Merge branch 'improve-logout-logs' into test-branch

auth_mellon_handler.c

@@ -22,6 +22,7 @@
 
 #include "auth_mellon.h"
 
+#include <lasso/xml/saml-2.0/samlp2_logout_response.h>
 
 #ifdef HAVE_lasso_server_new_from_buffers
 #  define SERVER_NEW lasso_server_new_from_buffers
@@ -669,7 +670,27 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout)
     char *return_to;
 
     res = lasso_logout_process_response_msg(logout, r->args);
-    if(res != 0) {
+    if (res == LASSO_LOGOUT_ERROR_REQUEST_DENIED) {
+        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Logout request "
+                        "was denied, maybe session was desynchronized.");
+    } else if (res == LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS) {
+        LassoSamlp2LogoutResponse *response= LASSO_SAMLP2_LOGOUT_RESPONSE(logout->parent.response);
+        char *first_level_status_code_value = NULL;
+        char *second_level_status_code_value = NULL;
+
+        if (response->parent.Status && response->parent.Status->StatusCode) {
+                LassoSamlp2StatusCode *first_level_status_code =
+                        response->parent.Status->StatusCode;
+                first_level_status_code_value = first_level_status_code->Value;
+                if (first_level_status_code->StatusCode) {
+                        second_level_status_code_value =
+                                first_level_status_code->StatusCode->Value;
+                }
+        }
+        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+                "Logout response status is not success: %s;%s",
+                first_level_status_code_value, second_level_status_code_value);
+    } else if (res != 0) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                       "Unable to process logout response."
                       " Lasso error: [%i] %s", res, lasso_strerror(res));