fix: Add more logging to the saml/acs endpoint

Signed-off-by: Christoph Wurst <[email protected]>
nextcloud · Sep 16, 2024 · b21abdd · b21abdd
1 parent 0130d26
commit b21abdd
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
@@ -361,23 +361,25 @@ public function assertionConsumerService(): Http\RedirectResponse {
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('Authentication successful', ['app' => 'user_saml']);
 
 		// Check whether the user actually exists, if not redirect to an error page
 		// explaining the issue.
 		try {
 			$this->userData->setAttributes($auth->getAttributes());
 			$this->autoprovisionIfPossible();
 		} catch (NoUserFoundException $e) {
-			$this->logger->error($e->getMessage(), ['app' => $this->appName]);
+			$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
 			$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned'));
 			$response->invalidateCookie('saml_data');
 			return $response;
 		} catch (UserFilterViolationException $e) {
-			$this->logger->error($e->getMessage(), ['app' => $this->appName]);
+			$this->logger->error($e->getMessage(), ['app' => $this->appName, 'exception' => $e]);
 			$response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notPermitted'));
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('Attributes provisioned', ['app' => 'user_saml', 'attributes' => $auth->getAttributes()]);
 
 		$this->session->set('user_saml.samlUserData', $auth->getAttributes());
 		$this->session->set('user_saml.samlNameId', $auth->getNameId());
@@ -386,6 +388,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
 		$this->session->set('user_saml.samlNameIdSPNameQualifier', $auth->getNameIdSPNameQualifier());
 		$this->session->set('user_saml.samlSessionIndex', $auth->getSessionIndex());
 		$this->session->set('user_saml.samlSessionExpiration', $auth->getSessionExpiration());
+		$this->logger->debug('Session values set', ['app' => 'user_saml']);
 		try {
 			$user = $this->userResolver->findExistingUser($this->userBackend->getCurrentUserId());
 			$firstLogin = $user->updateLastLoginTimestamp();
@@ -400,6 +403,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
 			$response->invalidateCookie('saml_data');
 			return $response;
 		}
+		$this->logger->debug('User found, last login timestamp updated', ['app' => 'user_saml']);
 
 		$originalUrl = $data['RelayState'] ?? $data['OriginalUrl'];
 		if ($originalUrl !== null && $originalUrl !== '') {