Problem: if an error occurs it is not logged to watchdog. Improve that so that admins can track down problems with SAML logins more easily.

CommentFileSizeAuthor
#2 samlauth-logging-3043711.patch1.7 KBklausi

Comments

klausi created an issue. See original summary.

klausi’s picture

Status: Active » Needs review
StatusFileSize
new1.7 KB

Patch.

smfsh’s picture

Extra logging is perfect. Only hesitation I have is printing the data array to the log in the event of the unique ID not being found. It's possible this array could contain something sensitive. What are your thoughts on this?

klausi’s picture

We have the GDPR policy that we need to log the data for security reasons (for example to detect and audit attacks), but we delete all log data after a week anyway.

  • roderik committed f3bb519 on 7.x-1.x authored by klausi
    Issue #3043711 by klausi: Imrove watchdog logging to better track errors
    
roderik’s picture

Status: Needs review » Fixed

Thank you! Committed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

roderik’s picture

@klausi - similar to #3043704-11: Make user logout more robust:

I committed this last year when taking over maintenance of the D7 version but apparently didn't spot the extra thing: the special-case redirect to 'user/login' in case of a special error message.

Likewise: this is not in the D8+ version. I'm not going to revert it here unless someone ever tells me they have an issue with it - but I'm also not going to think about moving this forward in the D8+ version, myself.