diff options
| author | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2008-02-15 12:26:36 +0000 |
|---|---|---|
| committer | Andreas Åkre Solberg <andreas.solberg@uninett.no> | 2008-02-15 12:26:36 +0000 |
| commit | 1e4d92f5bc75c82fd32efe4b1fc8c81d36cf5f95 (patch) | |
| tree | f5d0990a95e58bccba40fda0b076e6a0edc0c702 | |
| parent | 81b8352fd64a7ee3734e6f416a8f5d17a34cf7d1 (diff) | |
| download | simplesamlphp-1e4d92f5bc75c82fd32efe4b1fc8c81d36cf5f95.zip simplesamlphp-1e4d92f5bc75c82fd32efe4b1fc8c81d36cf5f95.tar.gz simplesamlphp-1e4d92f5bc75c82fd32efe4b1fc8c81d36cf5f95.tar.bz2 | |
Added statistics logging for auth modules, sp entities and slo
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@313 44740490-163a-0410-bde0-09ae8108e29a
| -rw-r--r-- | lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 2 | ||||
| -rw-r--r-- | templates/default/includes/header.php | 15 | ||||
| -rw-r--r-- | www/auth/login-admin.php | 11 | ||||
| -rw-r--r-- | www/auth/login-feide.php | 15 | ||||
| -rw-r--r-- | www/auth/login-ldapmulti.php | 11 | ||||
| -rw-r--r-- | www/auth/login-radius.php | 12 | ||||
| -rw-r--r-- | www/saml2/idp/SingleLogoutService.php | 12 | ||||
| -rw-r--r-- | www/saml2/sp/AssertionConsumerService.php | 18 | ||||
| -rw-r--r-- | www/saml2/sp/SingleLogoutService.php | 13 | ||||
| -rw-r--r-- | www/shib13/sp/AssertionConsumerService.php | 19 |
10 files changed, 117 insertions, 11 deletions
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index 03073ef..60ca194 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -120,6 +120,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { $session->setNameID($nameid); $session->setSessionIndex($this->getSessionIndex()); + + $session->setIdP($this->getIssuer()); /* $nameID["NameID"] = $node->nodeValue; diff --git a/templates/default/includes/header.php b/templates/default/includes/header.php index 04c7760..5bbcb02 100644 --- a/templates/default/includes/header.php +++ b/templates/default/includes/header.php @@ -38,13 +38,14 @@ $langnames = array( 'dk' => 'Dansk' ); - -foreach ($languages AS $lang => $current) { - if ($current) { - echo $langnames[$lang] . ' | '; - } else { - echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . - $langnames[$lang] . '</a> | '; +if (empty($_POST) ) { + foreach ($languages AS $lang => $current) { + if ($current) { + echo $langnames[$lang] . ' | '; + } else { + echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . + $langnames[$lang] . '</a> | '; + } } } diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php index 65b2956..d2d113d 100644 --- a/www/auth/login-admin.php +++ b/www/auth/login-admin.php @@ -61,10 +61,21 @@ if (isset($_POST['password'])) { 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); SimpleSAML_Logger::notice('AUTH - admin: '. $username . ' successfully authenticated'); + + /** + * Create a statistics log entry for every successfull login attempt. + * Also log a specific attribute as set in the config: statistics.authlogattr + */ + $authlogattr = $config->getValue('statistics.authlogattr', null); + if ($authlogattr && array_key_exists($authlogattr, $attributes)) + SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]); + else + SimpleSAML_Logger::stats('AUTH-login-admin OK'); SimpleSAML_Utilities::redirect($relaystate); exit(0); } else { + SimpleSAML_Logger::stats('AUTH-login-admin Failed'); $error = 'Password incorrect'; } diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php index 2723865..1e76036 100644 --- a/www/auth/login-feide.php +++ b/www/auth/login-feide.php @@ -130,12 +130,25 @@ if (isset($_REQUEST['username'])) { 'value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); + + /** + * Create a statistics log entry for every successfull login attempt. + * Also log a specific attribute as set in the config: statistics.authlogattr + */ + $authlogattr = $config->getValue('statistics.authlogattr', null); + if ($authlogattr && array_key_exists($authlogattr, $attributes)) + SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]); + else + SimpleSAML_Logger::stats('AUTH-login-feide OK'); + + $returnto = $_REQUEST['RelayState']; SimpleSAML_Utilities::redirect($returnto); } catch (Exception $e) { SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage()); + SimpleSAML_Logger::stats('AUTH-login-feide Failed'); $error = $e->getMessage(); } } @@ -146,7 +159,7 @@ $t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php'); $t->data['header'] = 'simpleSAMLphp: Enter username and password'; $t->data['relaystate'] = $_REQUEST['RelayState']; $t->data['ldapconfig'] = $ldapfeide; -$t->data['org'] = $_REQUEST['org']; +$t->data['org'] = isset($_REQUEST['org']) ? $_REQUEST['org'] : null; $t->data['error'] = $error; if (isset($error)) { $t->data['username'] = $_POST['username']; diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php index 4b1d9ba..2043649 100644 --- a/www/auth/login-ldapmulti.php +++ b/www/auth/login-ldapmulti.php @@ -95,6 +95,17 @@ if (isset($_POST['username'])) { 'value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); + /** + * Create a statistics log entry for every successfull login attempt. + * Also log a specific attribute as set in the config: statistics.authlogattr + */ + $authlogattr = $config->getValue('statistics.authlogattr', null); + if ($authlogattr && array_key_exists($authlogattr, $attributes)) + SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]); + else + SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK'); + + $returnto = $_REQUEST['RelayState']; SimpleSAML_Utilities::redirect($returnto); diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php index 622d9c3..710dea1 100644 --- a/www/auth/login-radius.php +++ b/www/auth/login-radius.php @@ -90,6 +90,18 @@ if (isset($_POST['username'])) { 'value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); + + /** + * Create a statistics log entry for every successfull login attempt. + * Also log a specific attribute as set in the config: statistics.authlogattr + */ + $authlogattr = $config->getValue('statistics.authlogattr', null); + if ($authlogattr && array_key_exists($authlogattr, $attributes)) + SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]); + else + SimpleSAML_Logger::stats('AUTH-login-radius OK'); + + $returnto = $_REQUEST['RelayState']; SimpleSAML_Utilities::redirect($returnto); diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php index a265542..48eb9a0 100644 --- a/www/saml2/idp/SingleLogoutService.php +++ b/www/saml2/idp/SingleLogoutService.php @@ -70,7 +70,17 @@ if (isset($_GET['SAMLRequest'])) { } + // Extract some parameters from the logout request + #$requestid = $logoutrequest->getRequestID(); + $requester = $logoutrequest->getIssuer(); + #$relayState = $logoutrequest->getRelayState(); + + //$responder = $config->getValue('saml2-hosted-sp'); + $responder = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); + + SimpleSAML_Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer()); + SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder); /* Check if we have a valid session. */ if($session === NULL) { @@ -256,7 +266,7 @@ try { */ $rg = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata); - // generate($issuer, $receiver, $inresponseto, $mode ) + // generate($issuer, $receiver, $inresponseto, $mode ) $logoutResponseXML = $rg->generate($idpentityid, $requestcache['Issuer'], $requestcache['RequestID'], 'IdP'); // Create a HTTP-REDIRECT Binding. diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php index b864958..5558b74 100644 --- a/www/saml2/sp/AssertionConsumerService.php +++ b/www/saml2/sp/AssertionConsumerService.php @@ -48,6 +48,24 @@ try { $authnResponse->process(); SimpleSAML_Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response'); + + + /** + * Make a log entry in the statistics for this SSO login. + */ + $tempattr = $session->getAttributes(); + $realmattr = $config->getValue('statistics.realmattr', null); + $realmstr = 'NA'; + if (!empty($realmattr)) { + if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) { + $realmstr = $tempattr[$realmattr][0]; + } else { + SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']'); + } + } + SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadata->getMetaDataCurrentEntityID() . ' ' . $session->getIdP() . ' ' . $realmstr); + + $relayState = $authnResponse->getRelayState(); if (isset($relayState)) { diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php index 0086022..a8200db 100644 --- a/www/saml2/sp/SingleLogoutService.php +++ b/www/saml2/sp/SingleLogoutService.php @@ -56,7 +56,7 @@ if (isset($_GET['SAMLRequest'])) { $responder = $metadata->getMetaDataCurrentEntityID(); SimpleSAML_Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid); - + SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $responder . ' ' . $requester); // Create a logout response $lr = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata); @@ -95,6 +95,17 @@ if (isset($_GET['SAMLRequest'])) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LOGOUTRESPONSE', $exception); } + + // Extract some parameters from the logout request + #$requestid = $logoutrequest->getRequestID(); + $responder = $logoutresponse->getIssuer(); + #$relayState = $logoutrequest->getRelayState(); + + //$responder = $config->getValue('saml2-hosted-sp'); + $requester = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted'); + + SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder); + if (isset($_GET['RelayState'])) { SimpleSAML_Utilities::redirect($_GET['RelayState']); } else { diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php index 68bb7fd..6c48f33 100644 --- a/www/shib13/sp/AssertionConsumerService.php +++ b/www/shib13/sp/AssertionConsumerService.php @@ -36,8 +36,25 @@ try { if (isset($session)) { - + SimpleSAML_Logger::notice('Shib1.3 - SP.AssertionConsumerService: Successfully created local session from Authentication Response'); + + /** + * Make a log entry in the statistics for this SSO login. + */ + $tempattr = $session->getAttributes(); + $realmattr = $config->getValue('statistics.realmattr', null); + $realmstr = 'NA'; + if (!empty($realmattr)) { + if (array_key_exists($realmattr, $tempattr) && is_array($tempattr[$realmattr]) ) { + $realmstr = $tempattr[$realmattr][0]; + } else { + SimpleSAML_Logger::warning('Could not get realm attribute to log [' . $realmattr. ']'); + } + } + SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $session->getIdP() . ' ' . $realmstr); + + $relayState = $authnResponse->getRelayState(); if (isset($relayState)) { |