From 0c61a550cdc051a91130a6ecf3885db605fe762d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 30 Oct 2007 09:59:29 +0000
Subject: [PATCH] Added logging to authentication endpoints, and SAML 2.0 SP
and IdP
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@62 44740490-163a-0410-bde0-09ae8108e29a
---
www/_include.php | 3 +-
www/auth/login-ldapmulti.php | 18 ++++++++----
www/auth/login-radius.php | 20 ++++++++++---
www/auth/login.php | 15 ++++++++--
www/example-simple/saml2-example.php | 2 ++
www/saml2/idp/SSOService.php | 36 +++++++++++++++++++----
www/saml2/sp/AssertionConsumerService.php | 13 +++++++-
www/saml2/sp/SingleLogoutService.php | 20 ++++++++++---
www/saml2/sp/initSLO.php | 13 ++++++++
www/saml2/sp/initSSO.php | 19 ++++++++++--
10 files changed, 133 insertions(+), 26 deletions(-)
diff --git a/www/_include.php b/www/_include.php
index 581bc17be..ab5e7dcab 100644
--- a/www/_include.php
+++ b/www/_include.php
@@ -13,7 +13,6 @@ require_once('SimpleSAML/Configuration.php');
SimpleSAML_Configuration::init(dirname(dirname(__FILE__)) . '/config');
-define_syslog_variables();
-openlog("simpleSAMLphp", LOG_PID, LOG_LOCAL0);
+
?>
\ No newline at end of file
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 72dbe3b24..43ac2ae66 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -3,12 +3,10 @@
require_once('../../www/_include.php');
-
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
-require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
-require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/XHTML/Template.php');
session_start();
@@ -16,12 +14,15 @@ session_start();
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
$session = SimpleSAML_Session::getInstance();
-
+$logger = new SimpleSAML_Logger();
$ldapconfigfile = $config->getValue('basedir') . 'config/ldapmulti.php';
require_once($ldapconfigfile);
+$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap-multi', 'EVENT', 'Access', 'Accessing auth endpoint login-ldapmulti');
+
+
$error = null;
$attributes = array();
@@ -39,6 +40,9 @@ if (isset($_POST['username'])) {
if ($ds) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
echo "Failed to set LDAP Protocol version to 3";
exit;
}
@@ -50,7 +54,8 @@ if (isset($_POST['username'])) {
*/
if (!ldap_bind($ds, $dn, $pwd)) {
$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $ldapconfig['dnpattern'] . "]";
-
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
} else {
$sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
@@ -71,6 +76,9 @@ if (isset($_POST['username'])) {
//print_r($ldapentries);
//print_r($attributes);
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
+
+
$session->setAuthenticated(true);
$session->setAttributes($attributes);
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index fc313fe5b..990b6788b 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -4,18 +4,18 @@ require_once('../../www/_include.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
-require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
-require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/XHTML/Template.php');
session_start();
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
-
-
$session = SimpleSAML_Session::getInstance();
+$logger = new SimpleSAML_Logger();
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'radius', 'EVENT', 'Access', 'Accessing auth endpoint login');
$error = null;
$attributes = array();
@@ -29,10 +29,15 @@ if (isset($_POST['username'])) {
// ( resource $radius_handle, string $hostname, int $port, string $secret, int $timeout, int $max_tries )
if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'),
$config->getValue('auth.radius.secret'), 5, 3)) {
+
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius),
+ 'Problem occured when connecting to Radius server');
throw new Exception('Problem occured when connecting to Radius server: ' . radius_strerror($radius));
}
if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius),
+ 'Problem occured when creating the Radius request');
throw new Exception('Problem occured when creating the Radius request: ' . radius_strerror($radius));
}
@@ -46,6 +51,8 @@ if (isset($_POST['username'])) {
// GOOD Login :)
$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
+
$session->setAuthenticated(true);
$session->setAttributes($attributes);
$returnto = $_REQUEST['RelayState'];
@@ -56,12 +63,17 @@ if (isset($_POST['username'])) {
case RADIUS_ACCESS_REJECT:
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
throw new Exception('Radius authentication error: Bad credentials ');
break;
case RADIUS_ACCESS_CHALLENGE:
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius),
+ 'Challenge requested');
throw new Exception('Radius authentication error: Challenge requested');
break;
default:
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius),
+ 'General radius error');
throw new Exception('Error during radius authentication: ' . radius_strerror($radius));
}
diff --git a/www/auth/login.php b/www/auth/login.php
index 31f05dfbd..0a468950a 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -10,14 +10,16 @@ require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/XHTML/Template.php');
+require_once('SimpleSAML/Logger.php');
session_start();
$config = SimpleSAML_Configuration::getInstance();
-$metadata = new SimpleSAML_XML_MetaDataStore($config);
-
-
+$metadata = new SimpleSAML_XML_MetaDataStore($config);
$session = SimpleSAML_Session::getInstance();
+$logger = new SimpleSAML_Logger();
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap', 'EVENT', 'Access', 'Accessing auth endpoint login');
$error = null;
$attributes = array();
@@ -33,6 +35,9 @@ if (isset($_POST['username'])) {
if ($ds) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+
+ $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3');
+
echo "Failed to set LDAP Protocol version to 3";
exit;
}
@@ -45,6 +50,7 @@ if (isset($_POST['username'])) {
if (!ldap_bind($ds, $dn, $pwd)) {
$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern') . "]";
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate');
} else {
$sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
@@ -71,6 +77,9 @@ if (isset($_POST['username'])) {
$session->setNameID(SimpleSAML_Utilities::generateID());
$session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated');
+
+
$returnto = $_REQUEST['RelayState'];
header("Location: " . $returnto);
exit(0);
diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php
index 576ef4d29..f59bccc9b 100644
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -11,8 +11,10 @@ require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
require_once('SimpleSAML/XHTML/Template.php');
+
session_start();
+
/* Load simpleSAMLphp, configuration and metadata */
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 57d658710..76bba9584 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -6,6 +6,7 @@ require_once('../../../www/_include.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/AttributeFilter.php');
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
@@ -19,12 +20,16 @@ session_start();
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
+$session = SimpleSAML_Session::getInstance(true);
+
+$logger = new SimpleSAML_Logger();
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
$requestid = null;
-$session = null;
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', 'Access', 'Accessing SAML 2.0 IdP endpoint SSOService');
if (isset($_GET['SAMLRequest'])) {
@@ -35,12 +40,13 @@ if (isset($_GET['SAMLRequest'])) {
$authnrequest = $binding->decodeRequest($_GET);
$session = $authnrequest->createSession();
-
$requestid = $authnrequest->getRequestID();
-
-
$session->setAuthnRequest($requestid, $authnrequest);
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnRequest',
+ array($authnrequest->getIssuer(), $requestid),
+ 'Incomming Authentication request');
} catch(Exception $exception) {
@@ -62,6 +68,9 @@ if (isset($_GET['SAMLRequest'])) {
$session = SimpleSAML_Session::getInstance();
$authnrequest = $session->getAuthnRequest($requestid);
+ $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming RequestID');
+
+
if (!$authnrequest) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
} catch(Exception $exception) {
@@ -100,6 +109,10 @@ if (!$session->isAuthenticated() ) {
'&RequestID=' . urlencode($requestid);
$authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'],
'RelayState=' . urlencode($relaystate));
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthNext', $idpmeta['auth'],
+ 'Will go to authentication module ' . $idpmeta['auth']);
+
header('Location: ' . $authurl);
exit(0);
} else {
@@ -117,7 +130,10 @@ if (!$session->isAuthenticated() ) {
if ($idpmeta['requireconsent']) {
if (!isset($_GET['consent'])) {
-
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'Consent', 'request',
+ 'Requires consent from user for attribute release');
+
$t = new SimpleSAML_XHTML_Template($config, 'consent.php');
$t->data['header'] = 'Consent';
$t->data['spentityid'] = $spentityid;
@@ -126,6 +142,11 @@ if (!$session->isAuthenticated() ) {
$t->show();
exit(0);
+ } else {
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'ConsentOK', '-',
+ 'Got consent from user');
+
}
}
@@ -134,6 +155,11 @@ if (!$session->isAuthenticated() ) {
$session->add_sp_session($spentityid);
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnResponse', $spentityid,
+ 'Sending back AuthnResponse');
+
+
/*
* Filtering attributes.
*/
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 1af5e5fe0..6a1a3f4a1 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -5,6 +5,7 @@ require_once('../../_include.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
@@ -12,6 +13,14 @@ require_once('SimpleSAML/XHTML/Template.php');
session_start();
+$session = SimpleSAML_Session::getInstance();
+
+$logger = new SimpleSAML_Logger();
+
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'EVENT', 'Access',
+ 'Accessing SAML 2.0 SP endpoint AssertionConsumerService');
+
try {
$config = SimpleSAML_Configuration::getInstance();
@@ -26,7 +35,9 @@ try {
if (isset($session)) {
$attributes = $session->getAttributes();
- syslog(LOG_INFO, 'User is authenticated,' . $attributes['mail'] . ',' . $authnResponse->getIssuer());
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-',
+ 'Successfully created local session from Authentication Response');
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index d13e74916..fdc99c0f4 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -2,8 +2,10 @@
require_once('../../_include.php');
+
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/SAML20/LogoutRequest.php');
require_once('SimpleSAML/XML/SAML20/LogoutResponse.php');
@@ -14,13 +16,13 @@ session_start();
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
-
-
-
-
// Get the local session
$session = SimpleSAML_Session::getInstance();
+$logger = new SimpleSAML_Logger();
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access',
+ 'Accessing SAML 2.0 SP endpoint SingleLogoutService');
// Destroy local session if exists.
if (isset($session) && $session->isAuthenticated() ) {
@@ -44,9 +46,15 @@ if (isset($_GET['SAMLRequest'])) {
$relayState = $logoutrequest->getRelayState();
+
+
+
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID();
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,
+ 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')');
// Create a logout response
@@ -57,6 +65,10 @@ if (isset($_GET['SAMLRequest'])) {
// Create a HTTP Redirect binding.
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-',
+ 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
+
// Send the Logout response using HTTP POST binding.
$httpredirect->sendMessage($logoutResponseXML, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 0d3f7ebd0..1a21b81b9 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -2,6 +2,7 @@
require_once('../../_include.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
@@ -10,6 +11,7 @@ require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
+
session_start();
$config = SimpleSAML_Configuration::getInstance();
@@ -17,10 +19,15 @@ $metadata = new SimpleSAML_XML_MetaDataStore($config);
$session = SimpleSAML_Session::getInstance();
+$logger = new SimpleSAML_Logger();
+
$idpentityid = $session->getIdP();
// isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access',
+ 'Accessing SAML 2.0 SP initSLO script');
+
if (isset($session) ) {
@@ -37,6 +44,9 @@ if (isset($session) ) {
$relayState = $_GET['RelayState'];
}
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', $req->getRequestID(),
+ 'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
+
//$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
$httpredirect->sendMessage($req, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
@@ -56,6 +66,9 @@ if (isset($session) ) {
$relaystate = $session->getRelayState();
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', $req->getRequestID(),
+ 'User is already logged out. Go back to relaystate');
+
header('Location: ' . $relaystate );
#print_r($metadata->getMetaData('sam.feide.no'));
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index c2d9a6354..a687ae62f 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -5,6 +5,7 @@ require_once('../../_include.php');
require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
require_once('SimpleSAML/XHTML/Template.php');
require_once('SimpleSAML/XML/MetaDataStore.php');
require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
@@ -16,10 +17,14 @@ session_start();
$config = SimpleSAML_Configuration::getInstance();
$metadata = new SimpleSAML_XML_MetaDataStore($config);
+$session = SimpleSAML_Session::getInstance(true);
+$logger = new SimpleSAML_Logger();
+
+
+$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'EVENT', 'Access',
+ 'Accessing SAML 2.0 SP initSSO script');
-$session = SimpleSAML_Session::getInstance();
-
try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
@@ -39,6 +44,9 @@ if (!isset($session) || !$session->isValid() ) {
if ($idpentityid == null) {
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'NextDisco', $spentityid,
+ 'No SP default or specified, go to SAML2disco');
+
$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
$discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid .
'&return=' . $returnURL . '&returnIDParam=idpentityid';
@@ -60,6 +68,9 @@ if (!isset($session) || !$session->isValid() ) {
$relayState = $_GET['RelayState'];
}
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AuthnRequest', $idpentityid,
+ 'SP (' . $spentityid . ') is sending authenticatino request to IdP (' . $idpentityid . ')');
+
$httpredirect->sendMessage($req, $idpentityid, $relayState);
@@ -80,6 +91,10 @@ if (!isset($session) || !$session->isValid() ) {
$relaystate = $_GET['RelayState'];
if (isset($relaystate) && !empty($relaystate)) {
+
+ $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AlreadyAuthenticated', '-',
+ 'Go back to RelayState');
+
header('Location: ' . $relaystate );
} else {
$et = new SimpleSAML_XHTML_Template($config, 'error.php');
--
GitLab