summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2012-01-05 13:10:43 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2012-01-24 11:56:56 (GMT)
commit5ea608e33517afe5b9e263d7f7904533475f05da (patch)
treeb43f2d0235e562e1c623a10c0092684744a3c6d9
parent9b10315fa3b9983e8c7af23d7b5a6bd852754f76 (diff)
downloadmodmellon-improve-logout-logs.zip
modmellon-improve-logout-logs.tar.gz
modmellon-improve-logout-logs.tar.bz2
Improve error handling for logout errorsimprove-logout-logs
-rw-r--r--auth_mellon_handler.c23
1 files changed, 22 insertions, 1 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 78aaf0d..3ffec94 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -22,6 +22,7 @@
#include "auth_mellon.h"
+#include <lasso/xml/saml-2.0/samlp2_logout_response.h>
#ifdef HAVE_lasso_server_new_from_buffers
# define SERVER_NEW lasso_server_new_from_buffers
@@ -669,7 +670,27 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout)
char *return_to;
res = lasso_logout_process_response_msg(logout, r->args);
- if(res != 0) {
+ if (res == LASSO_LOGOUT_ERROR_REQUEST_DENIED) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Logout request "
+ "was denied, maybe session was desynchronized.");
+ } else if (res == LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS) {
+ LassoSamlp2LogoutResponse *response= LASSO_SAMLP2_LOGOUT_RESPONSE(logout->parent.response);
+ char *first_level_status_code_value = NULL;
+ char *second_level_status_code_value = NULL;
+
+ if (response->parent.Status && response->parent.Status->StatusCode) {
+ LassoSamlp2StatusCode *first_level_status_code =
+ response->parent.Status->StatusCode;
+ first_level_status_code_value = first_level_status_code->Value;
+ if (first_level_status_code->StatusCode) {
+ second_level_status_code_value =
+ first_level_status_code->StatusCode->Value;
+ }
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ "Logout response status is not success: %s;%s",
+ first_level_status_code_value, second_level_status_code_value);
+ } else if (res != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Unable to process logout response."
" Lasso error: [%i] %s", res, lasso_strerror(res));