Improvement to debuglogging logging in general, handling of illegal input to...

Improvement to debuglogging logging in general, handling of illegal input to saml interfaces, improved error handling, better language support, collected all error messages in one dictionary file. +++

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@308 44740490-163a-0410-bde0-09ae8108e29a

templates/default/en/error.php

@@ -5,13 +5,15 @@
 ?>
 
 
-	<div id="content">
-	
-		<h2><?php echo (isset($this->data['title']) ? $this->data['title'] : 'simpleSAMLphp error'); ?></h2>
+<div id="content">
+
+	<h2><?php 
+		echo (isset($this->data['title_' . $this->data['errorcode']]) ? $this->data['title_' . $this->data['errorcode']] : 'simpleSAMLphp error'); 
+	?></h2>
 
 <?php
-if(array_key_exists('descr', $this->data)) {
-	echo '<p>' . $this->data['descr'] . '</p>';
+if(array_key_exists('descr_'  . $this->data['errorcode'], $this->data)) {
+	echo '<p>' . $this->data['descr_' . $this->data['errorcode']] . '</p>';
 }
 ?>
 
@@ -77,10 +79,10 @@ if (!empty($this->data['errorreportaddress'])) {
 
 
 		
-		<h2 style="clear: both">How to get help</h2>
-		
-		
-		<p>This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above.</p>
+	<h2 style="clear: both">How to get help</h2>
+	
+	
+	<p>This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above.</p>
 		
 
 

templates/default/en/status.php

 <?php $this->includeAtTemplateBase('includes/header.php'); ?>
 
 	
-	<div id="content">
+<div id="content">
 
-		<h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
-		
-		<p>Hi, this is the status page of simpleSAMLphp. Here you can see if your session is timed out, how long it lasts until it times out and all the attributes that is attached to your session.</p>
-		
-		<p><?php echo $data['valid']; ?>. Your session is valid for <?php echo $data['remaining']; ?> seconds from now.</p>
-		
-		<p>Session size: <?php echo isset($data['sessionsize']) ? $data['sessionsize'] : 'na'; ?>
-		
-		<h2>Your attributes</h2>
+	<h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Some error occured"; } ?></h2>
+	
+	<p>Hi, this is the status page of simpleSAMLphp. Here you can see if your session is timed out, how long it lasts until it times out and all the attributes that is attached to your session.</p>
+	
+	<p>Your session is valid for <?php echo $data['remaining']; ?> seconds from now.</p>
+	
+	<p>Session size: <?php echo isset($data['sessionsize']) ? $data['sessionsize'] : 'na'; ?>
+	
+	<h2>Your attributes</h2>
+	
+		<table>
+		<?php
 		
-			<table>
-			<?php
-			
-			$attributes = $data['attributes'];
-			foreach ($attributes AS $name => $value) {
-				if (sizeof($value) > 1) {
-					echo '<tr><td>' . htmlspecialchars($name) . '</td><td><ul>';
-					foreach ($value AS $v) {
-						echo '<li>' . htmlspecialchars($v) . '</li>';
-					}
-					echo '</ul></td></tr>';
-				} else {
-					echo '<tr><td>' . htmlspecialchars($name) . '</td><td>' . htmlspecialchars($value[0]) . '</td></tr>';
+		$attributes = $data['attributes'];
+		foreach ($attributes AS $name => $value) {
+			if (sizeof($value) > 1) {
+				echo '<tr><td>' . htmlspecialchars($name) . '</td><td><ul>';
+				foreach ($value AS $v) {
+					echo '<li>' . htmlspecialchars($v) . '</li>';
 				}
+				echo '</ul></td></tr>';
+			} else {
+				echo '<tr><td>' . htmlspecialchars($name) . '</td><td>' . htmlspecialchars($value[0]) . '</td></tr>';
 			}
-			
-			?>
-			</table>
+		}
+		
+		?>
+		</table>
 
-		<h2>Logout</h2>
+	<h2>Logout</h2>
 
-			<p><?php echo $data['logout']; ?></p>
-		
-		<h2>About simpleSAMLphp</h2>
-		<p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
-		You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
-		
+		<p><?php echo $data['logout']; ?></p>
+	
+	<h2>About simpleSAMLphp</h2>
+	<p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
+	You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+	
 <?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file

templates/default/includes/footer.php

 		<hr />
 		
-		Copyright &copy; 2007 <a href="http://rnd.feide.no/">Feide RnD</a>
+		Copyright &copy; 2007-2008 <a href="http://rnd.feide.no/">Feide RnD</a>
 		
 		<hr />
 	

www/example-simple/saml2-example.php

 <?php
 
+/**
+ * The _include script sets simpleSAMLphp libraries in the PHP PATH, as well as 
+ * initialize the simpleSAMLphp config class with the correct path.
+ */
 require_once('../_include.php');
 
+/**
+ * We need to load a few classes from simpleSAMLphp. These are available because
+ * the _include script above did set the PHP class PATH properly.
+ */
 require_once('SimpleSAML/Utilities.php');
 require_once('SimpleSAML/Session.php');
-require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 require_once('SimpleSAML/XHTML/Template.php');
 
 
 /* Load simpleSAMLphp, configuration and metadata */
 $config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance(true);
+$session = SimpleSAML_Session::getInstance(TRUE);
 
-/* Check if valid local session exists.. */
-if (!isset($session) || !$session->isValid('saml2') ) {
+/**
+ * Check if valid local session exists, and the authority is the SAML 2.0 SP
+ * part of simpleSAMLphp. If the currenct session is not valid, the user is
+ * redirected to the initSSO.php script. This script will send the user to
+ * a SAML 2.0 IdP with an authentication request, and thereafter the user
+ * will be asked at the SAML 2.0 IdP to authenticate. You add one important
+ * parameter when you send the user to the initSSO script, the RelayState.
+ * The RelayState URL is the URL that you want to send the user to after
+ * authentication is complete - and usually you want to send the user back
+ * to this very page. To get the URL of the current page we use the selfURL()
+ * helper function.
+ *
+ * When the user is complete authenticating at the IdP, the user will be sent
+ * back to the AssertionConsumerService.php script in simpleSAMLphp. The assertion
+ * is validated, and if trusted, the user's session is set to be valid, and the user
+ * is redirected back to the RelayState URL. And then the user is here again, but 
+ * authenticated, and therefore passes the if sentence below, and moves on to 
+ * retrieving attributes from the session.
+ */
+if (!$session->isValid('saml2') ) {
 	SimpleSAML_Utilities::redirect(
-		'/' . $config->getValue('baseurlpath') .
-		'saml2/sp/initSSO.php',
+		'/' . $config->getValue('baseurlpath') . 'saml2/sp/initSSO.php',
 		array('RelayState' => SimpleSAML_Utilities::selfURL())
-		);
+	);
 }
 
 $attributes = $session->getAttributes();
@@ -34,18 +57,16 @@ $attributes = $session->getAttributes();
  *
  */
 
-$et = new SimpleSAML_XHTML_Template($config, 'status.php');
+$t = new SimpleSAML_XHTML_Template($config, 'status.php');
 
-$et->data['header'] = 'SAML 2.0 SP Demo Example';
-$et->data['remaining'] = $session->remainingTime();
-$et->data['sessionsize'] = $session->getSize();
-$et->data['attributes'] = $attributes;
-$et->data['valid'] = $session->isValid() ? 'Session is valid' : 'Session is invalid';
-	$et->data['icon'] = 'bino.png';
-$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' . 
+$t->data['header'] = 'SAML 2.0 SP Demo Example';
+$t->data['remaining'] = $session->remainingTime();
+$t->data['sessionsize'] = $session->getSize();
+$t->data['attributes'] = $attributes;
+$t->data['icon'] = 'bino.png';
+$t->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' . 
 	$config->getValue('baseurlpath') . 'logout.html">Logout</a> ]';
-
-$et->show();
+$t->show();
 
 
 ?>
\ No newline at end of file

www/saml2/idp/SingleLogoutService.php

@@ -28,12 +28,16 @@ $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance();
 
-$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-
 SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
 
 if (!$config->getValue('enable.saml20-idp', false))
-	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+	SimpleSAML_Utilities::fatalError(isset($session) ? $session->getTrackID() : null, 'NOACCESS');
+
+try {
+	$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+} catch (Exception $exception) {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
 
 
 /**
@@ -147,6 +151,9 @@ if (isset($_GET['SAMLRequest'])) {
 	$session->set_sp_logout_completed($loginresponse->getIssuer());
 
 	SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
+} else {
+	
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
 }
 
 

www/saml2/sp/AssertionConsumerService.php

@@ -34,6 +34,9 @@ SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2
 if (!$config->getValue('enable.saml20-sp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
+if (empty($_POST['SAMLResponse'])) 
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'ACSPARAMS', $exception);
+
 	
 try {
 	

www/saml2/sp/SingleLogoutService.php

@@ -101,6 +101,9 @@ if (isset($_GET['SAMLRequest'])) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
 	}
 
+} else {
+	
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
 }
 
 

www/shib13/idp/SSOService.php

@@ -28,9 +28,6 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $session = SimpleSAML_Session::getInstance(true);
 
 
-$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
-$idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
-
 $requestid = null;
 
 SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
@@ -38,7 +35,12 @@ SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP
 if (!$config->getValue('enable.shib13-idp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
-
+try {
+	$idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
+	$idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
+} catch (Exception $exception) {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
 
 /*
  * If the shire query parameter is set, we got an incomming Authentication Request 

www/shib13/sp/AssertionConsumerService.php

@@ -21,6 +21,9 @@ SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibbo
 if (!$config->getValue('enable.shib13-sp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
+if (empty($_POST['SAMLResponse'])) 
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'ACSPARAMS', $exception);
+
 try {
 
 	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();