handleUnsatisfiedMembership($request, $user, $spEntityId, $facility, $facilityAttributes);
}
diff --git a/www/updateUes.php b/www/updateUes.php
index ede4db19f235f0d09429b44cb527d6f4e6fdabab..7b958ec6214c9dfec4c357fc21057f1947337f49 100644
--- a/www/updateUes.php
+++ b/www/updateUes.php
@@ -87,9 +87,10 @@ try {
if (UESUpdateHelper::updateUserExtSource($adapter, $userExtSource, $attributesToUpdate)) {
Logger::debug(
sprintf(
- "%sUpdating UES for user with userId: %s was successful.",
+ "%sUpdating UES for user with userId: %s was successful. Updated attributes: %s",
UESUpdateHelper::DEBUG_PREFIX,
- $perunUserId
+ $perunUserId,
+ implode(',', $attributesToUpdate)
)
);
}