Skip to content
Snippets Groups Projects
Commit d94cf006 authored by Guy Halse's avatar Guy Halse
Browse files

Differentiate passive requests from others 

A more flexible version of the original patch, based on comments from
@thijskh and @jaimeperez. This version will allow you to skip logging
passive requests entirely by setting `skipPassive` in the config, or
alternatively will prefix the log tag with 'passive-'.
parent c7ea4017
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/core/docs/authproc_statisticswithattribute.md
+ 3
0
View file @ d94cf006
...@@ -12,6 +12,9 @@ Parameters ...@@ -12,6 +12,9 @@ Parameters
`type` `type`
: The type of the statistics entry. : The type of the statistics entry.
`skipPassive`
: A boolean indicating whether passive requests should be skipped. Defaults to `FALSE`, in which case the type tag is prefixed with 'passive-'.
Example Example
------- -------
......
modules/core/lib/Auth/Process/StatisticsWithAttribute.php
+ 14
4
View file @ d94cf006
...@@ -16,6 +16,8 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P ...@@ -16,6 +16,8 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
private $typeTag = 'saml20-idp-SSO'; private $typeTag = 'saml20-idp-SSO';
private $skipPassive = false;
/** /**
* Initialize this filter. * Initialize this filter.
...@@ -41,6 +43,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P ...@@ -41,6 +43,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
throw new Exception('Invalid typeTag given to core:StatisticsWithAttribute filter.'); throw new Exception('Invalid typeTag given to core:StatisticsWithAttribute filter.');
} }
} }
if (array_key_exists('skipPassive', $config)) {
$this->skipPassive = (bool)$config['skipPassive'];
}
} }
...@@ -56,10 +62,14 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P ...@@ -56,10 +62,14 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
$logAttribute = 'NA'; $logAttribute = 'NA';
$source = 'NA'; $source = 'NA';
$dest = 'NA'; $dest = 'NA';
$isPassive = '';
if(array_key_exists('isPassive', $state) && $state['isPassive'] === true) { if(array_key_exists('isPassive', $state) && $state['isPassive'] === true) {
// We have a passive request. Skip logging statistics if ($this->skipPassive === true) {
return; // We have a passive request. Skip logging statistics
return;
}
$isPassive = 'passive-';
} }
if (array_key_exists($this->attribute, $state['Attributes'])) $logAttribute = $state['Attributes'][$this->attribute][0]; if (array_key_exists($this->attribute, $state['Attributes'])) $logAttribute = $state['Attributes'][$this->attribute][0];
...@@ -81,10 +91,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P ...@@ -81,10 +91,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
if (!array_key_exists('PreviousSSOTimestamp', $state)) { if (!array_key_exists('PreviousSSOTimestamp', $state)) {
// The user hasn't authenticated with this SP earlier in this session // The user hasn't authenticated with this SP earlier in this session
SimpleSAML\Logger::stats($this->typeTag . '-first ' . $dest . ' ' . $source . ' ' . $logAttribute); SimpleSAML\Logger::stats($isPassive . $this->typeTag . '-first ' . $dest . ' ' . $source . ' ' . $logAttribute);
} }
SimpleSAML\Logger::stats($this->typeTag . ' ' . $dest . ' ' . $source . ' ' . $logAttribute); SimpleSAML\Logger::stats($isPassive . $this->typeTag . ' ' . $dest . ' ' . $source . ' ' . $logAttribute);
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment