From 1e4d92f5bc75c82fd32efe4b1fc8c81d36cf5f95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 15 Feb 2008 12:26:36 +0000
Subject: [PATCH] Added statistics logging for auth modules, sp entities and
 slo

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@313 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/Shib13/AuthnResponse.php |  2 ++
 templates/default/includes/header.php       | 15 ++++++++-------
 www/auth/login-admin.php                    | 11 +++++++++++
 www/auth/login-feide.php                    | 15 ++++++++++++++-
 www/auth/login-ldapmulti.php                | 11 +++++++++++
 www/auth/login-radius.php                   | 12 ++++++++++++
 www/saml2/idp/SingleLogoutService.php       | 12 +++++++++++-
 www/saml2/sp/AssertionConsumerService.php   | 18 ++++++++++++++++++
 www/saml2/sp/SingleLogoutService.php        | 13 ++++++++++++-
 www/shib13/sp/AssertionConsumerService.php  | 19 ++++++++++++++++++-
 10 files changed, 117 insertions(+), 11 deletions(-)

diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 03073ef71..60ca194e3 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		
 		$session->setNameID($nameid);
 		$session->setSessionIndex($this->getSessionIndex());
+		
+		$session->setIdP($this->getIssuer());
 		/*
 		$nameID["NameID"] = $node->nodeValue;
 		
diff --git a/templates/default/includes/header.php b/templates/default/includes/header.php
index 04c776016..5bbcb02a1 100644
--- a/templates/default/includes/header.php
+++ b/templates/default/includes/header.php
@@ -38,13 +38,14 @@ $langnames = array(
 	'dk'	=>	'Dansk'
 );
 
-
-foreach ($languages AS $lang => $current) {
-	if ($current) {
-		echo $langnames[$lang] . ' | ';
-	} else {
-		echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . 
-			$langnames[$lang] . '</a> | ';
+if (empty($_POST) ) {
+	foreach ($languages AS $lang => $current) {
+		if ($current) {
+			echo $langnames[$lang] . ' | ';
+		} else {
+			echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . 
+				$langnames[$lang] . '</a> | ';
+		}
 	}
 }
 
diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php
index 65b2956be..d2d113d62 100644
--- a/www/auth/login-admin.php
+++ b/www/auth/login-admin.php
@@ -61,10 +61,21 @@ if (isset($_POST['password'])) {
 			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 		
 		SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
+
+		/**
+		 * Create a statistics log entry for every successfull login attempt.
+		 * Also log a specific attribute as set in the config: statistics.authlogattr
+		 */
+		$authlogattr = $config->getValue('statistics.authlogattr', null);
+		if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+			SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
+		else 
+			SimpleSAML_Logger::stats('AUTH-login-admin OK');
 		
 		SimpleSAML_Utilities::redirect($relaystate);
 		exit(0);
 	} else {
+		SimpleSAML_Logger::stats('AUTH-login-admin Failed');
 		$error = 'Password incorrect';
 	}
 	
diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php
index 272386551..1e76036a4 100644
--- a/www/auth/login-feide.php
+++ b/www/auth/login-feide.php
@@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) {
 			'value' => SimpleSAML_Utilities::generateID(),
 			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 		
+		
+		/**
+		 * Create a statistics log entry for every successfull login attempt.
+		 * Also log a specific attribute as set in the config: statistics.authlogattr
+		 */
+		$authlogattr = $config->getValue('statistics.authlogattr', null);
+		if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+			SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]);
+		else 
+			SimpleSAML_Logger::stats('AUTH-login-feide OK');
+		
+		
 		$returnto = $_REQUEST['RelayState'];
 		SimpleSAML_Utilities::redirect($returnto);
 
 		
 	} catch (Exception $e) {
 		SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
+		SimpleSAML_Logger::stats('AUTH-login-feide Failed');
 		$error = $e->getMessage();
 	}
 }
@@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
 $t->data['header'] = 'simpleSAMLphp: Enter username and password';	
 $t->data['relaystate'] = $_REQUEST['RelayState'];
 $t->data['ldapconfig'] = $ldapfeide;
-$t->data['org'] = $_REQUEST['org'];
+$t->data['org'] = isset($_REQUEST['org']) ? $_REQUEST['org'] : null;
 $t->data['error'] = $error;
 if (isset($error)) {
 	$t->data['username'] = $_POST['username'];
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 4b1d9bab7..204364905 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -95,6 +95,17 @@ if (isset($_POST['username'])) {
 					'value' => SimpleSAML_Utilities::generateID(),
 					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 				
+				/**
+				 * Create a statistics log entry for every successfull login attempt.
+				 * Also log a specific attribute as set in the config: statistics.authlogattr
+				 */
+				$authlogattr = $config->getValue('statistics.authlogattr', null);
+				if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
+				else 
+					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
+				
+				
 				$returnto = $_REQUEST['RelayState'];
 				SimpleSAML_Utilities::redirect($returnto);
 	
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index 622d9c3d1..710dea172 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -90,6 +90,18 @@ if (isset($_POST['username'])) {
 					'value' => SimpleSAML_Utilities::generateID(),
 					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 
+				
+				/**
+				 * Create a statistics log entry for every successfull login attempt.
+				 * Also log a specific attribute as set in the config: statistics.authlogattr
+				 */
+				$authlogattr = $config->getValue('statistics.authlogattr', null);
+				if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+					SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
+				else 
+					SimpleSAML_Logger::stats('AUTH-login-radius OK');
+
+	
 				$returnto = $_REQUEST['RelayState'];
 				SimpleSAML_Utilities::redirect($returnto);
 				
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index a265542b1..48eb9a061 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) {
 
 	}
 	
+	// Extract some parameters from the logout request
+	#$requestid = $logoutrequest->getRequestID();
+	$requester = $logoutrequest->getIssuer();
+	#$relayState = $logoutrequest->getRelayState();
+
+	//$responder = $config->getValue('saml2-hosted-sp');
+	$responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+	
+	
 	SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
+	SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
 	
 	/* Check if we have a valid session. */
 	if($session === NULL) {
@@ -256,7 +266,7 @@ try {
 	 */
 	$rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
 
-	// 							generate($issuer, $receiver, $inresponseto, $mode )
+	// generate($issuer, $receiver, $inresponseto, $mode )
 	$logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP');
 
 	// Create a HTTP-REDIRECT Binding.
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index b864958ee..5558b74c8 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -48,6 +48,24 @@ try {
 	$authnResponse->process();
 
 	SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+	
+	
+	/**
+	 * Make a log entry in the statistics for this SSO login.
+	 */
+	$tempattr = $session->getAttributes();
+	$realmattr = $config->getValue('statistics.realmattr', null);
+	$realmstr = 'NA';
+	if (!empty($realmattr)) {
+		if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+			$realmstr = $tempattr[$realmattr][0];
+		} else {
+			SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+		}
+	} 
+	SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $session->getIdP() . ' ' . $realmstr);
+		
+		
 
 	$relayState = $authnResponse->getRelayState();
 	if (isset($relayState)) {
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index 008602216..a8200db7d 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$responder = $metadata->getMetaDataCurrentEntityID();
 	
 		SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
-	
+		SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester);
 	
 		// Create a logout response
 		$lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
@@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
 	}
 
+
+	// Extract some parameters from the logout request
+	#$requestid = $logoutrequest->getRequestID();
+	$responder = $logoutresponse->getIssuer();
+	#$relayState = $logoutrequest->getRelayState();
+
+	//$responder = $config->getValue('saml2-hosted-sp');
+	$requester = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
+
+	SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder);
+
 	if (isset($_GET['RelayState'])) {
 		SimpleSAML_Utilities::redirect($_GET['RelayState']);
 	} else {
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index 68bb7fd1e..6c48f3384 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -36,8 +36,25 @@ try {
 
 
 	if (isset($session)) {
-	
+
 		SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+
+		/**
+		 * Make a log entry in the statistics for this SSO login.
+		 */
+		$tempattr = $session->getAttributes();
+		$realmattr = $config->getValue('statistics.realmattr', null);
+		$realmstr = 'NA';
+		if (!empty($realmattr)) {
+			if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+				$realmstr = $tempattr[$realmattr][0];
+			} else {
+				SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+			}
+		} 
+		SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $session->getIdP() . ' ' . $realmstr);
+
+
 	
 		$relayState = $authnResponse->getRelayState();
 		if (isset($relayState)) {
-- 
GitLab