Skip to content
Snippets Groups Projects
Commit 88b50a71 authored by Olav Morken's avatar Olav Morken
Browse files

saml:IdP: New statistics. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3055 44740490-163a-0410-bde0-09ae8108e29a
parent bae1cd22
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/saml/lib/IdP/SAML1.php
+ 11
0
View file @ 88b50a71
...@@ -37,6 +37,12 @@ class sspmod_saml_IdP_SAML1 { ...@@ -37,6 +37,12 @@ class sspmod_saml_IdP_SAML1 {
$config = SimpleSAML_Configuration::getInstance(); $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
SimpleSAML_Stats::log('saml:idp:Response', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'protocol' => 'saml1',
));
/* Generate and send response. */ /* Generate and send response. */
$ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $ar = new SimpleSAML_XML_Shib13_AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
...@@ -101,6 +107,11 @@ class sspmod_saml_IdP_SAML1 { ...@@ -101,6 +107,11 @@ class sspmod_saml_IdP_SAML1 {
var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE)); var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
} }
SimpleSAML_Stats::log('saml:AuthnRequest', array(
'spEntityID' => $spEntityId,
'protocol' => 'saml1',
));
$sessionLostURL = SimpleSAML_Utilities::addURLparameter( $sessionLostURL = SimpleSAML_Utilities::addURLparameter(
SimpleSAML_Utilities::selfURL(), SimpleSAML_Utilities::selfURL(),
array('cookieTime' => time())); array('cookieTime' => time()));
......
modules/saml/lib/IdP/SAML2.php
+ 53
1
View file @ 88b50a71
...@@ -64,6 +64,12 @@ class sspmod_saml_IdP_SAML2 { ...@@ -64,6 +64,12 @@ class sspmod_saml_IdP_SAML2 {
/* Register the session association with the IdP. */ /* Register the session association with the IdP. */
$idp->addAssociation($association); $idp->addAssociation($association);
SimpleSAML_Stats::log('saml:idp:Response', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'protocol' => 'saml2',
));
/* Send the response. */ /* Send the response. */
$binding = SAML2_Binding::getBinding($protocolBinding); $binding = SAML2_Binding::getBinding($protocolBinding);
$binding->send($ar); $binding->send($ar);
...@@ -105,10 +111,18 @@ class sspmod_saml_IdP_SAML2 { ...@@ -105,10 +111,18 @@ class sspmod_saml_IdP_SAML2 {
$ar->setInResponseTo($requestId); $ar->setInResponseTo($requestId);
$ar->setRelayState($relayState); $ar->setRelayState($relayState);
$ar->setStatus(array( $status = array(
'Code' => $error->getStatus(), 'Code' => $error->getStatus(),
'SubCode' => $error->getSubStatus(), 'SubCode' => $error->getSubStatus(),
'Message' => $error->getStatusMessage(), 'Message' => $error->getStatusMessage(),
);
$ar->setStatus($status);
SimpleSAML_Stats::log('saml:idp:Response:error', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'protocol' => 'saml2',
'error' => $status,
)); ));
$binding = SAML2_Binding::getBinding($protocolBinding); $binding = SAML2_Binding::getBinding($protocolBinding);
...@@ -259,6 +273,8 @@ class sspmod_saml_IdP_SAML2 { ...@@ -259,6 +273,8 @@ class sspmod_saml_IdP_SAML2 {
$extensions = NULL; $extensions = NULL;
$allowCreate = TRUE; $allowCreate = TRUE;
$idpInit = TRUE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE));
} else { } else {
...@@ -304,9 +320,20 @@ class sspmod_saml_IdP_SAML2 { ...@@ -304,9 +320,20 @@ class sspmod_saml_IdP_SAML2 {
$allowCreate = FALSE; $allowCreate = FALSE;
} }
$idpInit = FALSE;
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '. var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '. var_export($spEntityId, TRUE));
} }
SimpleSAML_Stats::log('saml:AuthnRequest', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'forceAuthn' => $forceAuthn,
'isPassive' => $isPassive,
'protocol' => 'saml2',
'idpInit' => $idpInit,
));
$acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex); $acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex);
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array()))); $IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
...@@ -373,15 +400,23 @@ class sspmod_saml_IdP_SAML2 { ...@@ -373,15 +400,23 @@ class sspmod_saml_IdP_SAML2 {
$lr->setRelayState($state['saml:RelayState']); $lr->setRelayState($state['saml:RelayState']);
if (isset($state['core:Failed']) && $state['core:Failed']) { if (isset($state['core:Failed']) && $state['core:Failed']) {
$partial = TRUE;
$lr->setStatus(array( $lr->setStatus(array(
'Code' => SAML2_Const::STATUS_SUCCESS, 'Code' => SAML2_Const::STATUS_SUCCESS,
'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT, 'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT,
)); ));
SimpleSAML_Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, TRUE));
} else { } else {
$partial = FALSE;
SimpleSAML_Logger::debug('Sending logout response to SP ' . var_export($spEntityId, TRUE)); SimpleSAML_Logger::debug('Sending logout response to SP ' . var_export($spEntityId, TRUE));
} }
SimpleSAML_Stats::log('saml:idp:LogoutResponse:sent', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'partial' => $partial
));
$binding = new SAML2_HTTPRedirect(); $binding = new SAML2_HTTPRedirect();
$binding->send($lr); $binding->send($lr);
} }
...@@ -412,6 +447,14 @@ class sspmod_saml_IdP_SAML2 { ...@@ -412,6 +447,14 @@ class sspmod_saml_IdP_SAML2 {
if ($message instanceof SAML2_LogoutResponse) { if ($message instanceof SAML2_LogoutResponse) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutResponse from: '. var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('Received SAML 2.0 LogoutResponse from: '. var_export($spEntityId, TRUE));
$statsData = array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
);
if (!$message->isSuccess()) {
$statsData['error'] = $message->getStatus();
}
SimpleSAML_Stats::log('saml:idp:LogoutResponse:recv', $statsData);
$relayState = $message->getRelayState(); $relayState = $message->getRelayState();
...@@ -430,6 +473,10 @@ class sspmod_saml_IdP_SAML2 { ...@@ -430,6 +473,10 @@ class sspmod_saml_IdP_SAML2 {
} elseif ($message instanceof SAML2_LogoutRequest) { } elseif ($message instanceof SAML2_LogoutRequest) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutRequest from: '. var_export($spEntityId, TRUE)); SimpleSAML_Logger::info('Received SAML 2.0 LogoutRequest from: '. var_export($spEntityId, TRUE));
SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array(
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
));
$spStatsId = $spMetadata->getString('core:statistics-id', $spEntityId); $spStatsId = $spMetadata->getString('core:statistics-id', $spEntityId);
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spStatsId . ' ' . $idpMetadata->getString('entityid')); SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spStatsId . ' ' . $idpMetadata->getString('entityid'));
...@@ -486,6 +533,11 @@ class sspmod_saml_IdP_SAML2 { ...@@ -486,6 +533,11 @@ class sspmod_saml_IdP_SAML2 {
$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata)); $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
} }
SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array(
'spEntityID' => $association['saml:entityID'],
'idpEntityID' => $idpMetadata->getString('entityid'),
));
$binding = new SAML2_HTTPRedirect(); $binding = new SAML2_HTTPRedirect();
return $binding->getRedirectURL($lr); return $binding->getRedirectURL($lr);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment