Skip to content
Snippets Groups Projects
Commit 1e4d92f5 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Added statistics logging for auth modules, sp entities and slo

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@313 44740490-163a-0410-bde0-09ae8108e29a
parent 81b8352f
No related branches found
No related tags found
No related merge requests found
...@@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { ...@@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$session->setNameID($nameid); $session->setNameID($nameid);
$session->setSessionIndex($this->getSessionIndex()); $session->setSessionIndex($this->getSessionIndex());
$session->setIdP($this->getIssuer());
/* /*
$nameID["NameID"] = $node->nodeValue; $nameID["NameID"] = $node->nodeValue;
......
...@@ -38,13 +38,14 @@ $langnames = array( ...@@ -38,13 +38,14 @@ $langnames = array(
'dk' => 'Dansk' 'dk' => 'Dansk'
); );
if (empty($_POST) ) {
foreach ($languages AS $lang => $current) { foreach ($languages AS $lang => $current) {
if ($current) { if ($current) {
echo $langnames[$lang] . ' | '; echo $langnames[$lang] . ' | ';
} else { } else {
echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' .
$langnames[$lang] . '</a> | '; $langnames[$lang] . '</a> | ';
}
} }
} }
......
...@@ -61,10 +61,21 @@ if (isset($_POST['password'])) { ...@@ -61,10 +61,21 @@ if (isset($_POST['password'])) {
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated'); SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-admin OK');
SimpleSAML_Utilities::redirect($relaystate); SimpleSAML_Utilities::redirect($relaystate);
exit(0); exit(0);
} else { } else {
SimpleSAML_Logger::stats('AUTH-login-admin Failed');
$error = 'Password incorrect'; $error = 'Password incorrect';
} }
......
...@@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) { ...@@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) {
'value' => SimpleSAML_Utilities::generateID(), 'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-feide OK');
$returnto = $_REQUEST['RelayState']; $returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto); SimpleSAML_Utilities::redirect($returnto);
} catch (Exception $e) { } catch (Exception $e) {
SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage()); SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
SimpleSAML_Logger::stats('AUTH-login-feide Failed');
$error = $e->getMessage(); $error = $e->getMessage();
} }
} }
...@@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php'); ...@@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
$t->data['header'] = 'simpleSAMLphp: Enter username and password'; $t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $_REQUEST['RelayState']; $t->data['relaystate'] = $_REQUEST['RelayState'];
$t->data['ldapconfig'] = $ldapfeide; $t->data['ldapconfig'] = $ldapfeide;
$t->data['org'] = $_REQUEST['org']; $t->data['org'] = isset($_REQUEST['org']) ? $_REQUEST['org'] : null;
$t->data['error'] = $error; $t->data['error'] = $error;
if (isset($error)) { if (isset($error)) {
$t->data['username'] = $_POST['username']; $t->data['username'] = $_POST['username'];
......
...@@ -95,6 +95,17 @@ if (isset($_POST['username'])) { ...@@ -95,6 +95,17 @@ if (isset($_POST['username'])) {
'value' => SimpleSAML_Utilities::generateID(), 'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
$returnto = $_REQUEST['RelayState']; $returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto); SimpleSAML_Utilities::redirect($returnto);
......
...@@ -90,6 +90,18 @@ if (isset($_POST['username'])) { ...@@ -90,6 +90,18 @@ if (isset($_POST['username'])) {
'value' => SimpleSAML_Utilities::generateID(), 'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-radius OK');
$returnto = $_REQUEST['RelayState']; $returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirect($returnto); SimpleSAML_Utilities::redirect($returnto);
......
...@@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) {
} }
// Extract some parameters from the logout request
#$requestid = $logoutrequest->getRequestID();
$requester = $logoutrequest->getIssuer();
#$relayState = $logoutrequest->getRelayState();
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer()); SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
/* Check if we have a valid session. */ /* Check if we have a valid session. */
if($session === NULL) { if($session === NULL) {
...@@ -256,7 +266,7 @@ try { ...@@ -256,7 +266,7 @@ try {
*/ */
$rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata); $rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
// generate($issuer, $receiver, $inresponseto, $mode ) // generate($issuer, $receiver, $inresponseto, $mode )
$logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP'); $logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP');
// Create a HTTP-REDIRECT Binding. // Create a HTTP-REDIRECT Binding.
......
...@@ -48,6 +48,24 @@ try { ...@@ -48,6 +48,24 @@ try {
$authnResponse->process(); $authnResponse->process();
SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response'); SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
/**
* Make a log entry in the statistics for this SSO login.
*/
$tempattr = $session->getAttributes();
$realmattr = $config->getValue('statistics.realmattr', null);
$realmstr = 'NA';
if (!empty($realmattr)) {
if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
$realmstr = $tempattr[$realmattr][0];
} else {
SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
}
}
SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $session->getIdP() . ' ' . $realmstr);
$relayState = $authnResponse->getRelayState(); $relayState = $authnResponse->getRelayState();
if (isset($relayState)) { if (isset($relayState)) {
......
...@@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) {
$responder = $metadata->getMetaDataCurrentEntityID(); $responder = $metadata->getMetaDataCurrentEntityID();
SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid); SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester);
// Create a logout response // Create a logout response
$lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata); $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
...@@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception);
} }
// Extract some parameters from the logout request
#$requestid = $logoutrequest->getRequestID();
$responder = $logoutresponse->getIssuer();
#$relayState = $logoutrequest->getRelayState();
//$responder = $config->getValue('saml2-hosted-sp');
$requester = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder);
if (isset($_GET['RelayState'])) { if (isset($_GET['RelayState'])) {
SimpleSAML_Utilities::redirect($_GET['RelayState']); SimpleSAML_Utilities::redirect($_GET['RelayState']);
} else { } else {
......
...@@ -36,8 +36,25 @@ try { ...@@ -36,8 +36,25 @@ try {
if (isset($session)) { if (isset($session)) {
SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response'); SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
/**
* Make a log entry in the statistics for this SSO login.
*/
$tempattr = $session->getAttributes();
$realmattr = $config->getValue('statistics.realmattr', null);
$realmstr = 'NA';
if (!empty($realmattr)) {
if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
$realmstr = $tempattr[$realmattr][0];
} else {
SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
}
}
SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $session->getIdP() . ' ' . $realmstr);
$relayState = $authnResponse->getRelayState(); $relayState = $authnResponse->getRelayState();
if (isset($relayState)) { if (isset($relayState)) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment