Added statistics logging for auth modules, sp entities and slo

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@313 44740490-163a-0410-bde0-09ae8108e29a

Added statistics logging for auth modules, sp entities and slo
1e4d92f5 · Andreas Åkre Solberg · 81b8352f · 1e4d92f5 · 1e4d92f5 · 1e4d92f5
Commit 1e4d92f5 authored 17 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		
 		$session->setNameID($nameid);
 		$session->setSessionIndex($this->getSessionIndex());
+		
+		$session->setIdP($this->getIssuer());
 		/*
 		$nameID["NameID"] = $node->nodeValue;
 		

--- a/templates/default/includes/header.php
+++ b/templates/default/includes/header.php
@@ -38,13 +38,14 @@ $langnames = array(
 	'dk'	=>	'Dansk'
 );

-
-foreach ($languages AS $lang => $current) {
-	if ($current) {
-		echo $langnames[$lang] . ' | ';
-	} else {
-		echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . 
-			$langnames[$lang] . '</a> | ';
+if (empty($_POST) ) {
+	foreach ($languages AS $lang => $current) {
+		if ($current) {
+			echo $langnames[$lang] . ' | ';
+		} else {
+			echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . 
+				$langnames[$lang] . '</a> | ';
+		}
 	}
 }


--- a/www/auth/login-admin.php
+++ b/www/auth/login-admin.php
@@ -61,10 +61,21 @@ if (isset($_POST['password'])) {
 			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 		
 		SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
+
+		/**
+		 * Create a statistics log entry for every successfull login attempt.
+		 * Also log a specific attribute as set in the config: statistics.authlogattr
+		 */
+		$authlogattr = $config->getValue('statistics.authlogattr', null);
+		if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+			SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
+		else 
+			SimpleSAML_Logger::stats('AUTH-login-admin OK');
 		
 		SimpleSAML_Utilities::redirect($relaystate);
 		exit(0);
 	} else {
+		SimpleSAML_Logger::stats('AUTH-login-admin Failed');
 		$error = 'Password incorrect';
 	}
 	

--- a/www/auth/login-feide.php
+++ b/www/auth/login-feide.php
@@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) {
 			'value' => SimpleSAML_Utilities::generateID(),
 			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 		
+		
+		/**
+		 * Create a statistics log entry for every successfull login attempt.
+		 * Also log a specific attribute as set in the config: statistics.authlogattr
+		 */
+		$authlogattr = $config->getValue('statistics.authlogattr', null);
+		if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+			SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]);
+		else 
+			SimpleSAML_Logger::stats('AUTH-login-feide OK');
+		
+		
 		$returnto = $_REQUEST['RelayState'];
 		SimpleSAML_Utilities::redirect($returnto);

 		
 	} catch (Exception $e) {
 		SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
+		SimpleSAML_Logger::stats('AUTH-login-feide Failed');
 		$error = $e->getMessage();
 	}
 }
@@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
 $t->data['header'] = 'simpleSAMLphp: Enter username and password';	
 $t->data['relaystate'] = $_REQUEST['RelayState'];
 $t->data['ldapconfig'] = $ldapfeide;
-$t->data['org'] = $_REQUEST['org'];
+$t->data['org'] = isset($_REQUEST['org']) ? $_REQUEST['org'] : null;
 $t->data['error'] = $error;
 if (isset($error)) {
 	$t->data['username'] = $_POST['username'];

--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -95,6 +95,17 @@ if (isset($_POST['username'])) {
 					'value' => SimpleSAML_Utilities::generateID(),
 					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 				
+				/**
+				 * Create a statistics log entry for every successfull login attempt.
+				 * Also log a specific attribute as set in the config: statistics.authlogattr
+				 */
+				$authlogattr = $config->getValue('statistics.authlogattr', null);
+				if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
+				else 
+					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
+				
+				
 				$returnto = $_REQUEST['RelayState'];
 				SimpleSAML_Utilities::redirect($returnto);
 	

--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -90,6 +90,18 @@ if (isset($_POST['username'])) {
 					'value' => SimpleSAML_Utilities::generateID(),
 					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));

+				
+				/**
+				 * Create a statistics log entry for every successfull login attempt.
+				 * Also log a specific attribute as set in the config: statistics.authlogattr
+				 */
+				$authlogattr = $config->getValue('statistics.authlogattr', null);
+				if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+					SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
+				else 
+					SimpleSAML_Logger::stats('AUTH-login-radius OK');
+
+	
 				$returnto = $_REQUEST['RelayState'];
 				SimpleSAML_Utilities::redirect($returnto);
 				

--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) {

 	}
 	
+	// Extract some parameters from the logout request
+	#$requestid = $logoutrequest->getRequestID();
+	$requester = $logoutrequest->getIssuer();
+	#$relayState = $logoutrequest->getRelayState();
+
+	//$responder = $config->getValue('saml2-hosted-sp');
+	$responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+	
+	
 	SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
+	SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
 	
 	/* Check if we have a valid session. */
 	if($session === NULL) {
@@ -256,7 +266,7 @@ try {
 	 */
 	$rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);

-	// 							generate($issuer, $receiver, $inresponseto, $mode )
+	// generate($issuer, $receiver, $inresponseto, $mode )
 	$logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP');

 	// Create a HTTP-REDIRECT Binding.

--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -48,6 +48,24 @@ try {
 	$authnResponse->process();

 	SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+	
+	
+	/**
+	 * Make a log entry in the statistics for this SSO login.
+	 */
+	$tempattr = $session->getAttributes();
+	$realmattr = $config->getValue('statistics.realmattr', null);
+	$realmstr = 'NA';
+	if (!empty($realmattr)) {
+		if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+			$realmstr = $tempattr[$realmattr][0];
+		} else {
+			SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+		}
+	} 
+	SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $session->getIdP() . ' ' . $realmstr);
+		
+		

 	$relayState = $authnResponse->getRelayState();
 	if (isset($relayState)) {

--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$responder = $metadata->getMetaDataCurrentEntityID();
 	
 		SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
-	
+		SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester);
 	
 		// Create a logout response
 		$lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
@@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
 	}

+
+	// Extract some parameters from the logout request
+	#$requestid = $logoutrequest->getRequestID();
+	$responder = $logoutresponse->getIssuer();
+	#$relayState = $logoutrequest->getRelayState();
+
+	//$responder = $config->getValue('saml2-hosted-sp');
+	$requester = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
+
+	SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder);
+
 	if (isset($_GET['RelayState'])) {
 		SimpleSAML_Utilities::redirect($_GET['RelayState']);
 	} else {

--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -36,8 +36,25 @@ try {


 	if (isset($session)) {
-	
+
 		SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+
+		/**
+		 * Make a log entry in the statistics for this SSO login.
+		 */
+		$tempattr = $session->getAttributes();
+		$realmattr = $config->getValue('statistics.realmattr', null);
+		$realmstr = 'NA';
+		if (!empty($realmattr)) {
+			if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+				$realmstr = $tempattr[$realmattr][0];
+			} else {
+				SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+			}
+		} 
+		SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $session->getIdP() . ' ' . $realmstr);
+
+
 	
 		$relayState = $authnResponse->getRelayState();
 		if (isset($relayState)) {