From c03dfd9bfcb0e6e66285af8583d3ff0186090a09 Mon Sep 17 00:00:00 2001 From: Sahan Dilshan Date: Fri, 21 Jul 2023 21:14:17 +0530 Subject: [PATCH 1/3] Improve application details on logs --- .../AbstractApplicationAuthenticator.java | 28 +++++++++++++++++++ .../model/graph/JsNashornGraphBuilder.java | 3 ++ .../nashorn/JsOpenJdkNashornGraphBuilder.java | 3 ++ .../impl/PostAuthnMissingClaimHandler.java | 2 +- .../impl/GraphBasedSequenceHandler.java | 3 +- .../handler/step/impl/DefaultStepHandler.java | 2 +- .../central/log/mgt/utils/LogConstants.java | 1 + 7 files changed, 39 insertions(+), 3 deletions(-) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java index 686bf1d79c38..fa88a0890955 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java @@ -39,6 +39,8 @@ import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.User; import org.wso2.carbon.identity.base.IdentityConstants; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; +import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.event.IdentityEventConstants; import org.wso2.carbon.identity.event.IdentityEventException; @@ -50,6 +52,7 @@ import org.wso2.carbon.user.core.common.AbstractUserStoreManager; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.util.UserCoreUtil; +import org.wso2.carbon.utils.DiagnosticLog; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import java.io.Serializable; @@ -58,6 +61,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -130,6 +134,30 @@ public AuthenticatorFlowStatus process(HttpServletRequest request, // The Authenticator will re-initiate the authentication and retry. context.setCurrentAuthenticator(getName()); initiateAuthenticationRequest(request, response, context); + if (LoggerUtils.isDiagnosticLogsEnabled()) { + DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( + FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, + FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP); + diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep()); + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + context.getServiceProviderName()); + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, + context.getSequenceConfig().getApplicationConfig().getServiceProvider() + .getApplicationResourceId()); + diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep()); + Optional.ofNullable(e.getUser()).ifPresent(user -> { + Optional.ofNullable(user.toFullQualifiedUsername()).ifPresent(username -> + diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER, + LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(username) + : username)); + diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER_STORE_DOMAIN, + user.getUserStoreDomain()); + }); + diagLogBuilder.resultMessage("Authentication failed: " + e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + LoggerUtils.triggerDiagnosticLogEvent(diagLogBuilder); + } return AuthenticatorFlowStatus.INCOMPLETE; } else { context.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, getName()); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java index 0b247f2d66ce..d6dfcf4bce94 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java @@ -61,6 +61,7 @@ import javax.script.ScriptEngine; import javax.script.ScriptException; +import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_ID; import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME; /** @@ -1217,6 +1218,8 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... p diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " + e.getMessage()) .inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName()) + .inputParam(APPLICATION_ID, authenticationContext.getSequenceConfig() + .getApplicationConfig().getServiceProvider().getApplicationResourceId()) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java index fd068b530543..4164e437dc46 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java @@ -74,6 +74,7 @@ import javax.script.ScriptException; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT; +import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_ID; import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME; /** @@ -1234,6 +1235,8 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... pa diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " + e.getMessage()) .inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName()) + .inputParam(APPLICATION_ID, authenticationContext.getSequenceConfig() + .getApplicationConfig().getServiceProvider().getApplicationResourceId()) .resultStatus(DiagnosticLog.ResultStatus.FAILED) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java index 9adbc03d73bd..85d060aaed71 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java @@ -194,7 +194,7 @@ protected PostAuthnHandlerFlowStatus handlePostAuthenticationForMissingClaimsReq log.debug("Mandatory claims missing for the application : " + missingClaims[0]); } if (LoggerUtils.isDiagnosticLogsEnabled()) { - diagnosticLogBuilder.inputParam(LogConstants.InputKeys.SERVICE_PROVIDER, + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) .inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) .inputParam(FrameworkConstants.LogConstants.MISSING_CLAIMS, missingClaims) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java index a029ac44773b..5076f1d81da0 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java @@ -125,7 +125,8 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) .inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) - .inputParam(LogConstants.InputKeys.CLIENT_ID, context.getSequenceConfig().getApplicationId()) + .inputParam(LogConstants.InputKeys.APPLICATION_ID, context.getSequenceConfig() + .getApplicationConfig().getServiceProvider().getApplicationResourceId()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Executing script-based authentication.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java index 173ff2ee9cce..45fc7a4c7028 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java @@ -379,7 +379,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response, DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); - diagLogBuilder.inputParam(LogConstants.InputKeys.SERVICE_PROVIDER, context.getServiceProviderName()) + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) .inputParam(LogConstants.InputKeys.STEP, stepConfig.getOrder()) .inputParam("Available authenticator list", filteredAuthConfigList.stream().map( AuthenticatorConfig::getName).collect(Collectors.toList())) diff --git a/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java b/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java index b7661c766a3c..aabba7cb97a9 100644 --- a/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java +++ b/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java @@ -54,5 +54,6 @@ public static class InputKeys { public static final String CLIENT_ID = "client id"; public static final String REDIREDCT_URI = "redirect uri"; public static final String SCOPE = "scope"; + public static final String APPLICATION_ID = "app id"; } } From c0c4abd10bebc7f23baa9d732bb71a3b134cc04a Mon Sep 17 00:00:00 2001 From: Sahan Dilshan Date: Fri, 21 Jul 2023 21:16:32 +0530 Subject: [PATCH 2/3] Add diagnostic logs for logout flow --- .../impl/DefaultLogoutRequestHandler.java | 72 +++++++++++++++++++ .../framework/util/FrameworkConstants.java | 1 + 2 files changed, 73 insertions(+) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java index 979abc7a8d93..2cde5fedfb52 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java @@ -51,11 +51,14 @@ import org.wso2.carbon.identity.application.common.model.ServiceProvider; import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; +import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.core.URLBuilderException; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.idp.mgt.IdentityProviderManagementException; import org.wso2.carbon.idp.mgt.IdentityProviderManager; +import org.wso2.carbon.utils.DiagnosticLog; import java.io.IOException; import java.net.URLEncoder; @@ -106,6 +109,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut if (log.isTraceEnabled()) { log.trace("Inside handle()"); } + // This will be initialized only if diagnostic logs are enabled. + DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null; + if (LoggerUtils.isDiagnosticLogsEnabled()) { + diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( + FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, + FrameworkConstants.LogConstants.ActionIDs.PROCESS_LOGOUT_REQUEST) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + } SequenceConfig sequenceConfig = context.getSequenceConfig(); // Retrieve session information from cache. SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(context.getSessionIdentifier(), @@ -122,6 +133,12 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut AuthenticatedUser authenticatedUser = new AuthenticatedUser(); if (authenticatedUserObj instanceof AuthenticatedUser) { authenticatedUser = (AuthenticatedUser) authenticatedUserObj; + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.USER, LoggerUtils.isLogMaskingEnable ? + LoggerUtils.getMaskedContent(authenticatedUser.getUserName()) : + authenticatedUser.getUserName()) + .inputParam(LogConstants.InputKeys.USER_ID, authenticatedUser.getLoggableUserId()); + } } // Setting the authenticated user's object to the request to get the relevant details to log out the user. context.setProperty(FrameworkConstants.AUTHENTICATED_USER, authenticatedUser); @@ -151,6 +168,15 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut break; } catch (UserSessionException | IdentityProviderManagementException | NumberFormatException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error while deleting federated " + + "authentication session details." + context.getSessionIdentifier()) + .inputParam("session context key", context.getSessionIdentifier()) + .inputParam("error message", e.getMessage()) + .inputParam("fed idp name", fedIdpName) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Error while deleting federated authentication session " + "details for the session context key : " + context.getSessionIdentifier(), e); } @@ -165,6 +191,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut .removeFederatedAuthSessionInfo(context.getSessionIdentifier()); break; } catch (UserSessionException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " + + "session details. " + context.getSessionIdentifier()) + .inputParam("session context key", context.getSessionIdentifier()) + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Error while deleting federated authentication session" + " details for the session context key : " + context.getSessionIdentifier(), e); } @@ -183,6 +217,14 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut UserSessionStore.getInstance().removeFederatedAuthSessionInfo(context.getSessionIdentifier(), Integer.parseInt(context.getProperty(FrameworkConstants.FED_IDP_ID).toString())); } catch (UserSessionException | NumberFormatException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " + + "session details." + context.getSessionIdentifier()) + .inputParam("session context key", context.getSessionIdentifier()) + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Error while deleting federated authentication session" + " details for the session context key : " + context.getSessionIdentifier(), e); } @@ -250,8 +292,21 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut // sends the logout request to the external IdP return; } catch (AuthenticationFailedException | LogoutFailedException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Exception while handling logout request") + .inputParam("fed idp", idpName) + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Exception while handling logout request", e); } catch (IdentityProviderManagementException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Exception while getting IdP by name") + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } log.error("Exception while getting IdP by name", e); } } @@ -289,8 +344,20 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } context.addLoggedOutAuthenticator(authenticatedIdPName, authenticatorName); } catch (AuthenticationFailedException | LogoutFailedException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Exception while handling logout request") + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Exception while handling logout request", e); } catch (IdentityProviderManagementException e) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Exception while getting IdP by name") + .inputParam("error message", e.getMessage()) + .resultStatus(DiagnosticLog.ResultStatus.FAILED); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } log.error("Exception while getting IdP by name", e); } } @@ -300,6 +367,11 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut try { context.clearLoggedOutAuthenticators(); sendResponse(request, response, context, true); + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Successfully completed the logout flow.") + .resultStatus(DiagnosticLog.ResultStatus.SUCCESS); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } } catch (ServletException | IOException e) { throw new FrameworkException(e.getMessage(), e); } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java index 1b994755873d..e2a5434b0c6f 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java @@ -722,6 +722,7 @@ public static class ActionIDs { public static final String INIT_AUTH_FLOW = "init-authentication-flow"; public static final String INIT_LOGOUT_FLOW = "init-logout-flow"; + public static final String PROCESS_LOGOUT_REQUEST = "process-logout-request"; public static final String HANDLE_CLAIM_MAPPING = "handle-claim-mappings"; public static final String HANDLE_AUTH_REQUEST = "handle-authentication-request"; public static final String HANDLE_AUTH_STEP = "handle-authentication-step"; From 8b5cc00d121c501b6b2d9baa841b4aec737a9fea Mon Sep 17 00:00:00 2001 From: Sahan Dilshan Date: Mon, 24 Jul 2023 15:21:16 +0530 Subject: [PATCH 3/3] Refactor and optimize existing diagnostic logs --- .../AbstractApplicationAuthenticator.java | 23 ++++---- .../model/graph/JsNashornGraphBuilder.java | 13 ++--- .../nashorn/JsOpenJdkNashornGraphBuilder.java | 12 +++-- .../impl/DefaultLogoutRequestHandler.java | 31 +++++------ .../impl/PostAuthnMissingClaimHandler.java | 10 ++-- .../impl/consent/SSOConsentServiceImpl.java | 1 + .../impl/GraphBasedSequenceHandler.java | 54 +++++++++++++------ .../handler/step/impl/DefaultStepHandler.java | 14 +++-- .../framework/util/FrameworkConstants.java | 1 + .../framework/util/FrameworkUtils.java | 48 +++++++++++++++++ .../central/log/mgt/utils/LogConstants.java | 1 + 11 files changed, 149 insertions(+), 59 deletions(-) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java index fa88a0890955..e70182914e9f 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java @@ -36,6 +36,7 @@ import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants; +import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils; import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.common.model.User; import org.wso2.carbon.identity.base.IdentityConstants; @@ -138,13 +139,12 @@ public AuthenticatorFlowStatus process(HttpServletRequest request, DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_STEP); - diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep()); - diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, - context.getServiceProviderName()); - diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, - context.getSequenceConfig().getApplicationConfig().getServiceProvider() - .getApplicationResourceId()); - diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep()); + diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, context.getCurrentStep()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) + .resultMessage("Authentication failed.") + .resultStatus(DiagnosticLog.ResultStatus.FAILED) + .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + // Adding user related details to diagnostic log. Optional.ofNullable(e.getUser()).ifPresent(user -> { Optional.ofNullable(user.toFullQualifiedUsername()).ifPresent(username -> diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER, @@ -153,9 +153,12 @@ public AuthenticatorFlowStatus process(HttpServletRequest request, diagLogBuilder.inputParam(FrameworkConstants.LogConstants.USER_STORE_DOMAIN, user.getUserStoreDomain()); }); - diagLogBuilder.resultMessage("Authentication failed: " + e.getMessage()) - .resultStatus(DiagnosticLog.ResultStatus.FAILED) - .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagLogBuilder); } return AuthenticatorFlowStatus.INCOMPLETE; diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java index d6dfcf4bce94..019d30ea34e4 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java @@ -38,6 +38,7 @@ import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService; import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig; import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService; import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException; @@ -61,9 +62,6 @@ import javax.script.ScriptEngine; import javax.script.ScriptException; -import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_ID; -import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME; - /** * Translate the authentication graph config to runtime model. * This is not thread safe. Should be discarded after each build. @@ -1217,11 +1215,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... p FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT); diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " + e.getMessage()) - .inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName()) - .inputParam(APPLICATION_ID, authenticationContext.getSequenceConfig() - .getApplicationConfig().getServiceProvider().getApplicationResourceId()) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION) .resultStatus(DiagnosticLog.ResultStatus.FAILED); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } log.error("Error in executing the javascript for service provider : " + authenticationContext diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java index 4164e437dc46..98873d975869 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/openjdk/nashorn/JsOpenJdkNashornGraphBuilder.java @@ -50,6 +50,7 @@ import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService; import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig; import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig; +import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants; import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils; import org.wso2.carbon.identity.functions.library.mgt.FunctionLibraryManagementService; import org.wso2.carbon.identity.functions.library.mgt.exception.FunctionLibraryManagementException; @@ -74,8 +75,6 @@ import javax.script.ScriptException; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.ActionIDs.EXECUTE_ADAPTIVE_SCRIPT; -import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_ID; -import static org.wso2.carbon.identity.central.log.mgt.utils.LogConstants.InputKeys.APPLICATION_NAME; /** * Translate the authentication graph config to runtime model. @@ -1234,11 +1233,14 @@ public Object evaluate(AuthenticationContext authenticationContext, Object... pa EXECUTE_ADAPTIVE_SCRIPT); diagnosticLogBuilder.resultMessage("Error in executing the adaptive authentication script : " + e.getMessage()) - .inputParam(APPLICATION_NAME, authenticationContext.getServiceProviderName()) - .inputParam(APPLICATION_ID, authenticationContext.getSequenceConfig() - .getApplicationConfig().getServiceProvider().getApplicationResourceId()) .resultStatus(DiagnosticLog.ResultStatus.FAILED) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(applicationId -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(authenticationContext).ifPresent(applicationName -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } log.error("Error in executing the javascript for service provider : " + authenticationContext diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java index 2cde5fedfb52..bf03019077ea 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultLogoutRequestHandler.java @@ -70,6 +70,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.LogConstants.SESSION_CONTEXT_KEY; import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Authenticator.SAML2SSO.FED_AUTH_NAME; /** @@ -170,10 +171,10 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut | NumberFormatException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Error while deleting federated " + - "authentication session details." + context.getSessionIdentifier()) - .inputParam("session context key", context.getSessionIdentifier()) - .inputParam("error message", e.getMessage()) - .inputParam("fed idp name", fedIdpName) + "authentication session details.") + .inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) + .inputParam(LogConstants.InputKeys.IDP, fedIdpName) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -193,9 +194,9 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (UserSessionException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " + - "session details. " + context.getSessionIdentifier()) - .inputParam("session context key", context.getSessionIdentifier()) - .inputParam("error message", e.getMessage()) + "session details. ") + .inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -219,9 +220,9 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (UserSessionException | NumberFormatException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Error while deleting federated authentication " + - "session details." + context.getSessionIdentifier()) - .inputParam("session context key", context.getSessionIdentifier()) - .inputParam("error message", e.getMessage()) + "session details.") + .inputParam(SESSION_CONTEXT_KEY, context.getSessionIdentifier()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -294,8 +295,8 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (AuthenticationFailedException | LogoutFailedException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Exception while handling logout request") - .inputParam("fed idp", idpName) - .inputParam("error message", e.getMessage()) + .inputParam(LogConstants.InputKeys.IDP, idpName) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -303,7 +304,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (IdentityProviderManagementException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Exception while getting IdP by name") - .inputParam("error message", e.getMessage()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -346,7 +347,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (AuthenticationFailedException | LogoutFailedException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Exception while handling logout request") - .inputParam("error message", e.getMessage()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } @@ -354,7 +355,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut } catch (IdentityProviderManagementException e) { if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.resultMessage("Exception while getting IdP by name") - .inputParam("error message", e.getMessage()) + .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage()) .resultStatus(DiagnosticLog.ResultStatus.FAILED); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java index 85d060aaed71..7f528cb8934e 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.java @@ -194,13 +194,17 @@ protected PostAuthnHandlerFlowStatus handlePostAuthenticationForMissingClaimsReq log.debug("Mandatory claims missing for the application : " + missingClaims[0]); } if (LoggerUtils.isDiagnosticLogsEnabled()) { - diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, - context.getServiceProviderName()) - .inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) .inputParam(FrameworkConstants.LogConstants.MISSING_CLAIMS, missingClaims) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Mandatory claims missing for the application: " + context.getServiceProviderName()); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } try { diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/SSOConsentServiceImpl.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/SSOConsentServiceImpl.java index 8470d6023d27..478998e7934a 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/SSOConsentServiceImpl.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/SSOConsentServiceImpl.java @@ -486,6 +486,7 @@ public void processConsent(List consentApprovedClaimIds, ServiceProvide ClaimMetaData::getClaimUri).collect(Collectors.toList())) .inputParam(USE_EXISTING_CONSENT, false) .inputParam(LogConstants.InputKeys.APPLICATION_NAME, serviceProvider.getApplicationName()) + .inputParam(LogConstants.InputKeys.APPLICATION_ID, serviceProvider.getApplicationResourceId()) .inputParam(LogConstants.InputKeys.SUBJECT, LoggerUtils.isLogMaskingEnable ? LoggerUtils .getMaskedContent(authenticatedUser.getUserName()) : authenticatedUser.getUserName()) .inputParam(CLAIMS_WITH_CONSENT, claimsWithConsent.stream().map(ClaimMetaData::getClaimUri) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java index 5076f1d81da0..faf392e3470e 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.java @@ -123,13 +123,16 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Aut DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); - diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) - .inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) - .inputParam(LogConstants.InputKeys.APPLICATION_ID, context.getSequenceConfig() - .getApplicationConfig().getServiceProvider().getApplicationResourceId()) + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.TENANT_DOMAIN, context.getTenantDomain()) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .resultMessage("Executing script-based authentication.") .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> + diagnosticLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); } if (!graph.isBuildSuccessful()) { @@ -373,10 +376,20 @@ private void handleAuthFail(HttpServletRequest request, HttpServletResponse resp if (log.isDebugEnabled()) { log.debug("Found a Fail Node in conditional authentication"); } - DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( - FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, - FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); - + DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = null; + if (LoggerUtils.isDiagnosticLogsEnabled()) { + diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( + FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, + FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); + // Adding application related details to diagnostic log. + Map params = new HashMap<>(); + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> + params.put(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> + params.put(LogConstants.InputKeys.APPLICATION_NAME, + applicationName)); + diagnosticLogBuilder.inputParams(params); + } if (node.isShowErrorPage()) { // Set parameters specific to sendError function to context if isShowErrorPage is true String errorPage = node.getErrorPageUri(); @@ -403,20 +416,23 @@ private void handleAuthFail(HttpServletRequest request, HttpServletResponse resp redirectURL = uriBuilder.toString(); } response.sendRedirect(FrameworkUtils.getRedirectURL(redirectURL, request)); - if (LoggerUtils.isDiagnosticLogsEnabled()) { + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { diagnosticLogBuilder.inputParam(LogConstants.InputKeys.REDIREDCT_URI, redirectURL) - .inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) .resultStatus(DiagnosticLog.ResultStatus.FAILED) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); } } catch (IOException e) { - diagnosticLogBuilder.resultMessage("Error when redirecting user to " + errorPage); - LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error when redirecting user to " + errorPage); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Error when redirecting user to " + errorPage, e); } catch (URISyntaxException e) { - diagnosticLogBuilder.resultMessage("Error when redirecting user to " + errorPage - + ". Error page is not a valid URL."); - LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error when redirecting user to " + errorPage + + ". Error page is not a valid URL."); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new FrameworkException("Error when redirecting user to " + errorPage + ". Error page is not a valid URL.", e); } @@ -424,8 +440,12 @@ private void handleAuthFail(HttpServletRequest request, HttpServletResponse resp context.setRequestAuthenticated(false); context.getSequenceConfig().setCompleted(true); request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE); - diagnosticLogBuilder.resultMessage("Error initiated from authentication script. User will be redirected."); - LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) { + diagnosticLogBuilder.resultMessage("Error initiated from authentication script. User will be" + + " redirected.") + .inputParam(LogConstants.InputKeys.REDIREDCT_URI, redirectURL); + LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder); + } throw new JsFailureException("Error initiated from authentication script. User will be redirected to " + redirectURL); } else { diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java index 45fc7a4c7028..96e026a1532d 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java @@ -379,13 +379,17 @@ public void handle(HttpServletRequest request, HttpServletResponse response, DiagnosticLog.DiagnosticLogBuilder diagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder( FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST); - diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, context.getServiceProviderName()) - .inputParam(LogConstants.InputKeys.STEP, stepConfig.getOrder()) + diagLogBuilder.inputParam(LogConstants.InputKeys.STEP, stepConfig.getOrder()) .inputParam("Available authenticator list", filteredAuthConfigList.stream().map( AuthenticatorConfig::getName).collect(Collectors.toList())) .resultStatus(DiagnosticLog.ResultStatus.SUCCESS) .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION); diagLogBuilder.resultMessage("Filtered authenticator list for the step " + stepConfig.getOrder()); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> + diagLogBuilder.inputParam(LogConstants.InputKeys.APPLICATION_NAME, applicationName)); LoggerUtils.triggerDiagnosticLogEvent(diagLogBuilder); } @@ -983,7 +987,11 @@ private Map getContextParamsForDiagnosticLogs(AuthenticationCont Map params = new HashMap<>(); params.put(FrameworkConstants.LogConstants.STEP, stepConfig.getOrder()); - params.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, context.getServiceProviderName()); + // Adding application related details to diagnostic log. + FrameworkUtils.getApplicationResourceId(context).ifPresent(applicationId -> params.put( + LogConstants.InputKeys.APPLICATION_ID, applicationId)); + FrameworkUtils.getApplicationName(context).ifPresent(applicationName -> params.put( + LogConstants.InputKeys.APPLICATION_NAME, applicationName)); params.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, context.getTenantDomain()); params.put(FrameworkConstants.LogConstants.AUTHENTICATOR_NAME, authenticatorConfig.getName()); return params; diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java index e2a5434b0c6f..b3917943c7a8 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java @@ -714,6 +714,7 @@ public static class LogConstants { public static final String COUNT = "count"; public static final String AUTHENTICATED_IDPS = "authenticated idps"; public static final String IDP = "idp"; + public static final String SESSION_CONTEXT_KEY = "session context key"; /** * Define action IDs for diagnostic logs in the framework component. diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java index ddf63066ab96..f5bd5a6477f3 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java @@ -57,6 +57,7 @@ import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig; +import org.wso2.carbon.identity.application.authentication.framework.config.model.OptimizedApplicationConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig; import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext; @@ -159,6 +160,7 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Optional; import java.util.Set; import java.util.StringJoiner; import java.util.TreeMap; @@ -715,6 +717,52 @@ public static String getRedirectURL(String redirectURL, HttpServletRequest reque return redirectURL; } + /** + * This method is used to get the application name from the authentication context. + * @param context Authentication context. + * @return Application name. + */ + public static Optional getApplicationName(AuthenticationContext context) { + + // Get the application name from the context directly if it's not null. + Optional serviceProviderName = Optional.ofNullable(context) + .map(AuthenticationContext::getServiceProviderName); + if (serviceProviderName.isPresent()) { + return serviceProviderName; + } + + // Get the application name from the sequence config if it's not available in the + // context.getServiceProviderName(). + return Optional.ofNullable(context) + .map(AuthenticationContext::getSequenceConfig) + .map(SequenceConfig::getApplicationConfig) + .map(ApplicationConfig::getApplicationName); + } + + /** + * This method is used to get the application resource id from the authentication context. + * @param context Authentication context. + * @return Application resource id. + */ + public static Optional getApplicationResourceId(AuthenticationContext context) { + + // Get the application resource id from the optimized application config if it's available. + Optional optimizedResourceId = Optional.ofNullable(context) + .map(AuthenticationContext::getSequenceConfig) + .map(SequenceConfig::getOptimizedApplicationConfig) + .map(OptimizedApplicationConfig::getServiceProviderResourceId); + if (optimizedResourceId.isPresent()) { + return optimizedResourceId; + } + // Get the application resource id from the sequence config if it's not available in the optimized + // application config + return Optional.ofNullable(context) + .map(AuthenticationContext::getSequenceConfig) + .map(SequenceConfig::getApplicationConfig) + .map(ApplicationConfig::getServiceProvider) + .map(ServiceProvider::getApplicationResourceId); + } + private static String getServiceProviderNameByReferer(HttpServletRequest request) { String serviceProviderName = null; diff --git a/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java b/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java index aabba7cb97a9..e5f2fdd03d51 100644 --- a/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java +++ b/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LogConstants.java @@ -55,5 +55,6 @@ public static class InputKeys { public static final String REDIREDCT_URI = "redirect uri"; public static final String SCOPE = "scope"; public static final String APPLICATION_ID = "app id"; + public static final String ERROR_MESSAGE = "error message"; } }