diff --git a/attributealter/alterfunctions.php b/attributealter/alterfunctions.php
index cb0e960bd1052084b765cf40e5ae2b6acee471d9..7d247bf159e7889cb22005326c3925a7359ca6fa 100644
--- a/attributealter/alterfunctions.php
+++ b/attributealter/alterfunctions.php
@@ -7,12 +7,18 @@ function attributealter_test(&$attributes, $spentityid = null, $idpentityid = nu
function attributealter_realm(&$attributes, $spentityid = null, $idpentityid = null) {
- if (array_key_exists('eduPersonPrincipalName', $attributes)) {
- $eduppn = $attributes['eduPersonPrincipalName'][0];
+ $attributename = 'eduPersonPrincipalName';
+# $attributename = 'edupersonprincipalname';
+ if (array_key_exists($attributename, $attributes)) {
+ $eduppn = $attributes[$attributename][0];
$splitted = explode('@', $eduppn);
if (count($splitted) > 1) {
$attributes['realm'] = array($splitted[1]);
+ } else {
+ SimpleSAML_Logger::debug('attributealter_realm: Wrong format on ' . $attributename . ' (not including @)');
}
+ } else {
+ SimpleSAML_Logger::debug('attributealter_realm: Could not find ' . $attributename);
}
}
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index 7468fe154719fba002d496610400c4b94af32987..2a2cdb8ac8c9356913acb01f653d7414d3f9892f 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -6,64 +6,30 @@ require_once('SimpleSAML/Session.php');
/**
* A class for logging
*
+ * @author Lasse Birnbaum Jensen, SDU.
* @author Andreas Ĺkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
* @package simpleSAMLphp
* @version $ID$
*/
-class SimpleSAML_Logger {
-
-
- private $configuration = null;
- private $loglevel = LOG_NOTICE;
-
- public function __construct() {
-
- $this->configuration = SimpleSAML_Configuration::getInstance();
- $this->loglevel = $this->configuration->getValue('logging.level');
-
- define_syslog_variables();
- openlog("simpleSAMLphp", LOG_PID, $this->configuration->getValue('logging.facility') );
-
- }
-
- /*
- * Log a message to syslog.
- */
- public function log($priority, $trackid = null, $module, $submodule, $eventtype, $content, $message) {
- /*
- error_log('This entry: ' . $message );
- error_log('This entry is ' . $priority . ' and will be loged if <= ' . $this->loglevel);
- error_log('LOG_ERR is ' . LOG_ERR . ' and LOGINFO is ' . LOG_INFO . " LOG_DEBUG is " . LOG_DEBUG);
- */
- if ($priority > $this->loglevel) return;
- if ($trackid == null) {
- $trackid = 'na';
- //$session = SimpleSAML_Session::getInstance(true);
- //$trackid = $session->getTrackID();
- }
-
- $contentstring = '';
- if (is_array($content)) {
- $contentstring = implode('|', $content);
- } else {
- $contentstring = $content;
- }
-
- $logstring = implode(',', array($priority, $trackid, $module, $submodule, $eventtype, $contentstring, $message));
- syslog($priority, " OLD ".$logstring);
-
- }
-}
interface SimpleSAML_Logger_LoggingHandler {
function log_internal($level,$string);
}
-class Logger {
+class SimpleSAML_Logger {
private static $loggingHandler = null;
private static $logLevel = null;
private static $trackid = null;
+/*
+ * LOG_ERR No statistics, only errors
+ * LOG_WARNING No statistics, only warnings/errors
+ * LOG_NOTICE Statistics and errors
+ * LOG_INFO Verbose logs
+ * LOG_DEBUG Full debug logs - not reccomended for production
+
+*/
+
static function emergency($string) {
self::log_internal(LOG_EMERG,$string);
}
@@ -84,21 +50,39 @@ class Logger {
self::log_internal(LOG_WARNING,$string);
}
+ /**
+ * We reserve the notice level for statistics, so do not use
+ * this level for other kind of log messages.
+ */
static function notice($string) {
self::log_internal(LOG_NOTICE,$string);
}
+ /**
+ * Info messages is abit less verbose than debug messages. This is useful
+ * for tracing a session.
+ */
static function info($string) {
self::log_internal(LOG_INFO,$string);
}
-
+
+ /**
+ * Debug messages is very verbose, and will contain more inforation than
+ * what is neccessary for a production system.
+ */
static function debug($string) {
self::log_internal(LOG_DEBUG,$string);
}
+ /**
+ * Statisitics
+ */
static function stats($string) {
- self::log_internal(LOG_INFO,$string,true);
+ self::log_internal(LOG_NOTICE,$string,true);
}
+
+
+
public static function createLoggingHandler() {
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
@@ -158,6 +142,46 @@ class Logger {
self::$loggingHandler->log_internal($level,$string);
}
}
+
+}
+
+
+ /*
+class SimpleSAML_Logger {
+
+
+ private $configuration = null;
+ private $loglevel = LOG_NOTICE;
+
+ public function __construct() {
+
+ $this->configuration = SimpleSAML_Configuration::getInstance();
+ $this->loglevel = $this->configuration->getValue('logging.level');
+
+ define_syslog_variables();
+ openlog("simpleSAMLphp", LOG_PID, $this->configuration->getValue('logging.facility') );
+
+ }
+ public function log($priority, $trackid = null, $module, $submodule, $eventtype, $content, $message) {
+
+ if ($priority > $this->loglevel) return;
+ if ($trackid == null) {
+ $trackid = 'na';
+ }
+
+ $contentstring = '';
+ if (is_array($content)) {
+ $contentstring = implode('|', $content);
+ } else {
+ $contentstring = $content;
+ }
+
+ $logstring = implode(',', array($priority, $trackid, $module, $submodule, $eventtype, $contentstring, $message));
+ syslog($priority, " OLD ".$logstring);
+
+ }
}
+*/
+
?>
\ No newline at end of file
diff --git a/lib/SimpleSAML/Logger/LoggingHandlerFile.php b/lib/SimpleSAML/Logger/LoggingHandlerFile.php
index dd77cd6f10c4b562fd7f76b28fd6f2c5dcc4d374..b0239ef88ba56eabd6107fcc0ea745badd7d54dc 100644
--- a/lib/SimpleSAML/Logger/LoggingHandlerFile.php
+++ b/lib/SimpleSAML/Logger/LoggingHandlerFile.php
@@ -3,6 +3,15 @@
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Logger.php');
+/**
+ * A class for logging
+ *
+ * @author Lasse Birnbaum Jensen, SDU.
+ * @author Andreas Ĺkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $ID$
+ */
+
class SimpleSAML_Logger_LoggingHandlerFile implements SimpleSAML_Logger_LoggingHandler {
private $logFile = null;
diff --git a/lib/SimpleSAML/Logger/LoggingHandlerSyslog.php b/lib/SimpleSAML/Logger/LoggingHandlerSyslog.php
index 4ad3130a5b830d454eb390dad863c995752c0043..a897b91176f9653764e7336c8ab2a274a081ed98 100644
--- a/lib/SimpleSAML/Logger/LoggingHandlerSyslog.php
+++ b/lib/SimpleSAML/Logger/LoggingHandlerSyslog.php
@@ -3,6 +3,15 @@
require_once('SimpleSAML/Configuration.php');
require_once('SimpleSAML/Logger.php');
+/**
+ * A class for logging
+ *
+ * @author Lasse Birnbaum Jensen, SDU.
+ * @author Andreas Ĺkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $ID$
+ */
+
class SimpleSAML_Logger_LoggingHandlerSyslog implements SimpleSAML_Logger_LoggingHandler {
function __construct() {
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php
index 22eab310bb6b757e1028b01f5745993a6000ad60..3e45a8218fbe83b041fe94f1cdd1434ae17acbfa 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php
@@ -102,7 +102,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata = $this->loadFile($metadatasetfile);
}
- Logger::info('MetaData - Handler.SAML2Meta: Loading metadata set [' . $set . '] from [' . $metadatasetfile . ']' );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Loading metadata set [' . $set . '] from [' . $metadatasetfile . ']' );
if (!is_array($metadata))
throw new Exception('Could not load metadata set [' . $set . '] from file: ' . $metadatasetfile);
@@ -178,7 +178,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
@@ -215,7 +215,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata[$entityid]['ForceAuthn'] = (isset($seek_forceauth) ? ($seek_forceauth === 'true') : false);
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
@@ -260,7 +260,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
$metadata[$entityid]['requireconsent'] = (isset($seek_requireconsent) ? ($seek_requireconsent === 'true') : false);
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
@@ -325,7 +325,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
@@ -371,7 +371,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
@@ -455,7 +455,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
} catch (Exception $e) {
- Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
+ SimpleSAML_Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() );
}
}
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 7bc1092e1e25d9902c24dd6c945458d51a7bca59..7ce74f95613e5cf7717fc00253270cdb4e04bfd8 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -218,7 +218,7 @@ class SimpleSAML_Session {
public function getAuthnRequest($protocol, $requestid) {
- Logger::debug('Library - Session: Get authnrequest from cache ' . $protocol . ' time:' . time() . ' id: '. $requestid );
+ SimpleSAML_Logger::debug('Library - Session: Get authnrequest from cache ' . $protocol . ' time:' . time() . ' id: '. $requestid );
$configuration = SimpleSAML_Configuration::getInstance();
if (isset($this->authnrequests[$protocol])) {
@@ -231,7 +231,7 @@ class SimpleSAML_Session {
* simply delete it :)
*/
if ($cache['date'] < time() - $configuration->getValue('session.requestcache', 4*(60*60)) ) {
- Logger::debug('Library - Session: Deleting expired authn request with id ' . $id);
+ SimpleSAML_Logger::debug('Library - Session: Deleting expired authn request with id ' . $id);
unset($this->authnrequests[$protocol][$id]);
}
}
@@ -258,7 +258,7 @@ class SimpleSAML_Session {
*/
public function setAuthnRequest($protocol, $requestid, array $cache) {
- Logger::debug('Library - Session: Set authnrequest ' . $protocol . ' time:' . time() . ' size:' . count($cache) . ' id: '. $requestid );
+ SimpleSAML_Logger::debug('Library - Session: Set authnrequest ' . $protocol . ' time:' . time() . ' size:' . count($cache) . ' id: '. $requestid );
$this->dirty = true;
$cache['date'] = time();
@@ -375,7 +375,7 @@ class SimpleSAML_Session {
*/
public function clean($cleancache = false) {
- Logger::debug('Library - Session: Cleaning Session. Clean cache: ' . ($cleancache ? 'yes' : 'no') );
+ SimpleSAML_Logger::debug('Library - Session: Cleaning Session. Clean cache: ' . ($cleancache ? 'yes' : 'no') );
if ($cleancache) {
$this->authnrequests = array();
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 0553695d8c14e2ca54e686566c7bc3217f2a922e..ac6d1a2aab88d6e40d86380cc8b7252f4e8fd8fc 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -287,7 +287,7 @@ class SimpleSAML_Utilities {
$etrace = (empty($e) ? 'No exception available' : $e->getTraceAsString());
// Log a error message
- Logger::error($_SERVER['PHP_SELF'].' - UserError: ErrCode:'.(!empty($errorcode) ? $errorcode : 'na').': '.urlencode($emsg) );
+ SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - UserError: ErrCode:'.(!empty($errorcode) ? $errorcode : 'na').': '.urlencode($emsg) );
$languagefile = null;
if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php';
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index e09f99a125e81e71ba626c1c96791540fcbfd1fd..2ccc13501523f18c1ce8fb8f9a7e5929af67db3e 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -85,7 +85,7 @@ class SimpleSAML_XHTML_Template {
if (!file_exists($filebase . $file) ) {
- Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
+ SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
return;
}
}
@@ -97,7 +97,7 @@ class SimpleSAML_XHTML_Template {
$filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir');
if (!file_exists($filebase . $file)) {
- Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']');
+ SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']');
return;
}
include($filebase . $file);
@@ -128,7 +128,7 @@ class SimpleSAML_XHTML_Template {
if (!file_exists($filename)) {
- Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
+ SimpleSAML_Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']');
echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']';
exit(0);
diff --git a/www/aselect/handler.php b/www/aselect/handler.php
index d24b3a97008827bc887ebda3a64af953f03d7b06..38dbf2a5715eea01b91c35f0d45250ae153e5e9a 100644
--- a/www/aselect/handler.php
+++ b/www/aselect/handler.php
@@ -122,7 +122,7 @@ session_start();
// log an error and throw an exception
function as_error_exception($msg) {
- Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $msg));
+ SimpleSAML_Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $msg));
throw new Exception($msg);
}
@@ -438,7 +438,7 @@ function as_request_bridge_return() {
// demultiplex incoming request
try {
- Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI']));
+ SimpleSAML_Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI']));
if ($_GET['request']) {
$handler = 'as_request_' . $_GET['request'];
$handler();
diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php
index 6bacd1c1f1b588af353943dd3c625007b410998f..65b2956be32394683ff609ca839bb0cce478a6a9 100644
--- a/www/auth/login-admin.php
+++ b/www/auth/login-admin.php
@@ -13,7 +13,7 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-Logger::info('AUTH -admin: Accessing auth endpoint login-admin');
+SimpleSAML_Logger::info('AUTH -admin: Accessing auth endpoint login-admin');
$error = null;
$attributes = array();
@@ -60,7 +60,7 @@ if (isset($_POST['password'])) {
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
- Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
+ SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated');
SimpleSAML_Utilities::redirect($relaystate);
exit(0);
diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php
index 5e9ddad27dabd95fbd1201939d37a5269edacab9..272386551291c43809d274a1292a88025a68911d 100644
--- a/www/auth/login-feide.php
+++ b/www/auth/login-feide.php
@@ -35,7 +35,7 @@ $session = SimpleSAML_Session::getInstance();
$ldapconfigfile = $config->getBaseDir() . 'config/ldapfeide.php';
require_once($ldapconfigfile);
-Logger::info('AUTH - ldap-feide: Accessing auth endpoint login-feide');
+SimpleSAML_Logger::info('AUTH - ldap-feide: Accessing auth endpoint login-feide');
$error = null;
$attributes = array();
@@ -112,7 +112,7 @@ if (isset($_REQUEST['username'])) {
* Do LDAP bind using DN found from the search on ePPN.
*/
if (!$ldap->bind($dn, $password)) {
- Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn);
+ SimpleSAML_Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn);
throw new Exception('Wrong username or password');
}
@@ -121,7 +121,7 @@ if (isset($_REQUEST['username'])) {
*/
$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
- Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated');
+ SimpleSAML_Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated');
$session->setAuthenticated(true, 'login-feide');
$session->setAttributes($attributes);
@@ -135,7 +135,7 @@ if (isset($_REQUEST['username'])) {
} catch (Exception $e) {
- Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
+ SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
$error = $e->getMessage();
}
}
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index 78aa0129f4e01a28bc0fdb1fd86f715bc79a018b..4b1d9bab703e3f2c11ded1dd9e9951cbd5eeb3b6 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -17,7 +17,7 @@ $ldapconfigfile = $config->getBaseDir() . 'config/ldapmulti.php';
require_once($ldapconfigfile);
-Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti');
+SimpleSAML_Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti');
$error = null;
@@ -47,7 +47,7 @@ if (isset($_POST['username'])) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- Logger::critical('AUTH - ldap-multi: Error setting LDAP protocol version to 3');
+ SimpleSAML_Logger::critical('AUTH - ldap-multi: Error setting LDAP protocol version to 3');
$error = "Failed to set LDAP Protocol version to 3";
}
@@ -64,7 +64,7 @@ if (isset($_POST['username'])) {
ldap_error($ds) . "] ErrNo=[" .
ldap_errno($ds) . "]";
- Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate');
+ SimpleSAML_Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate');
} else {
$sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
@@ -85,7 +85,7 @@ if (isset($_POST['username'])) {
//print_r($ldapentries);
//print_r($attributes);
- Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
+ SimpleSAML_Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
$session->setAuthenticated(true, 'login-ldapmulti');
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
index d1c9851b7ce80cd514e1c46b7b7a2604672c57ac..622d9c3d1c8e545975f1397b5d72e3ff11ef85a5 100644
--- a/www/auth/login-radius.php
+++ b/www/auth/login-radius.php
@@ -13,7 +13,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-Logger::info('AUTH - radius: Accessing auth endpoint login');
+SimpleSAML_Logger::info('AUTH - radius: Accessing auth endpoint login');
$error = null;
$attributes = array();
@@ -35,12 +35,12 @@ if (isset($_POST['username'])) {
if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'),
$config->getValue('auth.radius.secret'), 5, 3)) {
- Logger::critical('AUTH - radius: Problem occured when connecting to Radius server: '.radius_strerror($radius));
+ SimpleSAML_Logger::critical('AUTH - radius: Problem occured when connecting to Radius server: '.radius_strerror($radius));
throw new Exception('Problem occured when connecting to Radius server: ' . radius_strerror($radius));
}
if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {
- Logger::critical('AUTH - radius: Problem occured when creating the Radius request: '.radius_strerror($radius));
+ SimpleSAML_Logger::critical('AUTH - radius: Problem occured when creating the Radius request: '.radius_strerror($radius));
throw new Exception('Problem occured when creating the Radius request: ' . radius_strerror($radius));
}
@@ -81,7 +81,7 @@ if (isset($_POST['username'])) {
//$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
- Logger::notice('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
+ SimpleSAML_Logger::notice('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
$session->setAuthenticated(true, 'login-radius');
@@ -96,15 +96,15 @@ if (isset($_POST['username'])) {
case RADIUS_ACCESS_REJECT:
- Logger::notice('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
+ SimpleSAML_Logger::notice('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
throw new Exception('Radius authentication error: Bad credentials ');
break;
case RADIUS_ACCESS_CHALLENGE:
- Logger::critical('AUTH - radius: Challenge requested: ' . radius_strerror($radius));
+ SimpleSAML_Logger::critical('AUTH - radius: Challenge requested: ' . radius_strerror($radius));
throw new Exception('Radius authentication error: Challenge requested');
break;
default:
- Logger::critical('AUTH -radius: General radius error: ' . radius_strerror($radius));
+ SimpleSAML_Logger::critical('AUTH -radius: General radius error: ' . radius_strerror($radius));
throw new Exception('Error during radius authentication: ' . radius_strerror($radius));
}
diff --git a/www/auth/login.php b/www/auth/login.php
index 0a11d44b0d4c58b5d86ec5e0b867fda9934ca6f4..44806ff0b63d6259ff4974c3152e2eeb94177aa3 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -16,7 +16,7 @@ $config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-Logger::info('AUTH - ldap: Accessing auth endpoint login');
+SimpleSAML_Logger::info('AUTH - ldap: Accessing auth endpoint login');
$error = null;
$attributes = array();
@@ -69,7 +69,7 @@ if (isset($_POST['username'])) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- Logger::critical('AUTH - ldap: Error setting LDAP protocol version to 3');
+ SimpleSAML_Logger::critical('AUTH - ldap: Error setting LDAP protocol version to 3');
throw new Exception("Failed to set LDAP Protocol version to 3");
}
@@ -83,7 +83,7 @@ if (isset($_POST['username'])) {
$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern')
. "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]";
- Logger::notice('AUTH - ldap: '. $username . ' failed to authenticate');
+ SimpleSAML_Logger::notice('AUTH - ldap: '. $username . ' failed to authenticate');
} else {
$sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes'));
@@ -137,7 +137,7 @@ if (isset($_POST['username'])) {
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
- Logger::notice('AUTH - ldap: '. $username . ' successfully authenticated');
+ SimpleSAML_Logger::notice('AUTH - ldap: '. $username . ' successfully authenticated');
SimpleSAML_Utilities::redirect($relaystate);
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 15db347978cb4eb284fb1b06c575ad72a0d288ad..55fe924a973e2d56dece5cfcdca523699645863b 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -36,7 +36,7 @@ try {
$requestid = null;
-Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
+SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
/*
* If the SAMLRequest query parameter is set, we got an incomming Authentication Request
@@ -69,10 +69,10 @@ if (isset($_GET['SAMLRequest'])) {
if ($binding->validateQuery($authnrequest->getIssuer(),'IdP')) {
- Logger::info('SAML2.0 - IdP.SSOService: Valid signature found for '.$requestid);
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Valid signature found for '.$requestid);
}
- Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '.$authnrequest->getIssuer().' id '.$requestid);
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '.$authnrequest->getIssuer().' id '.$requestid);
} catch(Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception);
@@ -95,7 +95,7 @@ if (isset($_GET['SAMLRequest'])) {
$requestcache = $session->getAuthnRequest('saml2', $requestid);
- Logger::info('SAML2.0 - IdP.SSOService: Got incomming RequestID');
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Got incomming RequestID');
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
@@ -124,7 +124,7 @@ $authority = isset($idpmetadata['authority']) ? $idpmetadata['authority'] : null
if (!isset($session) || !$session->isValid($authority) ) {
- Logger::notice('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']);
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmetadata['auth']);
$relaystate = SimpleSAML_Utilities::selfURLNoQuery() .
'?RequestID=' . urlencode($requestid);
@@ -153,7 +153,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
if (!isset($_GET['consent'])) {
- Logger::notice('SAML2.0 - IdP.SSOService: Requires consent from user for attribute release');
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Requires consent from user for attribute release');
$t = new SimpleSAML_XHTML_Template($config, 'consent.php');
$t->data['header'] = 'Consent';
@@ -165,7 +165,7 @@ if (!isset($session) || !$session->isValid($authority) ) {
} else {
- Logger::notice('SAML2.0 - IdP.SSOService: Got consent from user');
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Got consent from user');
}
}
@@ -174,48 +174,81 @@ if (!isset($session) || !$session->isValid($authority) ) {
// Right now the list is used for SAML 2.0 only.
$session->add_sp_session($spentityid);
- Logger::notice('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to '.$spentityid);
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to '.$spentityid);
+
+
+
/*
- * Filtering attributes.
+ * Attribute handling
*/
- $ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
if (isset($idpmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
$afilter->namemap($idpmetadata['attributemap']);
}
if (isset($spmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
$afilter->namemap($spmetadata['attributemap']);
}
if (isset($idpmetadata['attributealter'])) {
- if (!is_array($idpmetadata['attributealter']))
+ if (!is_array($idpmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
$afilter->alter($idpmetadata['attributealter']);
- else
- foreach($idpmetadata['attributealter'] AS $alterfunc)
+ } else {
+ foreach($idpmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
$afilter->alter($alterfunc);
+ }
+ }
}
if (isset($spmetadata['attributealter'])) {
- if (!is_array($spmetadata['attributealter']))
+ if (!is_array($spmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
$afilter->alter($spmetadata['attributealter']);
- else
- foreach($spmetadata['attributealter'] AS $alterfunc)
+ } else {
+ foreach($spmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
$afilter->alter($alterfunc);
+ }
+ }
}
+
+ /**
+ * Make a log entry in the statistics for this SSO login.
+ */
+ $tempattr = $afilter->getAttributes();
+ $realmattr = $config->getValue('statistics.realmattr', null);
+ $realmstr = 'NA';
+ if (!empty($realmattr)) {
+ if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+ $realmstr = $tempattr[$realmattr][0];
+ } else {
+ SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+ }
+ }
+ SimpleSAML_Logger::stats('saml20-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
+
+ /**
+ * Filter away attributes that are not allowed for this SP.
+ */
if (isset($spmetadata['attributes'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
$afilter->filter($spmetadata['attributes']);
}
$filteredattributes = $afilter->getAttributes();
- //echo '<pre>before filter:' ; print_r($session->getAttributes()); echo "\n\n"; print_r($filteredattributes); echo '</pre>'; exit;
+
+
+
// Generate an SAML 2.0 AuthNResponse message
- $authnResponseXML = $ar->generate($idpentityid, $spentityid,
- $requestid, null, $filteredattributes);
+ $ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);
+ $authnResponseXML = $ar->generate($idpentityid, $spentityid, $requestid, null, $filteredattributes);
// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
- $httppost->sendResponse($authnResponseXML,
- $idpentityid, $spentityid,
+ $httppost->sendResponse($authnResponseXML, $idpentityid, $spentityid,
isset($requestcache['RelayState']) ? $requestcache['RelayState'] : null
);
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 91543a6168cca828adb10cba84b90b63aff9b2b3..d33cc239d36929ac3643db7e98f48057bebdea52 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -30,7 +30,7 @@ $session = SimpleSAML_Session::getInstance();
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
+SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
// TODO: if session is not set, give error or do something else.
@@ -50,7 +50,7 @@ if (isset($_GET['SAMLRequest'])) {
$logoutrequest = $binding->decodeLogoutRequest($_GET);
if ($binding->validateQuery($logoutrequest->getIssuer(),'IdP')) {
- Logger::info('SAML2.0 - IdP.SingleLogoutService: Valid signature found for '.$logoutrequest->getRequestID());
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Valid signature found for '.$logoutrequest->getRequestID());
}
} catch(Exception $exception) {
@@ -101,7 +101,7 @@ if (isset($_GET['SAMLRequest'])) {
//echo '<pre>' . htmlentities($logoutrequest->getXML()) . '</pre>';
- Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
# $session->setLogoutRequest($logoutrequest);
@@ -132,7 +132,7 @@ if (isset($_GET['SAMLRequest'])) {
$loginresponse = $binding->decodeLogoutResponse($_GET);
if ($binding->validateQuery($loginresponse->getIssuer(),'SP','SAMLResponse')) {
- Logger::notice('SAML2.0 - IDP.SingleLogoutService: Valid signature found');
+ SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: Valid signature found');
}
@@ -153,7 +153,7 @@ if (isset($_GET['SAMLRequest'])) {
$session->set_sp_logout_completed($loginresponse->getIssuer());
- Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
+ SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer());
}
@@ -167,7 +167,7 @@ $session->dump_sp_sessions();
$spentityid = $session->get_next_sp_logout();
if ($spentityid) {
- Logger::notice('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spentityid);
+ SimpleSAML_Logger::notice('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spentityid);
try {
$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
@@ -203,7 +203,7 @@ if ($spentityid) {
}
if ($config->getValue('debug', false))
- Logger::info('SAML2.0 - IdP.SingleLogoutService: LogoutService: All SPs done ');
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: LogoutService: All SPs done ');
@@ -243,12 +243,12 @@ try {
* Clean up session object to save storage.
*/
if ($config->getValue('debug', false))
- Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size before cleaning: ' . $session->getSize());
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size before cleaning: ' . $session->getSize());
$session->clean();
if ($config->getValue('debug', false))
- Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size after cleaning: ' . $session->getSize());
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size after cleaning: ' . $session->getSize());
/**
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 2f459dcd5cd75fd862f4534b274474170b4fcf5d..4be5175da436b2f40d20c3ad5621fc98fcba99ce 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -28,7 +28,7 @@ require_once('SimpleSAML/XHTML/Template.php');
*/
$session = SimpleSAML_Session::getInstance(TRUE);
-Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
+SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
try {
@@ -40,7 +40,7 @@ try {
$authnResponse->process();
- Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index 2193fc503013d92c643c696dcf121dc15684fa21..86a2ab0477bc2eee9c868cd487cb66f6d6262881 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -20,7 +20,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance(true);
-Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
+SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
// Destroy local session if exists.
if (isset($session) ) {
@@ -39,7 +39,7 @@ if (isset($_GET['SAMLRequest'])) {
$logoutrequest = $binding->decodeLogoutRequest($_GET);
if ($binding->validateQuery($logoutrequest->getIssuer(),'SP')) {
- Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found for '.$requestid);
+ SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found for '.$requestid);
}
// Extract some parameters from the logout request
@@ -50,7 +50,7 @@ if (isset($_GET['SAMLRequest'])) {
//$responder = $config->getValue('saml2-hosted-sp');
$responder = $metadata->getMetaDataCurrentEntityID();
- Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
+ SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid);
// Create a logout response
@@ -62,7 +62,7 @@ if (isset($_GET['SAMLRequest'])) {
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
- Logger::notice('SAML2.0 - SP.SingleLogoutService: SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')');
// Send the Logout response using HTTP POST binding.
$httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse');
@@ -83,7 +83,7 @@ if (isset($_GET['SAMLRequest'])) {
$logoutresponse = $binding->decodeLogoutResponse($_GET);
if ($binding->validateQuery($logoutresponse->getIssuer(),'SP','SAMLResponse')) {
- Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found');
}
} catch(Exception $exception) {
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 7ac36ff82eba7dc7f7659dcc141ae65d87d64a5d..b1e975b0c56a15401ab61b34157e8fb5d85438df 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -22,7 +22,7 @@ if (isset($session) ) {
$idpentityid = $session->getIdP();
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
- Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
+ SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
/**
* Create a logout request
@@ -37,7 +37,7 @@ if (isset($session) ) {
$relayState = $_REQUEST['RelayState'];
}
- Logger::notice('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
@@ -53,7 +53,7 @@ if (isset($session) ) {
$relaystate = $_REQUEST['RelayState'];
- Logger::notice('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
SimpleSAML_Utilities::redirect($relaystate);
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 5b61f0762b31d1af1a009681728da9a439047e37..5bc316726cf4119f20ec211155b1849fb91ddd30 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -24,7 +24,7 @@ $session = SimpleSAML_Session::getInstance(true);
*
*/
-Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
+SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
try {
@@ -41,7 +41,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
if ($idpentityid == null) {
- Logger::notice('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
$discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid .
@@ -64,7 +64,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
$relayState = $_GET['RelayState'];
}
- Logger::notice('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState);
@@ -80,7 +80,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
if (isset($relaystate) && !empty($relaystate)) {
- Logger::notice('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState');
+ SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState');
SimpleSAML_Utilities::redirect($relaystate);
} else {
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index bc926ba701a659754e72c19f9a3ae16512a3f4b1..885cd9053b4a35ee7f284a92f9bbd3fea63ac562 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -33,7 +33,7 @@ $idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted');
$requestid = null;
-Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
+SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
/*
* If the shire query parameter is set, we got an incomming Authentication Request
@@ -64,7 +64,7 @@ if (isset($_GET['shire'])) {
$session->setAuthnRequest('shib13', $requestid, $requestcache);
- Logger::info('Shib1.3 - IdP.SSOService: Got incomming Shib authnRequest requestid: '.$requestid);
+ SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incomming Shib authnRequest requestid: '.$requestid);
} catch(Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception);
@@ -88,7 +88,7 @@ if (isset($_GET['shire'])) {
$requestcache = $session->getAuthnRequest('shib13', $requestid);
- Logger::info('Shib1.3 - IdP.SSOService: Got incomming RequestID: '.$requestid);
+ SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Got incomming RequestID: '.$requestid);
if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
@@ -136,34 +136,67 @@ if (!$session->isAuthenticated($authority) ) {
$spentityid = $requestcache['Issuer'];
$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
+
+
/*
- * Filtering attributes.
+ * Attribute handling
*/
$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
-
+ if (isset($idpmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
+ $afilter->namemap($idpmetadata['attributemap']);
+ }
if (isset($spmetadata['attributemap'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
$afilter->namemap($spmetadata['attributemap']);
}
if (isset($idpmetadata['attributealter'])) {
- if (!is_array($idpmetadata['attributealter']))
+ if (!is_array($idpmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
$afilter->alter($idpmetadata['attributealter']);
- else
- foreach($idpmetadata['attributealter'] AS $alterfunc)
+ } else {
+ foreach($idpmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
$afilter->alter($alterfunc);
+ }
+ }
}
if (isset($spmetadata['attributealter'])) {
- if (!is_array($spmetadata['attributealter']))
+ if (!is_array($spmetadata['attributealter'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
$afilter->alter($spmetadata['attributealter']);
- else
- foreach($spmetadata['attributealter'] AS $alterfunc)
+ } else {
+ foreach($spmetadata['attributealter'] AS $alterfunc) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
$afilter->alter($alterfunc);
+ }
+ }
}
+
+ /**
+ * Make a log entry in the statistics for this SSO login.
+ */
+ $tempattr = $afilter->getAttributes();
+ $realmattr = $config->getValue('statistics.realmattr', null);
+ $realmstr = 'NA';
+ if (!empty($realmattr)) {
+ if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) {
+ $realmstr = $tempattr[$realmattr][0];
+ } else {
+ SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']');
+ }
+ }
+ SimpleSAML_Logger::stats('shib13-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
+
+ /**
+ * Filter away attributes that are not allowed for this SP.
+ */
if (isset($spmetadata['attributes'])) {
+ SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
$afilter->filter($spmetadata['attributes']);
}
$filteredattributes = $afilter->getAttributes();
-