Commit d186f384 authored by haemmer's avatar haemmer

Implemented #2796

parent 692bf062
......@@ -34,6 +34,7 @@ SWITCHwayf Changes and Version History:
- Fixed a few small bugs
- Added some optimizations to the drop-down list search-as-you type
feature
- The log file now logs - if possible - also the SP entityID/providerId
- Some small styling changes/CSS improvements
Issues: https://forge.switch.ch/redmine/projects/wayf/versions/62
......
......@@ -224,13 +224,13 @@ if (
redirectToSP($_GET['return'], $cookieIdP);
// Create log entry
logAccessEntry('DS', 'Cookie', $_GET['return'], $cookieIdP);
logAccessEntry('DS', 'Cookie', $_GET['entityID'], $cookieIdP, $_GET['return']);
} else {
redirectTo($IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Cookie', $_GET['shire'], $cookieIdP);
logAccessEntry('WAYF', 'Cookie', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $cookieIdP, $_GET['shire']);
}
......@@ -256,12 +256,12 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) {
redirectToSP($_GET['return'], $kerberosIDP);
// Create log entry
logAccessEntry('DS', 'Kerberos', $_GET['return'], $kerberosIDP);
logAccessEntry('DS', 'Kerberos', $_GET['entityID'], $kerberosIDP, $_GET['return']);
} else {
redirectTo($IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Kerberos', $_GET['shire'], $kerberosIDP);
logAccessEntry('WAYF', 'Kerberos', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $kerberosIDP, $_GET['shire']);
}
exit;
}
......@@ -301,7 +301,7 @@ if (
redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Old-Request', $_GET['shire'], $_GET['origin']);
logAccessEntry('WAYF', 'Old-Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $_GET['origin'], $_GET['shire']);
exit;
}
......@@ -324,13 +324,13 @@ if ($hintedPathIDP != '-'){
redirectToSP($_GET['return'], $hintedPathIDP);
// Create log entry
logAccessEntry('DS', 'Path', $_GET['return'], $hintedPathIDP);
logAccessEntry('DS', 'Path', $_GET['entityID'], $hintedPathIDP, $_GET['return']);
} else {
redirectTo($IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
logAccessEntry('WAYF', 'Path', $_GET['shire'], $hintedPathIDP);
logAccessEntry('WAYF', 'Path', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $hintedPathIDP, $_GET['shire']);
}
exit;
......@@ -358,20 +358,22 @@ if (
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
logAccessEntry('Embedded-DS', 'Request', $_GET['return'], $selectedIDP);
$dsType = 'Embedded-DS';
} else {
logAccessEntry('DS', 'Request', $_GET['return'], $selectedIDP);
$dsType = 'DS';
}
logAccessEntry($dsType, 'Request', $_GET['entityID'], $selectedIDP, $_GET['return']);
} else {
redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
logAccessEntry('Embedded-WAYF', 'Request', $_GET['shire'], $selectedIDP);
$dsType = 'Embedded-WAYF';
} else {
logAccessEntry('WAYF', 'Request', $_GET['shire'], $selectedIDP);
$dsType = 'WAYF';
}
logAccessEntry($dsType, 'Request', (isset($_GET['providerId'])) ? $_GET['providerId'] : '-', $selectedIDP, $_GET['shire']);
}
exit;
}
......@@ -459,14 +461,14 @@ if (
redirectTo($_GET['return']);
// Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], '-');
logAccessEntry('DS', 'Passive', $_GET['entityID'], '-', $_GET['return']);
} else {
redirectToSP($_GET['return'], $selectedIDP);
// Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], $selectedIDP);
logAccessEntry('DS', 'Passive', $_GET['entityID'], $selectedIDP, $_GET['return']);
}
exit;
}
......
......@@ -709,8 +709,10 @@ function redirectToSP($url, $IdP){
}
}
/******************************************************************************/
// Returns true if valid Directory Service request
function logAccessEntry($protocol, $type, $sp, $idp){
// Logs all events where users were redirected to their IdP or back to an SP
// The log then can be used to approximately detect how many users were served
// by the SWITCHwayf
function logAccessEntry($protocol, $type, $sp, $idp, $return){
global $WAYFLogFile, $useLogging;
// Return if logging deactivated
......@@ -730,7 +732,7 @@ function logAccessEntry($protocol, $type, $sp, $idp){
}
// Compose log entry
$entry = date('Y-m-d H:i:s').' '.$_SERVER['REMOTE_ADDR'].' '.$protocol.' '.$type.' '.$idp.' '.$sp."\n";
$entry = date('Y-m-d H:i:s').' '.$_SERVER['REMOTE_ADDR'].' '.$protocol.' '.$type.' '.$idp.' '.$return.' '.$sp."\n";
// Open file in append mode
if (!$handle = fopen($WAYFLogFile, 'a')) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment