Improvement to debuglogging logging in general, handling of illegal input to...

Improvement to debuglogging logging in general, handling of illegal input to saml interfaces, improved error handling, better language support, collected all error messages in one dictionary file. +++

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@308 44740490-163a-0410-bde0-09ae8108e29a

dictionaries/error_CACHEAUTHNREQUEST.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error making single sign-on to service',
-		'descr'	=>	'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.'
-	)
-);
\ No newline at end of file

dictionaries/error_CREATEREQUEST.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error creating request',
-		'descr'	=>	'An error occured when trying to create the SAML request.'
-	)
-);
\ No newline at end of file

dictionaries/error_DISCOPARAMS.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Bad request to discovery service',
-		'descr'	=>	'The parameters sent to the discovery service were not following the specification.'
-	)
-);
\ No newline at end of file

dictionaries/error_GENERATEAUTHNRESPONSE.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Could not create authentication response',
-		'descr'	=>	'When this identity provider tried to create an authentication response, an error occured.'
-	)
-);
\ No newline at end of file

dictionaries/error_LDAPERROR.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'LDAP Error',
-		'descr'	=>	'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.'
-	)
-);
\ No newline at end of file

dictionaries/error_LOGOUTREQUEST.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error processing Logout Request',
-		'descr'	=>	'An error occured when trying to process the Logout Request.'
-
-	)
-);
\ No newline at end of file

dictionaries/error_LOGOUTRESPONSE.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error processing Logout Response',
-		'descr'	=>	'An error occured when trying to process the Logout Response.'
-	)
-);
\ No newline at end of file

dictionaries/error_METADATA.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error loading metadata',
-		'descr'	=>	'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.'
-	)
-);
\ No newline at end of file

dictionaries/error_NOACCESS.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'No Access',
-		'descr'	=>	'This endpoint is not enabled. Check the enable options in your configuration of simpleSAMLphp.'
-	)
-);
\ No newline at end of file

dictionaries/error_NORELAYSTATE.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'No RelayState',
-		'descr'	=>	'The initiator of this request did not provide an RelayState parameter, that tells where to go next.'
-	)
-);
\ No newline at end of file

dictionaries/error_NOSESSION.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'No session found',
-		'descr'	=>	'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.'
-	),
-	'no'	=>	array(
-		'title'	=> 'Kunne ikke etablere sesjon',
-		'descr'	=> 'Desverre kunne vi ikke etablere en sesjon for deg. Dette kan skyldes at din nettleser ikke støtter cookies, eller at cookies er slått av.'
-	)
-);
\ No newline at end of file

dictionaries/error_PROCESSASSERTION.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error processing response from IdP',
-		'descr'	=>	'We did not accept the response sent from the Identity Provider.'
-	)
-);
\ No newline at end of file

dictionaries/error_PROCESSAUTHNREQUEST.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Error processing request from Service Provider',
-		'descr'	=>	'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.'
-	)
-);
\ No newline at end of file

dictionaries/error_SSOSERVICEPARAMS.php

-<?php
-
-$lang = array(
-	'en'	=>	array(
-		'title'	=>	'Wrong parameters provided',
-		'descr'	=>	'You must either provide a SAML Request message or a RequestID on this interface.'
-	)
-);
\ No newline at end of file

dictionaries/errors.php

+<?php
+
+$lang = array(
+	'en'	=>	array(
+		'title_CACHEAUTHNREQUEST'	=>	'Error making single sign-on to service',
+		'descr_CACHEAUTHNREQUEST'	=>	'You can authenticated and are ready to be sent back to the service that requested authentication, but we could not find your cached authentication request. The request is only cached for a limited amount of time. If you leaved your browser open for hours before entering your username and password, this could be one possible explaination. If this could be the case in your situation, try to go back to the service you want to access, and start a new login process. If this issue continues, please report the problem.',
+		
+		'title_CREATEREQUEST' => 'Error creating request',
+		'descr_CREATEREQUEST' => 'An error occured when trying to create the SAML request.',
+		
+		'title_DISCOPARAMS' => 'Bad request to discovery service',
+		'descr_DISCOPARAMS' => 'The parameters sent to the discovery service were not following the specification.',
+		
+		'title_GENERATEAUTHNRESPONSE' => 'Could not create authentication response',
+		'descr_GENERATEAUTHNRESPONSE' => 'When this identity provider tried to create an authentication response, an error occured.',
+		
+		'title_LDAPERROR' => 'LDAP Error',
+		'descr_LDAPERROR' => 'LDAP is the user database, and when you try to login, we need to contact an LDAP database. When we tried it this time an error occured.',
+		
+		'title_LOGOUTREQUEST' => 'Error processing Logout Request',
+		'descr_LOGOUTREQUEST' => 'An error occured when trying to process the Logout Request.',
+		
+		'title_LOGOUTRESPONSE' => 'Error processing Logout Response',
+		'descr_LOGOUTRESPONSE' => 'An error occured when trying to process the Logout Response.',
+		
+		'title_METADATA' => 'Error loading metadata',
+		'descr_METADATA' => 'There is some misconfiguration of your simpleSAMLphp installation. If you are the administrator of this service, you should make sure your metadata configuration is correctly setup.',
+		
+		'title_NOACCESS' => 'No access',
+		'descr_NOACCESS' => 'This endpoint is not enabled. Check the enable options in your configuration of simpleSAMLphp.',
+		
+		'title_NORELAYSTATE' => 'No RelayState',
+		'descr_NORELAYSTATE' => 'The initiator of this request did not provide an RelayState parameter, that tells where to go next.',
+		
+		'title_NOSESSION' => 'No session found',
+		'descr_NOSESSION' => 'Unfortuneately we could not get your session. This could be because your browser do not support cookies, or cookies is disabled.',
+		
+		'title_PROCESSASSERTION' =>	'Error processing response from IdP',
+		'descr_PROCESSASSERTION' =>	'We did not accept the response sent from the Identity Provider.',
+		
+		'title_PROCESSAUTHNRESPONSE' =>	'Error processing request from Service Provider',
+		'descr_PROCESSAUTHNRESPONSE' =>	'This IdP received an authentication request from a service provider, but an error occured when trying to process the request.',
+		
+		'title_SSOSERVICEPARAMS' =>	'Wrong parameters provided',
+		'descr_SSOSERVICEPARAMS' =>	'You must either provide a SAML Request message or a RequestID on this interface.',
+		
+		'title_SLOSERVICEPARAMS' => 'No SAML message provided',
+		'descr_SLOSERVICEPARAMS' => 'You accessed the SingleLogoutService interface, but did not provide a SAML LogoutRequest or LogoutResponse.',
+		
+		'title_ACSPARAMS' => 'No SAML response provided',
+		'descr_ACSPARAMS' => 'You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response.'
+	)
+
+);
\ No newline at end of file

lib/SimpleSAML/Auth/LDAP.php

@@ -2,6 +2,7 @@
 
 require_once('SimpleSAML/Configuration.php');
 require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Logger.php');
 
 /**
  * The LDAP class holds helper functions to access an LDAP database.
@@ -43,6 +44,10 @@ class SimpleSAML_Auth_LDAP {
 	
 	
 	public function searchfordn($searchbase, $searchattr, $searchvalue) {
+	
+		SimpleSAML_Logger::debug('Library - LDAP: Search for DN (base:' . 
+			$searchbase . ' attr:' . $searchattr . ' value:' . $searchvalue . ')');
+
 		// Search for ePPN
 		$search = '(' . $searchattr . '=' . $searchvalue. ')';
 		$search_result = @ldap_search($this->ldap, $searchbase, $search);
@@ -78,8 +83,10 @@ class SimpleSAML_Auth_LDAP {
 	 */
 	public function bind($dn, $password) {
 		if (@ldap_bind($this->ldap, $dn, $password)) {
+			SimpleSAML_Logger::debug('Library - LDAP: Bind successfull with ' . $dn);
 			return true;
 		}
+		SimpleSAML_Logger::debug('Library - LDAP: Bind failed with ' . $dn);
 		return false;
 	}
 
@@ -89,7 +96,7 @@ class SimpleSAML_Auth_LDAP {
 	 */
 	public function getAttributes($dn, $search) {
 	
-	
+		SimpleSAML_Logger::debug('Library - LDAP: Get attributes from ' . $dn . ' (' . $search . ')');
 		$sr = @ldap_read($this->ldap, $dn, $search );
 		
 		if ($sr === false) 
@@ -111,6 +118,8 @@ class SimpleSAML_Auth_LDAP {
 			
 			$attributes[$ldapentries[0][$i]] = $values;
 		}
+		
+		SimpleSAML_Logger::debug('Library - LDAP: Found attributes (' . join(',', array_keys($attributes)) . ')');
 		return $attributes;
 	
 	}

lib/SimpleSAML/Logger.php

@@ -100,7 +100,7 @@ class SimpleSAML_Logger {
 		 * get trackid, prefixes all logstrings
 		 */
 		$session = SimpleSAML_Session::getInstance();
-		self::$trackid = $session->getTrackID();
+		self::$trackid = (isset($session) ? $session->getTrackID() : 'NA');
 
 		/* If 'session.handler' is NULL or unset, then we want
 		 * to fall back to the default PHP session handler.

lib/SimpleSAML/Session.php

@@ -78,6 +78,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 		$this->sessionduration = $configuration->getValue('session.duration');
 		
 		$this->trackid = SimpleSAML_Utilities::generateTrackID();
+
 	}
 
 
@@ -161,6 +162,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	// *** *** *** *** *** *** *** *** *** *** ***
 	
 	public function add_sp_session($entityid) {
+		SimpleSAML_Logger::debug('Library - Session: Adding SP session: ' . $entityid);
 		$this->sp_at_idpsessions[$entityid] = self::STATE_ONLINE;
 	}
 	
@@ -191,6 +193,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	}
 	
 	public function set_sp_logout_completed($entityid) {
+		SimpleSAML_Logger::debug('Library - Session: Setting SP state completed for : ' . $entityid);
 		$this->dirty = true;
 		$this->sp_at_idpsessions[$entityid] = self::STATE_LOGGEDOUT;
 	}
@@ -272,6 +275,8 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 
 
 	public function setIdP($idp) {
+	
+		SimpleSAML_Logger::debug('Library - Session: Set IdP to : ' . $idp);
 		$this->dirty = true;
 		$this->idp = $idp;
 	}
@@ -284,6 +289,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	
 	
 	public function setLogoutRequest($requestcache) {
+		SimpleSAML_Logger::debug('Library - Session: Adding LogoutRequest cache.');
 		$this->dirty = true;
 		$this->logoutrequest = $requestcache;
 	}
@@ -297,6 +303,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	
 
 	public function setSessionIndex($sessionindex) {
+		SimpleSAML_Logger::debug('Library - Session: Set sessionindex: ' . $sessionindex);
 		$this->dirty = true;
 		$this->sessionindex = $sessionindex;
 	}
@@ -304,6 +311,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 		return $this->sessionindex;
 	}
 	public function setNameID($nameid) {
+		SimpleSAML_Logger::debug('Library - Session: Set nameID: ');
 		$this->dirty = true;
 		$this->nameid = $nameid;
 	}
@@ -313,6 +321,8 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 
 	public function setAuthenticated($auth, $authority = null) {
 		
+		SimpleSAML_Logger::debug('Library - Session: Set authenticated ' . ($auth ? 'yes': 'no'). ' authority:' . 
+			(isset($authority) ? $authority : 'null'));
 		$this->authority = $authority;
 		$this->authenticated = $auth;
 		
@@ -322,6 +332,7 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	}
 	
 	public function setSessionDuration($duration) {
+		SimpleSAML_Logger::debug('Library - Session: Set session duration ' . $duration);
 		$this->dirty = true;
 		$this->sessionduration = $duration;
 	}
@@ -332,6 +343,12 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 	 * This function will return false after the user has timed out.
 	 */
 	public function isValid($authority = null) {
+		SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' .
+			' checkauthority:' . (isset($authority) ? $authority : 'null') . 
+			' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') .
+			' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') . 
+			' remainingtime:' . $this->remainingTime());
+			
 		if (!$this->isAuthenticated()) return false;
 		if (!empty($authority) && ($authority != $this->authority) ) return false;
 		return $this->remainingTime() > 0;

lib/SimpleSAML/Utilities.php

@@ -290,12 +290,14 @@ class SimpleSAML_Utilities {
 		SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - UserError: ErrCode:'.(!empty($errorcode) ? $errorcode : 'na').': '.urlencode($emsg) );
 		
 		$languagefile = null;
-		if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php';
+		if (isset($errorcode)) $languagefile = 'errors.php';
 		
 		// Initialize a template
 		$t = new SimpleSAML_XHTML_Template($config, 'error.php', $languagefile);
 		
 		
+		$t->data['errorcode'] = $errorcode;
+		
 		$t->data['showerrors'] = $config->getValue('showerrors', true);
 		$t->data['errorreportaddress'] = $config->getValue('errorreportaddress', null); 
 		

lib/SimpleSAML/XHTML/Template.php

@@ -92,8 +92,10 @@ class SimpleSAML_XHTML_Template {
 		include($filebase . $file);
 	}
 	
+	/**
+	 * Include language file from the dictionaries directory.
+	 */
 	private function includeLanguageFile($file) {
-		$data = $this->data;
 		$filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir');
 		
 		if (!file_exists($filebase . $file)) {
@@ -115,7 +117,9 @@ class SimpleSAML_XHTML_Template {
 		}
 	}
 
-	
+	/**
+	 * Show the template to the user.
+	 */
 	public function show() {
 		$data = $this->data;
 		$filename = $this->configuration->getBaseDir() . $this->configuration->getValue('templatedir') . $this->getLanguage() . '/' . 
@@ -128,7 +132,7 @@ class SimpleSAML_XHTML_Template {
 
 
 			if (!file_exists($filename)) {
-				SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
+				SimpleSAML_Logger::critical($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
 			
 				echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']';
 				exit(0);