Commit d186f384 authored by haemmer's avatar haemmer
Browse files

Implemented #2796

parent 692bf062
...@@ -34,6 +34,7 @@ SWITCHwayf Changes and Version History: ...@@ -34,6 +34,7 @@ SWITCHwayf Changes and Version History:
- Fixed a few small bugs - Fixed a few small bugs
- Added some optimizations to the drop-down list search-as-you type - Added some optimizations to the drop-down list search-as-you type
feature feature
- The log file now logs - if possible - also the SP entityID/providerId
- Some small styling changes/CSS improvements - Some small styling changes/CSS improvements
Issues: https://forge.switch.ch/redmine/projects/wayf/versions/62 Issues: https://forge.switch.ch/redmine/projects/wayf/versions/62
......
...@@ -224,13 +224,13 @@ if ( ...@@ -224,13 +224,13 @@ if (
redirectToSP($_GET['return'], $cookieIdP); redirectToSP($_GET['return'], $cookieIdP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Cookie', $_GET['return'], $cookieIdP); logAccessEntry('DS', 'Cookie', $_GET['entityID'], $cookieIdP, $_GET['return']);
} else { } else {
redirectTo($IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Cookie', $_GET['shire'], $cookieIdP); logAccessEntry('WAYF', 'Cookie', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $cookieIdP, $_GET['shire']);
} }
...@@ -256,12 +256,12 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) { ...@@ -256,12 +256,12 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) {
redirectToSP($_GET['return'], $kerberosIDP); redirectToSP($_GET['return'], $kerberosIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Kerberos', $_GET['return'], $kerberosIDP); logAccessEntry('DS', 'Kerberos', $_GET['entityID'], $kerberosIDP, $_GET['return']);
} else { } else {
redirectTo($IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Kerberos', $_GET['shire'], $kerberosIDP); logAccessEntry('WAYF', 'Kerberos', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $kerberosIDP, $_GET['shire']);
} }
exit; exit;
} }
...@@ -301,7 +301,7 @@ if ( ...@@ -301,7 +301,7 @@ if (
redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Old-Request', $_GET['shire'], $_GET['origin']); logAccessEntry('WAYF', 'Old-Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $_GET['origin'], $_GET['shire']);
exit; exit;
} }
...@@ -324,13 +324,13 @@ if ($hintedPathIDP != '-'){ ...@@ -324,13 +324,13 @@ if ($hintedPathIDP != '-'){
redirectToSP($_GET['return'], $hintedPathIDP); redirectToSP($_GET['return'], $hintedPathIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Path', $_GET['return'], $hintedPathIDP); logAccessEntry('DS', 'Path', $_GET['entityID'], $hintedPathIDP, $_GET['return']);
} else { } else {
redirectTo($IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Path', $_GET['shire'], $hintedPathIDP); logAccessEntry('WAYF', 'Path', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $hintedPathIDP, $_GET['shire']);
} }
exit; exit;
...@@ -358,20 +358,22 @@ if ( ...@@ -358,20 +358,22 @@ if (
// Create log entry // Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){ if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
logAccessEntry('Embedded-DS', 'Request', $_GET['return'], $selectedIDP); $dsType = 'Embedded-DS';
} else { } else {
logAccessEntry('DS', 'Request', $_GET['return'], $selectedIDP); $dsType = 'DS';
} }
logAccessEntry($dsType, 'Request', $_GET['entityID'], $selectedIDP, $_GET['return']);
} else { } else {
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){ if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
logAccessEntry('Embedded-WAYF', 'Request', $_GET['shire'], $selectedIDP); $dsType = 'Embedded-WAYF';
} else { } else {
logAccessEntry('WAYF', 'Request', $_GET['shire'], $selectedIDP); $dsType = 'WAYF';
} }
logAccessEntry($dsType, 'Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $selectedIDP, $_GET['shire']);
} }
exit; exit;
} }
...@@ -459,14 +461,14 @@ if ( ...@@ -459,14 +461,14 @@ if (
redirectTo($_GET['return']); redirectTo($_GET['return']);
// Create log entry // Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], '-'); logAccessEntry('DS', 'Passive', $_GET['entityID'], '-', $_GET['return']);
} else { } else {
redirectToSP($_GET['return'], $selectedIDP); redirectToSP($_GET['return'], $selectedIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], $selectedIDP); logAccessEntry('DS', 'Passive', $_GET['entityID'], $selectedIDP, $_GET['return']);
} }
exit; exit;
} }
......
...@@ -709,8 +709,10 @@ function redirectToSP($url, $IdP){ ...@@ -709,8 +709,10 @@ function redirectToSP($url, $IdP){
} }
} }
/******************************************************************************/ /******************************************************************************/
// Returns true if valid Directory Service request // Logs all events where users were redirected to their IdP or back to an SP
function logAccessEntry($protocol, $type, $sp, $idp){ // The log then can be used to approximately detect how many users were served
// by the SWITCHwayf
function logAccessEntry($protocol, $type, $sp, $idp, $return){
global $WAYFLogFile, $useLogging; global $WAYFLogFile, $useLogging;
// Return if logging deactivated // Return if logging deactivated
...@@ -730,7 +732,7 @@ function logAccessEntry($protocol, $type, $sp, $idp){ ...@@ -730,7 +732,7 @@ function logAccessEntry($protocol, $type, $sp, $idp){
} }
// Compose log entry // Compose log entry
$entry = date('Y-m-d H:i:s').' '.$_SERVER['REMOTE_ADDR'].' '.$protocol.' '.$type.' '.$idp.' '.$sp."\n"; $entry = date('Y-m-d H:i:s').' '.$_SERVER['REMOTE_ADDR'].' '.$protocol.' '.$type.' '.$idp.' '.$return.' '.$sp."\n";
// Open file in append mode // Open file in append mode
if (!$handle = fopen($WAYFLogFile, 'a')) { if (!$handle = fopen($WAYFLogFile, 'a')) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment