more work on error reporting in sso and slo profiles
This commit is contained in:
parent
cdb8bd5597
commit
04a4879e02
|
@ -16,7 +16,7 @@ class LassoSPKitSAMLCommon {
|
|||
var $ret = 0;
|
||||
var $ret_str = "";
|
||||
var $exception = null;
|
||||
var $relay_state = null;
|
||||
var $relayState = null;
|
||||
|
||||
public function __construct(LassoSPKitGenericSession $session) {
|
||||
$this->session = $session;
|
||||
|
@ -108,13 +108,7 @@ class LassoSPKitSAMLCommon {
|
|||
lassospkit_errlog("artifactResolve: soapCall result empty");
|
||||
$content = "";
|
||||
}
|
||||
try {
|
||||
$retPRM = $profile->processResponseMsg($content);
|
||||
} catch (Exception $e) {
|
||||
lassospkit_showCode($content);
|
||||
var_dump($e);
|
||||
throw $e;
|
||||
}
|
||||
$retPRM = $profile->processResponseMsg($content);
|
||||
if ($retIR || $retBRM || $retPRM) {
|
||||
lassospkit_errlog("artifactResolve: retIR: $retIR retBRM: $retBRM retPRM: $retPRM");
|
||||
if ($retIR) {
|
||||
|
@ -138,9 +132,9 @@ class LassoSPKitSAMLCommon {
|
|||
$response = LassoSPKitHelper::SoapCallWithProfile($profile);
|
||||
}
|
||||
|
||||
public function finishResponse(LassoProfile $profile, $method) {
|
||||
public function finishResponse(LassoProfile $profile) {
|
||||
$ret = $profile->buildResponseMsg();
|
||||
switch ($method) {
|
||||
switch ($profile->http_request_method) {
|
||||
case LASSO_HTTP_METHOD_REDIRECT:
|
||||
$this->doRedirect($profile);
|
||||
break;
|
||||
|
@ -169,6 +163,9 @@ class LassoSPKitSAMLCommon {
|
|||
$blob) {
|
||||
lassospkit_debuglog("isPassive: $isPassive");
|
||||
$login = new LassoLogin($this->server);
|
||||
if ($relayState && is_string($relayState)) {
|
||||
$request->msgRelayState = $relayState;
|
||||
}
|
||||
$retFF = $this->findFederation($login);
|
||||
$retIAR = $login->initAuthnRequest($remoteID,$method);
|
||||
$request = @$login->request;
|
||||
|
@ -181,9 +178,6 @@ class LassoSPKitSAMLCommon {
|
|||
} else {
|
||||
throw new Exception("SSO: Pas d'object NameIDPolicy");
|
||||
}
|
||||
if ($relayState && is_string($relayState)) {
|
||||
$request->msgRelayState = $relayState;
|
||||
}
|
||||
$retBAR = $login->buildAuthnRequestMsg();
|
||||
switch($method) {
|
||||
case LASSO_HTTP_METHOD_REDIRECT:
|
||||
|
@ -219,15 +213,16 @@ class LassoSPKitSAMLCommon {
|
|||
$retPRM == LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS) {
|
||||
$this->setMessage("Request denied");
|
||||
}
|
||||
lassospkit_debuglog("relayState: " . $login->msgRelayState);
|
||||
if ($login->msgRelayState) {
|
||||
$this->relay_state = $login->msgRelayState;
|
||||
$this->relayState = $login->msgRelayState;
|
||||
}
|
||||
if ($retAR || $retPRM) {
|
||||
lassospkit_errlog("ssoConsumer, retAR: $retAR retPRM: $retPRM");
|
||||
} else {
|
||||
$retFF = $this->findFederation($login);
|
||||
$retASSO = $login->acceptSso();
|
||||
if ($retASSO) {
|
||||
if ($retFF || $retASSO) {
|
||||
lassospkit_errlog("ssoConsumer, retASSO: $retASSO retFF: $retFF");
|
||||
}
|
||||
}
|
||||
|
@ -236,6 +231,7 @@ class LassoSPKitSAMLCommon {
|
|||
LassoSPKitHelper::assertionExtractAttributes($login->assertion, $attributes);
|
||||
$this->session->processAttributes($attributes);
|
||||
}
|
||||
$this->checkXmlErrors("AssertionConsumer");
|
||||
if ($retAR) {
|
||||
return $retAR;
|
||||
}
|
||||
|
@ -245,17 +241,26 @@ class LassoSPKitSAMLCommon {
|
|||
if ($retFF) {
|
||||
return $retFF;
|
||||
}
|
||||
if ($retASSO) {
|
||||
return $retASSO;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Web SLO methods */
|
||||
/* SP initiated */
|
||||
public function initiateSLO($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null, $relayState = )
|
||||
public function initiateSLO($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null, $relayState = null)
|
||||
{
|
||||
if ($method == null) {
|
||||
$method = LASSO_HTTP_METHOD_SOAP;
|
||||
}
|
||||
$logout = new LassoLogout($this->server);
|
||||
$this->findFederation($logout);
|
||||
if ($relayState && is_string($relayState)) {
|
||||
$logout->msgRelayState = $relayState;
|
||||
}
|
||||
if ($retFF = $this->findFederation($logout)) {
|
||||
return $retFF;
|
||||
}
|
||||
$retIR = $logout->initRequest($remoteID, $method);
|
||||
$retBRM = $logout->buildRequestMsg();
|
||||
switch ($method) {
|
||||
|
@ -272,14 +277,16 @@ class LassoSPKitSAMLCommon {
|
|||
default:
|
||||
LassoSPKitHelper::notImplemented();
|
||||
}
|
||||
$this->checkXmlErrors("Logout");
|
||||
}
|
||||
public function processRedirectResponseSLO() {
|
||||
$this->processResponseSLO(LASSO_HTTP_METHOD_REDIRECT, $_SERVER['QUERY_STRING']);
|
||||
return $this->processResponseSLO(LASSO_HTTP_METHOD_REDIRECT, $_SERVER['QUERY_STRING']);
|
||||
}
|
||||
public function processResponseSLO($http_method, $message, &$logout = null) {
|
||||
$retFF = 0;
|
||||
if ($logout == null) {
|
||||
$logout = new LassoLogout($this->server);
|
||||
$this->findFederation($logout);
|
||||
$retFF = $this->findFederation($logout);
|
||||
}
|
||||
$retPRM = $logout->processResponseMsg($message);
|
||||
switch ($retPRM) {
|
||||
|
@ -297,8 +304,18 @@ class LassoSPKitSAMLCommon {
|
|||
$this->setMessage("IdP said 'logout request is invalid'");
|
||||
break;
|
||||
}
|
||||
$this->saveFederation($logout);
|
||||
$retSF = $this->saveFederation($logout);
|
||||
$this->session->logout();
|
||||
if ($retFF || $retPRM || $retSF) {
|
||||
lassospkit_errlog("processResponseSLO: retFF: $retFF retPRM: $retPRM retSF: $retSF");
|
||||
}
|
||||
if ($retFF) {
|
||||
return $retFF;
|
||||
}
|
||||
if ($retPRM) {
|
||||
return $retPRM;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
/** IDP initiated SLO **/
|
||||
public function processRedirectRequestSLO() {
|
||||
|
@ -316,17 +333,37 @@ class LassoSPKitSAMLCommon {
|
|||
and treat it as a SLO request. */
|
||||
public function processRequestSLO($method, $message) {
|
||||
$logout = new LassoLogout($this->server);
|
||||
$retPRM = $logout->processRequestMsg($message);
|
||||
$this->findFederation($logout);
|
||||
$retPRM = 0;
|
||||
$retAR = 0;
|
||||
$retFF = 0;
|
||||
switch ($method) {
|
||||
case LASSO_HTTP_METHOD_ARTIFACT_GET:
|
||||
case LASSO_HTTP_METHOD_ARTIFACT_POST:
|
||||
$retAR = $this->artifactResolve($login,
|
||||
$message,
|
||||
$method);
|
||||
break;
|
||||
case LASSO_HTTP_METHOD_POST:
|
||||
case LASSO_HTTP_METHOD_REDIRECT:
|
||||
$retPRM = $this->processResponseMsg($message);
|
||||
break;
|
||||
}
|
||||
$retFF = $this->findFederation($logout);
|
||||
$retVR = $logout->validateRequest();
|
||||
$retBR = $this->finishResponse($logout, $logout->http_request_method);
|
||||
$retBR = $this->finishResponse($logout);
|
||||
$this->session->logout();
|
||||
if ($retPRM || $retVR || $retBR) {
|
||||
lassospkit_infolog("Error during SLO request handling for nameId: " . $logout->nameID . " retPRM: $retPRM retVR: $retVR retBR: $retBR");
|
||||
if ($retFF || $retAR || $retPRM || $retVR || $retBR) {
|
||||
lassospkit_infolog("Error during SLO request handling for nameId: " . $logout->nameID . " retAR: $retAR retPRM: $retPRM retFF: $retFF retVR: $retVR retBR: $retBR");
|
||||
}
|
||||
if ($retAR) {
|
||||
return $retAR;
|
||||
}
|
||||
if ($retPRM) {
|
||||
return $retPRM;
|
||||
}
|
||||
if ($retFF) {
|
||||
return $retFF;
|
||||
}
|
||||
if ($retVR) {
|
||||
return $retVR;
|
||||
}
|
||||
|
@ -339,11 +376,14 @@ class LassoSPKitSAMLCommon {
|
|||
save them in the federations database. */
|
||||
public function saveFederation(LassoProfile $profile) {
|
||||
LassoSPKitHelper::saveFederation($profile, $this->session);
|
||||
return 0;
|
||||
}
|
||||
/** Find a federation using as many hints as possible (maybe the nameid given in the request,
|
||||
or the nameid present in the current session) */
|
||||
public function findFederation(LassoProfile $profile) {
|
||||
return LassoSPKitHelper::findFederation($profile, $this->session);
|
||||
if (LassoSPKitHelper::findFederation($profile, $this->session))
|
||||
return 0;
|
||||
return LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND;
|
||||
}
|
||||
/** Federation termination.
|
||||
Supress the current federation. That is the records associated
|
||||
|
@ -383,6 +423,37 @@ class LassoSPKitSAMLCommon {
|
|||
LassoSPKitUtilsSession::setLastError($message);
|
||||
}
|
||||
function getRelayState() {
|
||||
return $this->relay_state;
|
||||
return $this->relayState;
|
||||
}
|
||||
/** Check the stack of xml errors and report
|
||||
them to syslog */
|
||||
function checkXmlErrors($prefix = "") {
|
||||
if (! function_exists('libxml_get_errors')) {
|
||||
return;
|
||||
}
|
||||
foreach (libxml_get_errors() as $error) {
|
||||
$return = "$prefix, LibXMLError, ";
|
||||
switch ($error->level) {
|
||||
case LIBXML_ERR_WARNING:
|
||||
$return .= "Warning $error->code: ";
|
||||
break;
|
||||
case LIBXML_ERR_ERROR:
|
||||
$return .= "Error $error->code: ";
|
||||
break;
|
||||
case LIBXML_ERR_FATAL:
|
||||
$return .= "Fatal Error $error->code: ";
|
||||
break;
|
||||
}
|
||||
|
||||
$return .= trim($error->message) .
|
||||
" Line: $error->line" .
|
||||
" Column: $error->column";
|
||||
|
||||
if ($error->file) {
|
||||
$return .= " File: $error->file";
|
||||
}
|
||||
lassospkit_errlog($return);
|
||||
}
|
||||
libxml_clear_errors();
|
||||
}
|
||||
}
|
||||
|
|
Reference in New Issue