Commit f27d2d79 authored by Robert Lyon's avatar Robert Lyon

Bug 1855327: Adding custom table to record SAML logins attributes

To allow for diagnosing problems with SAML auth connection to IdP

Records what auth attributes the user is trying to authenicate with,
eg institution, email address, username etc.

A config flag is also made to allow one to turn on/of the recording
The data is only stored in the database and is not exposed to the site
itself

behatnotneeded

Change-Id: I5766cf64be048fd1fe0771c9aed3e83e888ff650
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 2d14b440
......@@ -129,6 +129,15 @@ class AuthSaml extends Auth {
public function request_user_authorise($attributes) {
global $USER, $SESSION;
$this->must_be_ready();
/**
* Save the SAML attributes to "usr_login_attributes" to help with debugging
* Note: This should not be left on full time
*/
if (get_config('saml_log_attributes')) {
$jsonattributes = json_encode($attributes);
$sla_id = insert_record('usr_login_saml', (object) array('ctime' => db_format_timestamp(time()),
'data' => $jsonattributes), 'id', true);
}
if (empty($attributes) or !array_key_exists($this->config['user_attribute'], $attributes)
or !array_key_exists($this->config['institutionattribute'], $attributes)) {
......@@ -293,6 +302,13 @@ class AuthSaml extends Auth {
}
$user->commit();
/**
* Save the SAML attributes to "usr_login_attributes" to help with debugging
* Note: This should not be left on full time
*/
if (get_config('saml_log_attributes') && $sla_id) {
set_field('usr_login_saml', 'usr', $user->get('id'), 'id', $sla_id);
}
/*******************************************/
......
......@@ -775,6 +775,14 @@ $cfg->sessionhandler = 'file';
}';
*/
/**
* Log SAML attributes
* To help diagnose authentication issues between Mahara and the IdP it is useful to see what attributes are being sent
* so we log what was sent to the usr_login_saml table when this flag is set to true.
* Note: This should be switched off once problems are diagnosed / fixed and the table cleared
*/
$cfg->saml_log_attributes = false;
/**
* @global array $cfg->externalfilesystem
* A configuration data for an external file system
......
......@@ -1410,5 +1410,16 @@
<KEY NAME="blockfk" TYPE="foreign" FIELDS="block" REFTABLE="block_instance" REFFIELDS="id" />
</KEYS>
</TABLE>
<TABLE NAME="usr_login_saml">
<FIELDS>
<FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true" />
<FIELD NAME="usr" TYPE="int" LENGTH="10" NOTNULL="false" />
<FIELD NAME="data" TYPE="text" LENGTH="big" NOTNULL="true" />
<FIELD NAME="ctime" TYPE="datetime" NOTNULL="true" />
</FIELDS>
<KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="id" />
</KEYS>
</TABLE>
</TABLES>
</XMLDB>
......@@ -1563,5 +1563,17 @@ function xmldb_core_upgrade($oldversion=0) {
change_field_type($table, $field, true, true);
}
if ($oldversion < 2019120600) {
// Save the SAML attributes in a db table when debugging
log_debug('Create "usr_login_saml" table');
$table = new XMLDBTable('usr_login_saml');
$table->addFieldInfo('id', XMLDB_TYPE_INTEGER, 10, null, XMLDB_NOTNULL, XMLDB_SEQUENCE);
$table->addFieldInfo('usr', XMLDB_TYPE_INTEGER, 10);
$table->addFieldInfo('data', XMLDB_TYPE_TEXT, 'big', null, XMLDB_NOTNULL);
$table->addFieldInfo('ctime', XMLDB_TYPE_DATETIME, null, null, XMLDB_NOTNULL);
$table->addKeyInfo('primary', XMLDB_KEY_PRIMARY, array('id'));
create_table($table);
}
return $status;
}
......@@ -16,7 +16,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2019111500;
$config->version = 2019120600;
$config->series = '20.04';
$config->release = '20.04dev';
$config->minupgradefrom = 2017031605;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment