Switching notice log messages with info, and removed authentication to the metadata interface

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@315 44740490-163a-0410-bde0-09ae8108e29a

www/aselect/handler.php

@@ -122,7 +122,7 @@ session_start();
 
 // log an error and throw an exception
 function as_error_exception($msg) {
-	SimpleSAML_Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $msg));
+	SimpleSAML_Logger::info(array('1', 'aselect', 'handler', 'request', 'access', $msg));
 	throw new Exception($msg);
 }
 
@@ -438,7 +438,7 @@ function as_request_bridge_return() {
 
 // demultiplex incoming request
 try {
-	SimpleSAML_Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI']));
+	SimpleSAML_Logger::info(array('1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI']));
 	if ($_GET['request']) {
 		$handler = 'as_request_' . $_GET['request'];
 		$handler();

www/auth/login-admin.php

@@ -60,7 +60,7 @@ if (isset($_POST['password'])) {
 			'value' => SimpleSAML_Utilities::generateID(),
 			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 		
-		SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
+		SimpleSAML_Logger::info('AUTH - admin: '. $username . ' successfully authenticated');
 
 		/**
 		 * Create a statistics log entry for every successfull login attempt.

www/auth/login-feide.php

@@ -112,7 +112,7 @@ if (isset($_REQUEST['username'])) {
 		 * Do LDAP bind using DN found from the search on ePPN.
 		 */
 		if (!$ldap->bind($dn, $password)) {
-			SimpleSAML_Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn);
+			SimpleSAML_Logger::info('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn);
 			throw new Exception('Wrong username or password');
 		}
 
@@ -121,7 +121,7 @@ if (isset($_REQUEST['username'])) {
 		 */
 		$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
 
-		SimpleSAML_Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated');
+		SimpleSAML_Logger::info('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated');
 		
 		$session->setAuthenticated(true, 'login-feide');
 		$session->setAttributes($attributes);

www/auth/login-ldapmulti.php

@@ -64,7 +64,7 @@ if (isset($_POST['username'])) {
 					ldap_error($ds) . "] ErrNo=[" .
 					ldap_errno($ds) . "]";
 	
-				SimpleSAML_Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate');
+				SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate');
 				
 			} else {
 				$sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
@@ -85,7 +85,7 @@ if (isset($_POST['username'])) {
 				//print_r($ldapentries);
 				//print_r($attributes);
 				
-				SimpleSAML_Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
+				SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
 				
 				
 				$session->setAuthenticated(true, 'login-ldapmulti');

www/auth/login-radius.php

@@ -81,7 +81,7 @@ if (isset($_POST['username'])) {
 
 				//$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
 				
-				SimpleSAML_Logger::notice('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
+				SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
 				
 				$session->setAuthenticated(true, 'login-radius');
 				
@@ -108,7 +108,7 @@ if (isset($_POST['username'])) {
 	
 			case RADIUS_ACCESS_REJECT:
 			
-				SimpleSAML_Logger::notice('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
+				SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
 				throw new Exception('Radius authentication error: Bad credentials ');
 				break;
 			case RADIUS_ACCESS_CHALLENGE:

www/auth/login.php

@@ -83,7 +83,7 @@ if (isset($_POST['username'])) {
 				$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
 					. "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
 				
-				SimpleSAML_Logger::notice('AUTH - ldap: '. $username . ' failed to authenticate');
+				SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' failed to authenticate');
 				
 			} else {
 				$sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
@@ -137,7 +137,7 @@ if (isset($_POST['username'])) {
 					'value' => SimpleSAML_Utilities::generateID(),
 					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 				
-				SimpleSAML_Logger::notice('AUTH - ldap: '. $username . ' successfully authenticated');
+				SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' successfully authenticated');
 				
 				
 				SimpleSAML_Utilities::redirect($relaystate);

www/saml2/idp/SSOService.php

@@ -128,7 +128,7 @@ $authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null
 if (!isset($session) || !$session->isValid($authority) ) {
 
 
-	SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']);
+	SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']);
 
 	$relaystate = SimpleSAML_Utilities::selfURLNoQuery() .
 		'?RequestID=' . urlencode($requestid);
@@ -157,7 +157,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
 			
 			if (!isset($_GET['consent'])) {
 
-				SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Requires consent from user for attribute release');
+				SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Requires consent from user for attribute release');
 
 				$t = new SimpleSAML_XHTML_Template($config, 'consent.php');
 				$t->data['header'] = 'Consent';
@@ -169,7 +169,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
 				
 			} else {
 			
-				SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Got consent from user');
+				SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Got consent from user');
 			}
 			
 		}
@@ -178,7 +178,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
 		// Right now the list is used for SAML 2.0 only.
 		$session->add_sp_session($spentityid);
 
-		SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to '.$spentityid);
+		SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to '.$spentityid);
 		
 
 		

www/saml2/idp/SingleLogoutService.php

@@ -79,7 +79,7 @@ if (isset($_GET['SAMLRequest'])) {
 	$responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 	
 	
-	SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
+	SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
 	SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
 	
 	/* Check if we have a valid session. */
@@ -139,7 +139,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$loginresponse = $binding->decodeLogoutResponse($_GET);
 
 		if ($binding->validateQuery($loginresponse->getIssuer(),'SP','SAMLResponse')) {
-			SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: Valid signature found');
+			SimpleSAML_Logger::info('SAML2.0 - IDP.SingleLogoutService: Valid signature found');
 		}
 
 
@@ -160,7 +160,7 @@ if (isset($_GET['SAMLRequest'])) {
 
 	$session->set_sp_logout_completed($loginresponse->getIssuer());
 
-	SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
+	SimpleSAML_Logger::info('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
 } else {
 	
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
@@ -177,7 +177,7 @@ $session->dump_sp_sessions();
 $spentityid = $session->get_next_sp_logout();
 if ($spentityid) {
 
-	SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spentityid);
+	SimpleSAML_Logger::info('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spentityid);
 
 	try {
 		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);

www/saml2/idp/metadata.php

@@ -18,13 +18,6 @@ if (!$config->getValue('enable.saml20-idp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
-/* Check if valid local session exists.. */
-if (!isset($session) || !$session->isValid('login-admin') ) {
-	SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
-		array('RelayState' => SimpleSAML_Utilities::selfURL())
-	);
-}
-
 
 
 try {

www/saml2/sp/AssertionConsumerService.php

@@ -47,7 +47,7 @@ try {
 	
 	$authnResponse->process();
 
-	SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
 	
 	
 	/**

www/saml2/sp/SingleLogoutService.php

@@ -44,7 +44,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$logoutrequest = $binding->decodeLogoutRequest($_GET);
 
 		if ($binding->validateQuery($logoutrequest->getIssuer(),'SP')) {
-			SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found for '.$requestid);
+			SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Valid signature found for '.$requestid);
 		}
 
 		// Extract some parameters from the logout request
@@ -55,7 +55,7 @@ if (isset($_GET['SAMLRequest'])) {
 		//$responder = $config->getValue('saml2-hosted-sp');
 		$responder = $metadata->getMetaDataCurrentEntityID();
 	
-		SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
+		SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
 		SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester);
 	
 		// Create a logout response
@@ -67,7 +67,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
 	
 	
-		SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
+		SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
 	
 		// Send the Logout response using HTTP POST binding.
 		$httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
@@ -88,7 +88,7 @@ if (isset($_GET['SAMLRequest'])) {
 		$logoutresponse = $binding->decodeLogoutResponse($_GET);
 
 		if ($binding->validateQuery($logoutresponse->getIssuer(),'SP','SAMLResponse')) {
-			SimpleSAML_Logger::notice('SAML2.0  - SP.SingleLogoutService: Valid signature found');
+			SimpleSAML_Logger::info('SAML2.0  - SP.SingleLogoutService: Valid signature found');
 		}
 
 	} catch(Exception $exception) {

www/saml2/sp/initSLO.php

@@ -42,7 +42,7 @@ if (isset($session) ) {
 			$relayState = $_REQUEST['RelayState'];
 		}
 		
-		SimpleSAML_Logger::notice('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
 		
 		$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
 		
@@ -57,7 +57,7 @@ if (isset($session) ) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');		
 	
 	$relaystate = $_REQUEST['RelayState'];
-	SimpleSAML_Logger::notice('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
+	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
 	SimpleSAML_Utilities::redirect($relaystate);
 	
 }

www/saml2/sp/initSSO.php

@@ -44,7 +44,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
 	
 	if ($idpentityid == null) {
 	
-		SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
 		
 		$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
 		$discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid . 
@@ -67,7 +67,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
 			$relayState = $_GET['RelayState'];
 		}
 		
-		SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
 		
 		$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState);
 
@@ -82,7 +82,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
 	$relaystate = $_GET['RelayState'];
 		
 	if (isset($relaystate) && !empty($relaystate)) {
-		SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState');
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState');
 		SimpleSAML_Utilities::redirect($relaystate);
 	} else {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');

www/shib13/idp/metadata.php

@@ -18,13 +18,6 @@ if (!$config->getValue('enable.shib13-idp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
 
-/* Check if valid local session exists.. */
-if (!isset($session) || !$session->isValid('login-admin') ) {
-	SimpleSAML_Utilities::redirect('/' . $config->getValue('baseurlpath') . 'auth/login-admin.php',
-		array('RelayState' => SimpleSAML_Utilities::selfURL())
-	);
-}
-
 
 
 try {

www/shib13/sp/AssertionConsumerService.php

@@ -37,7 +37,7 @@ try {
 
 	if (isset($session)) {
 
-		SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+		SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
 
 		/**
 		 * Make a log entry in the statistics for this SSO login.

www/shib13/sp/initSSO.php

@@ -46,7 +46,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
 	
 	if ($idpentityid == null) {
 	
-		SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
+		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
 	
 		$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
 		$discservice = '/' . $config->getValue('baseurlpath') . 'shib13/sp/idpdisco.php?entityID=' . $spentityid . 
@@ -62,7 +62,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
 		if(isset($_GET['RelayState'])) 
 			$ar->setRelayState($_GET['RelayState']);
 
-		SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
+		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
 
 		$url = $ar->createRedirect($idpentityid);
 		SimpleSAML_Utilities::redirect($url);
@@ -77,7 +77,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
 	$relaystate = $session->getRelayState();
 	
 	if (isset($relaystate) && !empty($relaystate)) {
-		SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
+		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
 		SimpleSAML_Utilities::redirect($relaystate);
 	} else {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');