From 10cf853b154b8d526020c4c3b7222002ba8789ee Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 15 Feb 2021 19:08:31 +0000 Subject: [PATCH] Add logging for SLO errors To make debugging SLO errors easier, this adds logging for any encountered error in that phase. This is similar to the logging already done on the ACS handling. Signed-off-by: Lukas Reschke --- lib/Controller/SAMLController.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index 161e5ae..4a2e488 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -427,11 +427,19 @@ class SAMLController extends Controller { $idp = $this->session->get('user_saml.Idp'); $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); $stay = true ; // $auth will return the redirect URL but won't perform the redirect himself - if($isFromIDP){ + if ($isFromIDP) { $keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job $targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay); + + $errors = $auth->getErrors(); + if (!empty($errors)) { + foreach($errors as $error) { + $this->logger->error($error, ['app' => $this->appName]); + } + $this->logger->error($auth->getLastErrorReason(), ['app' => $this->appName]); + } } else { - // If request is not from IDP, we must send him the logout request + // If request is not from IDP, we send the logout request to the IDP $parameters = array(); $nameId = $this->session->get('user_saml.samlNameId'); $nameIdFormat = $this->session->get('user_saml.samlNameIdFormat');