entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

more work on error reporting in sso and slo profiles

This commit is contained in:
<bdauvergne@entrouvert.com> 1209043415 +0200 0001-01-01 00:00:00 +00:00
parent cdb8bd5597
commit 04a4879e02
1 changed files with 98 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
include/lassospkit_saml_common.inc.php
View File

@ -16,7 +16,7 @@ class LassoSPKitSAMLCommon {
var $ret = 0;
var $ret_str = "";
var $exception = null;
var $relay_state = null;
var $relayState = null;
public function __construct(LassoSPKitGenericSession $session) {
$this->session = $session;
@ -108,13 +108,7 @@ class LassoSPKitSAMLCommon {
lassospkit_errlog("artifactResolve: soapCall result empty");
$content = "";
}
try {
$retPRM = $profile->processResponseMsg($content);
} catch (Exception $e) {
lassospkit_showCode($content);
var_dump($e);
throw $e;
}
$retPRM = $profile->processResponseMsg($content);
if ($retIR || $retBRM || $retPRM) {
lassospkit_errlog("artifactResolve: retIR: $retIR retBRM: $retBRM retPRM: $retPRM");
if ($retIR) {
@ -138,9 +132,9 @@ class LassoSPKitSAMLCommon {
$response = LassoSPKitHelper::SoapCallWithProfile($profile);
}
public function finishResponse(LassoProfile $profile, $method) {
public function finishResponse(LassoProfile $profile) {
$ret = $profile->buildResponseMsg();
switch ($method) {
switch ($profile->http_request_method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->doRedirect($profile);
break;
@ -169,6 +163,9 @@ class LassoSPKitSAMLCommon {
$blob) {
lassospkit_debuglog("isPassive: $isPassive");
$login = new LassoLogin($this->server);
if ($relayState && is_string($relayState)) {
$request->msgRelayState = $relayState;
}
$retFF = $this->findFederation($login);
$retIAR = $login->initAuthnRequest($remoteID,$method);
$request = @$login->request;
@ -181,9 +178,6 @@ class LassoSPKitSAMLCommon {
} else {
throw new Exception("SSO: Pas d'object NameIDPolicy");
}
if ($relayState && is_string($relayState)) {
$request->msgRelayState = $relayState;
}
$retBAR = $login->buildAuthnRequestMsg();
switch($method) {
case LASSO_HTTP_METHOD_REDIRECT:
@ -219,15 +213,16 @@ class LassoSPKitSAMLCommon {
$retPRM == LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS) {
$this->setMessage("Request denied");
}
lassospkit_debuglog("relayState: " . $login->msgRelayState);
if ($login->msgRelayState) {
$this->relay_state = $login->msgRelayState;
$this->relayState = $login->msgRelayState;
}
if ($retAR || $retPRM) {
lassospkit_errlog("ssoConsumer, retAR: $retAR retPRM: $retPRM");
} else {
$retFF = $this->findFederation($login);
$retASSO = $login->acceptSso();
if ($retASSO) {
if ($retFF || $retASSO) {
lassospkit_errlog("ssoConsumer, retASSO: $retASSO retFF: $retFF");
}
}
@ -236,6 +231,7 @@ class LassoSPKitSAMLCommon {
LassoSPKitHelper::assertionExtractAttributes($login->assertion, $attributes);
$this->session->processAttributes($attributes);
}
$this->checkXmlErrors("AssertionConsumer");
if ($retAR) {
return $retAR;
}
@ -245,17 +241,26 @@ class LassoSPKitSAMLCommon {
if ($retFF) {
return $retFF;
}
if ($retASSO) {
return $retASSO;
}
return 0;
}
/** Web SLO methods */
/* SP initiated */
public function initiateSLO($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null, $relayState = )
public function initiateSLO($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null, $relayState = null)
{
if ($method == null) {
$method = LASSO_HTTP_METHOD_SOAP;
}
$logout = new LassoLogout($this->server);
$this->findFederation($logout);
if ($relayState && is_string($relayState)) {
$logout->msgRelayState = $relayState;
}
if ($retFF = $this->findFederation($logout)) {
return $retFF;
}
$retIR = $logout->initRequest($remoteID, $method);
$retBRM = $logout->buildRequestMsg();
switch ($method) {
@ -272,14 +277,16 @@ class LassoSPKitSAMLCommon {
default:
LassoSPKitHelper::notImplemented();
}
$this->checkXmlErrors("Logout");
}
public function processRedirectResponseSLO() {
$this->processResponseSLO(LASSO_HTTP_METHOD_REDIRECT, $_SERVER['QUERY_STRING']);
return $this->processResponseSLO(LASSO_HTTP_METHOD_REDIRECT, $_SERVER['QUERY_STRING']);
}
public function processResponseSLO($http_method, $message, &$logout = null) {
$retFF = 0;
if ($logout == null) {
$logout = new LassoLogout($this->server);
$this->findFederation($logout);
$retFF = $this->findFederation($logout);
}
$retPRM = $logout->processResponseMsg($message);
switch ($retPRM) {
@ -297,8 +304,18 @@ class LassoSPKitSAMLCommon {
$this->setMessage("IdP said 'logout request is invalid'");
break;
}
$this->saveFederation($logout);
$retSF = $this->saveFederation($logout);
$this->session->logout();
if ($retFF || $retPRM || $retSF) {
lassospkit_errlog("processResponseSLO: retFF: $retFF retPRM: $retPRM retSF: $retSF");
}
if ($retFF) {
return $retFF;
}
if ($retPRM) {
return $retPRM;
}
return 0;
}
/** IDP initiated SLO **/
public function processRedirectRequestSLO() {
@ -316,17 +333,37 @@ class LassoSPKitSAMLCommon {
and treat it as a SLO request. */
public function processRequestSLO($method, $message) {
$logout = new LassoLogout($this->server);
$retPRM = $logout->processRequestMsg($message);
$this->findFederation($logout);
$retPRM = 0;
$retAR = 0;
$retFF = 0;
switch ($method) {
case LASSO_HTTP_METHOD_ARTIFACT_GET:
case LASSO_HTTP_METHOD_ARTIFACT_POST:
$retAR = $this->artifactResolve($login,
$message,
$method);
break;
case LASSO_HTTP_METHOD_POST:
case LASSO_HTTP_METHOD_REDIRECT:
$retPRM = $this->processResponseMsg($message);
break;
}
$retFF = $this->findFederation($logout);
$retVR = $logout->validateRequest();
$retBR = $this->finishResponse($logout, $logout->http_request_method);
$retBR = $this->finishResponse($logout);
$this->session->logout();
if ($retPRM || $retVR || $retBR) {
lassospkit_infolog("Error during SLO request handling for nameId: " . $logout->nameID . " retPRM: $retPRM retVR: $retVR retBR: $retBR");
if ($retFF || $retAR || $retPRM || $retVR || $retBR) {
lassospkit_infolog("Error during SLO request handling for nameId: " . $logout->nameID . " retAR: $retAR retPRM: $retPRM retFF: $retFF retVR: $retVR retBR: $retBR");
}
if ($retAR) {
return $retAR;
}
if ($retPRM) {
return $retPRM;
}
if ($retFF) {
return $retFF;
}
if ($retVR) {
return $retVR;
}
@ -339,11 +376,14 @@ class LassoSPKitSAMLCommon {
save them in the federations database. */
public function saveFederation(LassoProfile $profile) {
LassoSPKitHelper::saveFederation($profile, $this->session);
return 0;
}
/** Find a federation using as many hints as possible (maybe the nameid given in the request,
or the nameid present in the current session) */
public function findFederation(LassoProfile $profile) {
return LassoSPKitHelper::findFederation($profile, $this->session);
if (LassoSPKitHelper::findFederation($profile, $this->session))
return 0;
return LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND;
}
/** Federation termination.
Supress the current federation. That is the records associated
@ -383,6 +423,37 @@ class LassoSPKitSAMLCommon {
LassoSPKitUtilsSession::setLastError($message);
}
function getRelayState() {
return $this->relay_state;
return $this->relayState;
}
/** Check the stack of xml errors and report
them to syslog */
function checkXmlErrors($prefix = "") {
if (! function_exists('libxml_get_errors')) {
return;
}
foreach (libxml_get_errors() as $error) {
$return = "$prefix, LibXMLError, ";
switch ($error->level) {
case LIBXML_ERR_WARNING:
$return .= "Warning $error->code: ";
break;
case LIBXML_ERR_ERROR:
$return .= "Error $error->code: ";
break;
case LIBXML_ERR_FATAL:
$return .= "Fatal Error $error->code: ";
break;
}
$return .= trim($error->message) .
" Line: $error->line" .
" Column: $error->column";
if ($error->file) {
$return .= " File: $error->file";
}
lassospkit_errlog($return);
}
libxml_clear_errors();
}
}