From 88b50a71d7b186eb7ea603f8f55aa1da9855613b Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 21 Mar 2012 12:29:04 +0000
Subject: [PATCH] saml:IdP: New statistics.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3055 44740490-163a-0410-bde0-09ae8108e29a
---
modules/saml/lib/IdP/SAML1.php | 11 +++++++
modules/saml/lib/IdP/SAML2.php | 54 +++++++++++++++++++++++++++++++++-
2 files changed, 64 insertions(+), 1 deletion(-)
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index 9b90ed10c..3f50fa3d5 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -37,6 +37,12 @@ class sspmod_saml_IdP_SAML1 {
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ SimpleSAML_Stats::log('saml:idp:Response', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ 'protocol' => 'saml1',
+ ));
+
/* Generate and send response. */
$ar = new SimpleSAML_XML_Shib13_AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
@@ -101,6 +107,11 @@ class sspmod_saml_IdP_SAML1 {
var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE));
}
+ SimpleSAML_Stats::log('saml:AuthnRequest', array(
+ 'spEntityID' => $spEntityId,
+ 'protocol' => 'saml1',
+ ));
+
$sessionLostURL = SimpleSAML_Utilities::addURLparameter(
SimpleSAML_Utilities::selfURL(),
array('cookieTime' => time()));
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index a7d04b384..17d01b3ca 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -64,6 +64,12 @@ class sspmod_saml_IdP_SAML2 {
/* Register the session association with the IdP. */
$idp->addAssociation($association);
+ SimpleSAML_Stats::log('saml:idp:Response', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ 'protocol' => 'saml2',
+ ));
+
/* Send the response. */
$binding = SAML2_Binding::getBinding($protocolBinding);
$binding->send($ar);
@@ -105,10 +111,18 @@ class sspmod_saml_IdP_SAML2 {
$ar->setInResponseTo($requestId);
$ar->setRelayState($relayState);
- $ar->setStatus(array(
+ $status = array(
'Code' => $error->getStatus(),
'SubCode' => $error->getSubStatus(),
'Message' => $error->getStatusMessage(),
+ );
+ $ar->setStatus($status);
+
+ SimpleSAML_Stats::log('saml:idp:Response:error', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ 'protocol' => 'saml2',
+ 'error' => $status,
));
$binding = SAML2_Binding::getBinding($protocolBinding);
@@ -259,6 +273,8 @@ class sspmod_saml_IdP_SAML2 {
$extensions = NULL;
$allowCreate = TRUE;
+ $idpInit = TRUE;
+
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: IdP initiated authentication: '. var_export($spEntityId, TRUE));
} else {
@@ -304,9 +320,20 @@ class sspmod_saml_IdP_SAML2 {
$allowCreate = FALSE;
}
+ $idpInit = FALSE;
+
SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '. var_export($spEntityId, TRUE));
}
+ SimpleSAML_Stats::log('saml:AuthnRequest', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ 'forceAuthn' => $forceAuthn,
+ 'isPassive' => $isPassive,
+ 'protocol' => 'saml2',
+ 'idpInit' => $idpInit,
+ ));
+
$acsEndpoint = self::getAssertionConsumerService($supportedBindings, $spMetadata, $consumerURL, $protocolBinding, $consumerIndex);
$IDPList = array_unique(array_merge($IDPList, $spMetadata->getArrayizeString('IDPList', array())));
@@ -373,15 +400,23 @@ class sspmod_saml_IdP_SAML2 {
$lr->setRelayState($state['saml:RelayState']);
if (isset($state['core:Failed']) && $state['core:Failed']) {
+ $partial = TRUE;
$lr->setStatus(array(
'Code' => SAML2_Const::STATUS_SUCCESS,
'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT,
));
SimpleSAML_Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, TRUE));
} else {
+ $partial = FALSE;
SimpleSAML_Logger::debug('Sending logout response to SP ' . var_export($spEntityId, TRUE));
}
+ SimpleSAML_Stats::log('saml:idp:LogoutResponse:sent', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ 'partial' => $partial
+ ));
+
$binding = new SAML2_HTTPRedirect();
$binding->send($lr);
}
@@ -412,6 +447,14 @@ class sspmod_saml_IdP_SAML2 {
if ($message instanceof SAML2_LogoutResponse) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutResponse from: '. var_export($spEntityId, TRUE));
+ $statsData = array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ );
+ if (!$message->isSuccess()) {
+ $statsData['error'] = $message->getStatus();
+ }
+ SimpleSAML_Stats::log('saml:idp:LogoutResponse:recv', $statsData);
$relayState = $message->getRelayState();
@@ -430,6 +473,10 @@ class sspmod_saml_IdP_SAML2 {
} elseif ($message instanceof SAML2_LogoutRequest) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutRequest from: '. var_export($spEntityId, TRUE));
+ SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array(
+ 'spEntityID' => $spEntityId,
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ ));
$spStatsId = $spMetadata->getString('core:statistics-id', $spEntityId);
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spStatsId . ' ' . $idpMetadata->getString('entityid'));
@@ -486,6 +533,11 @@ class sspmod_saml_IdP_SAML2 {
$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
}
+ SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array(
+ 'spEntityID' => $association['saml:entityID'],
+ 'idpEntityID' => $idpMetadata->getString('entityid'),
+ ));
+
$binding = new SAML2_HTTPRedirect();
return $binding->getRedirectURL($lr);
}
--
GitLab