diff --git a/config/config-template.php b/config/config-template.php
index 845d558219a205177e43b5e42186aae2fcf22777..90a5bcf4af3fff128415a9417c823ec6edb8b2e3 100644
--- a/config/config-template.php
+++ b/config/config-template.php
@@ -70,22 +70,20 @@ $config = array (
* Options: [syslog,file]
*
*/
- 'logging.level' => LOG_NOTICE,
- 'logging.handler' => 'syslog',
-
- /*
- * Logging: syslog
- * Choose a syslog facility to use for logging.
+ 'logging.level' => LOG_NOTICE,
+ 'logging.handler' => 'syslog',
+
+ /* Logging: syslog - Choose a syslog facility to use for logging.
*/
- 'logging.facility' => LOG_LOCAL5,
+ 'logging.facility' => LOG_LOCAL5,
- /*
- * Logging: file
- *
- * Logfilename in the loggingdir from above.
+ /* Logging: file - Logfilename in the loggingdir from above.
*/
'logging.logfile' => 'simplesamlphp.log',
-
+
+ 'statistics.realmattr' => 'realm',
+
+
/*
* Enable
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 7ce74f95613e5cf7717fc00253270cdb4e04bfd8..a94a5ea86883a5c10993e914ab414470ee9bb191 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -196,7 +196,7 @@ class SimpleSAML_Session {
public function dump_sp_sessions() {
foreach ($this->sp_at_idpsessions AS $entityid => $sp) {
- error_log('Dump sp sessions: ' . $entityid . ' status: ' . $sp);
+ SimpleSAML_Logger::debug('Dump sp sessions: ' . $entityid . ' status: ' . $sp);
}
}
// *** --- ***
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index d33cc239d36929ac3643db7e98f48057bebdea52..cf197d1ef078cf3c70a590cf82cdb5f5fd201985 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -33,9 +33,7 @@ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
-// TODO: if session is not set, give error or do something else.
-
/**
* If we get an incomming LogoutRequest then we initiate the logout process.
* in this case an SAML 2.0 SP is sending an request, which also is referred to as
@@ -65,6 +63,9 @@ if (isset($_GET['SAMLRequest'])) {
exit(0);
}
+
+ SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
+
/* Check if we have a valid session. */
if($session === NULL) {
@@ -74,13 +75,13 @@ if (isset($_GET['SAMLRequest'])) {
* the SP that sent the LogoutRequest.
*/
+ SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Did not find a session here, but we are returning a LogoutResponse anyway.');
+
$spentityid = $logoutrequest->getIssuer();
/* Generate the response. */
- $response = new SimpleSAML_XML_SAML20_LogoutResponse($config,
- $metadata);
- $responseText = $response->generate($idpentityid, $spentityid,
- $logoutrequest->getRequestID(), 'IdP');
+ $response = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
+ $responseText = $response->generate($idpentityid, $spentityid, $logoutrequest->getRequestID(), 'IdP');
/* Retrieve the relay state from the request. */
$relayState = $logoutrequest->getRelayState();
@@ -96,15 +97,6 @@ if (isset($_GET['SAMLRequest'])) {
$session->setAuthenticated(false, $session->getAuthority() );
- //$requestid = $authnrequest->getRequestID();
- //$session->setAuthnRequest($requestid, $authnrequest);
-
- //echo '<pre>' . htmlentities($logoutrequest->getXML()) . '</pre>';
-
- SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
-
-
-# $session->setLogoutRequest($logoutrequest);
/*
* Create an assoc array of the request to store in the session cache.
@@ -117,7 +109,6 @@ if (isset($_GET['SAMLRequest'])) {
$requestcache['RelayState'] = $relaystate;
$session->setLogoutRequest($requestcache);
-
$session->set_sp_logout_completed($logoutrequest->getIssuer() );
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 4be5175da436b2f40d20c3ad5621fc98fcba99ce..7208ca3eb352e9f674d93cf50a7592fe856156d0 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -22,7 +22,6 @@ require_once('SimpleSAML/XHTML/Template.php');
*/
-
/* Get the session object for the user. Create a new session if no session
* exists for this user.
*/
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
index a2762fe96c90c91b7b637a3012e4badd61c54804..54759d005a69a87c8625a2a65f43e040eb11018e 100644
--- a/www/saml2/sp/idpdisco.php
+++ b/www/saml2/sp/idpdisco.php
@@ -13,7 +13,10 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-
+
+
+SimpleSAML_Logger::info('SAML2.0 - SP.idpDisco: Accessing SAML 2.0 discovery service');
+
try {
if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');
@@ -31,6 +34,8 @@ try {
if (isset($_GET['idpentityid'])) {
+ SimpleSAML_Logger::info('SAML2.0 - SP.idpDisco: Choice made [ ' . $_GET['idpentityid'] . '] Setting preferedidp cookie.');
+
$idpentityid = $_GET['idpentityid'];
setcookie('preferedidp',$idpentityid,time()+60*60*24*90); // set cookie valid 90 days
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index b1e975b0c56a15401ab61b34157e8fb5d85438df..494f58cd70458a6fac5a0b998a5d08a408266768 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -10,19 +10,19 @@ require_once('SimpleSAML/XML/SAML20/LogoutRequest.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
$session = SimpleSAML_Session::getInstance();
+SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
+
if (isset($session) ) {
try {
+ $config = SimpleSAML_Configuration::getInstance();
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
$idpentityid = $session->getIdP();
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
- SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
/**
* Create a logout request
@@ -52,9 +52,7 @@ if (isset($session) ) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
$relaystate = $_REQUEST['RelayState'];
-
SimpleSAML_Logger::notice('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
-
SimpleSAML_Utilities::redirect($relaystate);
}
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
index 5bc316726cf4119f20ec211155b1849fb91ddd30..4e4982af64291268240de65c6fa558637f51212e 100644
--- a/www/saml2/sp/initSSO.php
+++ b/www/saml2/sp/initSSO.php
@@ -79,9 +79,7 @@ if (!isset($session) || !$session->isValid('saml2') ) {
$relaystate = $_GET['RelayState'];
if (isset($relaystate) && !empty($relaystate)) {
-
SimpleSAML_Logger::notice('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState');
-
SimpleSAML_Utilities::redirect($relaystate);
} else {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
index c81431dcba69f2ac2e3fb58864d690802376fb62..70e149446aeae8df5db1035bba880ad9c60e0c76 100644
--- a/www/shib13/sp/AssertionConsumerService.php
+++ b/www/shib13/sp/AssertionConsumerService.php
@@ -10,22 +10,27 @@ require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
require_once('SimpleSAML/Bindings/Shib13/HTTPPost.php');
require_once('SimpleSAML/XHTML/Template.php');
+$session = SimpleSAML_Session::getInstance(TRUE);
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance(true);
+
+SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');
try {
-
-
+ $config = SimpleSAML_Configuration::getInstance();
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
$binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$authnResponse = $binding->decodeResponse($_POST);
$authnResponse->validate();
$session = $authnResponse->createSession();
+
if (isset($session)) {
+
+ SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response');
+
$relayState = $authnResponse->getRelayState();
if (isset($relayState)) {
SimpleSAML_Utilities::redirect($relayState);
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
index ab45917ab2a4f873888bfe41db904e12c62d74bc..55d4503e330d4651bdb730eaf9aa2075ed2e26b2 100644
--- a/www/shib13/sp/idpdisco.php
+++ b/www/shib13/sp/idpdisco.php
@@ -13,7 +13,9 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
-
+
+SimpleSAML_Logger::info('Shib1.3 - SP.idpDisco : Accessing Shib 1.3 discovery service');
+
try {
if (!isset($_GET['entityID'])) throw new Exception('Missing parameter: entityID');
@@ -31,6 +33,8 @@ try {
if (isset($_GET['idpentityid'])) {
+ SimpleSAML_Logger::info('Shib1.3 - SP.idpDisco : Choice made [ ' . $_GET['idpentityid'] . '] Setting preferedidp cookie.');
+
$idpentityid = $_GET['idpentityid'];
setcookie('preferedidp',$idpentityid,time()+60*60*24*90); // set cookie valid 90 days
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 736600b97d18cd458655d31e7d5bce9852efd120..49a93a6a4d60c0cd24bf7c6594578cfc294484d2 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -19,11 +19,14 @@ $session = SimpleSAML_Session::getInstance();
/*
* Incomming URL parameters
*
- * idpentityid The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid The entityid of the SP config to use. If not provided will use default to host.
- *
+ * idpentityid optional The entityid of the wanted IdP to authenticate with. If not provided will use default.
+ * spentityid optional The entityid of the SP config to use. If not provided will use default to host.
+ * RelayState required Where to send the user back to after authentication.
+ *
*/
+SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Accessing Shib 1.3 SP initSSO script');
+
try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-shib13-idp') ;
@@ -39,6 +42,8 @@ if (!isset($session) || !$session->isValid('shib13') ) {
if ($idpentityid == null) {
+ SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
+
$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
$discservice = '/' . $config->getValue('baseurlpath') . 'shib13/sp/idpdisco.php?entityID=' . $spentityid .
'&return=' . $returnURL . '&returnIDParam=idpentityid';
@@ -53,6 +58,8 @@ if (!isset($session) || !$session->isValid('shib13') ) {
if(isset($_GET['RelayState']))
$ar->setRelayState($_GET['RelayState']);
+ SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
+
$url = $ar->createRedirect($idpentityid);
SimpleSAML_Utilities::redirect($url);
@@ -66,6 +73,7 @@ if (!isset($session) || !$session->isValid('shib13') ) {
$relaystate = $session->getRelayState();
if (isset($relaystate) && !empty($relaystate)) {
+ SimpleSAML_Logger::notice('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
SimpleSAML_Utilities::redirect($relaystate);
} else {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');