Skip to content
Snippets Groups Projects
Commit 1e4d92f5 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Added statistics logging for auth modules, sp entities and slo

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@313 44740490-163a-0410-bde0-09ae8108e29a
parent 81b8352f
Branches
Tags
No related merge requests found
......@@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$session->setNameID($nameid);
$session->setSessionIndex($this->getSessionIndex());
$session->setIdP($this->getIssuer());
/*
$nameID["NameID"] = $node->nodeValue;
......
......@@ -38,13 +38,14 @@ $langnames = array(
'dk' => 'Dansk'
);
foreach ($languages AS $lang => $current) {
if ($current) {
echo $langnames[$lang] . ' | ';
} else {
echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' .
$langnames[$lang] . '</a> | ';
if (empty($_POST) ) {
foreach ($languages AS $lang => $current) {
if ($current) {
echo $langnames[$lang] . ' | ';
} else {
echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' .
$langnames[$lang] . '</a> | ';
}
}
}
......
......@@ -61,10 +61,21 @@ if (isset($_POST['password'])) {
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-admin OK');
SimpleSAML_Utilities::redirect($relaystate);
exit(0);
} else {
SimpleSAML_Logger::stats('AUTH-login-admin Failed');
$error = 'Password incorrect';
}
......
......@@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) {
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-feide OK');
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
} catch (Exception $e) {
SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
SimpleSAML_Logger::stats('AUTH-login-feide Failed');
$error = $e->getMessage();
}
}
......@@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $_REQUEST['RelayState'];
$t->data['ldapconfig'] = $ldapfeide;
$t->data['org'] = $_REQUEST['org'];
$t->data['org'] = isset($_REQUEST['org']) ? $_REQUEST['org'] : null;
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = $_POST['username'];
......
......@@ -95,6 +95,17 @@ if (isset($_POST['username'])) {
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
......
......@@ -90,6 +90,18 @@ if (isset($_POST['username'])) {
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-radius OK');
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto);
......
......@@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) {
}
// Extract some parameters from the logout request
#$requestid = $logoutrequest->getRequestID();
$requester = $logoutrequest->getIssuer();
#$relayState = $logoutrequest->getRelayState();
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
/* Check if we have a valid session. */
if($session === NULL) {
......@@ -256,7 +266,7 @@ try {
*/
$rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
// generate($issuer, $receiver, $inresponseto, $mode )
// generate($issuer, $receiver, $inresponseto, $mode )
$logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP');
// Create a HTTP-REDIRECT Binding.
......
......@@ -48,6 +48,24 @@ try {
$authnResponse->process();
SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
/**
* Make a log entry in the statistics for this SSO login.
*/
$tempattr = $session->getAttributes();
$realmattr = $config->getValue('statistics.realmattr', null);
$realmstr = 'NA';
if (!empty($realmattr)) {
if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
$realmstr = $tempattr[$realmattr][0];
} else {
SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
}
}
SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $session->getIdP() . ' ' . $realmstr);
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
......
......@@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) {
$responder = $metadata->getMetaDataCurrentEntityID();
SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester);
// Create a logout response
$lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
......@@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
}
// Extract some parameters from the logout request
#$requestid = $logoutrequest->getRequestID();
$responder = $logoutresponse->getIssuer();
#$relayState = $logoutrequest->getRelayState();
//$responder = $config->getValue('saml2-hosted-sp');
$requester = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder);
if (isset($_GET['RelayState'])) {
SimpleSAML_Utilities::redirect($_GET['RelayState']);
} else {
......
......@@ -36,8 +36,25 @@ try {
if (isset($session)) {
SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
/**
* Make a log entry in the statistics for this SSO login.
*/
$tempattr = $session->getAttributes();
$realmattr = $config->getValue('statistics.realmattr', null);
$realmstr = 'NA';
if (!empty($realmattr)) {
if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
$realmstr = $tempattr[$realmattr][0];
} else {
SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
}
}
SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $session->getIdP() . ' ' . $realmstr);
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment