Improve diagnostic logs

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java

@@ -114,11 +114,47 @@ public class SAMLSSOConstants {
  public static final String CACHE_CONTROL_VALUE_NO_CACHE = "no-cache";
 
  public static final String IS_POST = "isPost";
- public static final String SAML_INBOUND_SERVICE = "saml-inbound-service";
 
  private SAMLSSOConstants() {
  }
 
+ /**
+ * Constants related to log management.
+ */
+ public static class LogConstants {
+
+ public static final String SAML_INBOUND_SERVICE = "saml-inbound-service";
+
+ /**
+ * Define action IDs for diagnostic logs.
+ */
+ public static class ActionIDs {
+
+ public static final String PROCESS_SAML_LOGOUT = "process-saml-logout";
+ public static final String SAML_REQUEST_VALIDATION = "saml-request-validation";
+ public static final String SAML_LOGOUT_PROCESSING = "saml-logout-processing";
+ public static final String PROCESS_SAML_REQUEST = "process-saml-request";
+ public static final String HAND_OVER_TO_FRAMEWORK = "hand-over-to-framework";
+ }
+
+ /**
+ * Define common and reusable Input keys for diagnostic logs.
+ */
+ public static class InputKeys {
+
+ public static final String SAML_REQUEST = "saml request";
+ public static final String ISSUER = "issuer";
+ public static final String CONSUMER_URL = "consumer url";
+ public static final String AUTH_MODE = "auth mode";
+ public static final String ASSERTION_URL = "assertion url";
+ public static final String QUERY_STRING = "query string";
+
+
+ }
+
+
+ }
+
 
  public enum QueryParameter {
 

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/IdPInitLogoutRequestProcessor.java

@@ -21,6 +21,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
 import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
 import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
 import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
@@ -35,7 +36,7 @@
 
 import java.util.Map;
 
-import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.SAML_INBOUND_SERVICE;
+import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.LogConstants.SAML_INBOUND_SERVICE;
 import static org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.splitAppendedTenantDomain;
 
 public class IdPInitLogoutRequestProcessor implements IdpInitSSOLogoutRequestProcessor{
@@ -73,11 +74,13 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
 
  init(queryParamDTOs);
 
- DiagnosticLog.DiagnosticLogBuilder finalizeDiagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
- SAML_INBOUND_SERVICE, "saml-logout-processing");
+ DiagnosticLog.DiagnosticLogBuilder finalizeDiagLogBuilder = null;
  if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ // Initialize finalizeDiagLogBuilder here to avoid initializing it in every if condition.
+ finalizeDiagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
+ SAML_INBOUND_SERVICE, SAMLSSOConstants.LogConstants.ActionIDs.PROCESS_SAML_LOGOUT);
  DiagnosticLog.DiagnosticLogBuilder initializeDiagLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
- SAML_INBOUND_SERVICE, "saml-logout-processing");
+ SAML_INBOUND_SERVICE, SAMLSSOConstants.LogConstants.ActionIDs.PROCESS_SAML_LOGOUT);
  initializeDiagLogBuilder.resultMessage("Processing IDP initiated logout request.")
  .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION)
  .resultStatus(DiagnosticLog.ResultStatus.SUCCESS)
@@ -101,7 +104,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  log.error(SAMLSSOConstants.Notification.INVALID_SESSION);
  validationResponseDTO.setValid(false);
  validationResponseDTO.setLogoutFromAuthFramework(true);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(SAMLSSOConstants.Notification.INVALID_SESSION);
  }
@@ -118,7 +121,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  log.error(SAMLSSOConstants.Notification.INVALID_SESSION);
  validationResponseDTO.setValid(false);
  validationResponseDTO.setLogoutFromAuthFramework(true);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(SAMLSSOConstants.Notification.INVALID_SESSION);
  }
@@ -132,7 +135,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  if (StringUtils.isNotBlank(returnTo)) {
  log.error(SAMLSSOConstants.Notification.NO_SP_ENTITY_PARAM);
  validationResponseDTO.setValid(false);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(SAMLSSOConstants.Notification.NO_SP_ENTITY_PARAM);
  }
@@ -147,7 +150,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  if (logoutReqIssuer == null) {
  log.error(String.format(SAMLSSOConstants.Notification.INVALID_SP_ENTITY_ID, spEntityID));
  validationResponseDTO.setValid(false);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(SAMLSSOConstants.Notification.INVALID_SP_ENTITY_ID);
  }
@@ -158,7 +161,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  String errorMsg = String.format(SAMLSSOConstants.Notification.IDP_SLO_NOT_ENABLED, spEntityID);
  log.error(errorMsg);
  validationResponseDTO.setValid(false);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(errorMsg);
  }
@@ -170,7 +173,7 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  .getAssertionConsumerUrlList().contains(returnTo)) {
  log.error(SAMLSSOConstants.Notification.INVALID_RETURN_TO_URL);
  validationResponseDTO.setValid(false);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage(SAMLSSOConstants.Notification.INVALID_RETURN_TO_URL);
  }
@@ -184,21 +187,21 @@ public SAMLSSOReqValidationResponseDTO process(String sessionId, QueryParamDTO[]
  SAMLSSOUtil.setTenantDomainInThreadLocal(logoutReqIssuer.getTenantDomain());
  }
  validationResponseDTO.setValid(true);
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultMessage("Successfully processed IDP initiated logout request.")
  .resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
 
  }
 
  } catch (UserStoreException | IdentityException e) {
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.resultStatus(DiagnosticLog.ResultStatus.FAILED)
  .resultMessage("Error while processing IDP initiated logout request.")
- .inputParam("error message", e.getMessage());
+ .inputParam(LogConstants.InputKeys.ERROR_MESSAGE, e.getMessage());
  }
  throw IdentityException.error(SAMLSSOConstants.Notification.IDP_SLO_VALIDATE_ERROR, e);
  } finally {
- if (LoggerUtils.isDiagnosticLogsEnabled()) {
+ if (LoggerUtils.isDiagnosticLogsEnabled() && finalizeDiagLogBuilder != null) {
  finalizeDiagLogBuilder.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
  LoggerUtils.triggerDiagnosticLogEvent(finalizeDiagLogBuilder);
  }

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/IdPInitSSOAuthnRequestProcessor.java

@@ -23,6 +23,7 @@
 import org.opensaml.saml.saml2.core.Response;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
 import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
 import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
 import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
@@ -35,14 +36,15 @@
 import org.wso2.carbon.identity.sso.saml.internal.IdentitySAMLSSOServiceComponentHolder;
 import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
-import org.wso2.carbon.registry.core.utils.UUIDGenerator;
 import org.wso2.carbon.utils.DiagnosticLog;
 
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
 
-import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.SAML_INBOUND_SERVICE;
+import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.LogConstants.ActionIDs.SAML_REQUEST_VALIDATION;
+import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.LogConstants.InputKeys.SAML_REQUEST;
+import static org.wso2.carbon.identity.sso.saml.SAMLSSOConstants.LogConstants.SAML_INBOUND_SERVICE;
 
 public class IdPInitSSOAuthnRequestProcessor implements SSOAuthnRequestProcessor {
 
@@ -53,9 +55,9 @@ public SAMLSSORespDTO process(SAMLSSOAuthnReqDTO authnReqDTO, String sessionId,
 
  if (LoggerUtils.isDiagnosticLogsEnabled()) {
  DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
- SAML_INBOUND_SERVICE, "saml-request-validation");
+ SAML_INBOUND_SERVICE, SAML_REQUEST_VALIDATION);
  diagnosticLogBuilder.resultMessage("Validating SP initiated SAML Authentication Request.")
- .inputParam("saml request", authnReqDTO.getRequestMessageString())
+ .inputParam(SAML_REQUEST, authnReqDTO.getRequestMessageString())
  .inputParam("auth mode", authMode)
  .resultStatus(DiagnosticLog.ResultStatus.SUCCESS)
  .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
@@ -211,11 +213,11 @@ public SAMLSSORespDTO process(SAMLSSOAuthnReqDTO authnReqDTO, String sessionId,
  }
  if (LoggerUtils.isDiagnosticLogsEnabled()) {
  DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
- SAML_INBOUND_SERVICE, "saml-request-validation");
+ SAML_INBOUND_SERVICE, SAML_REQUEST_VALIDATION);
  diagnosticLogBuilder.resultMessage("SAML Request validation successful.")
  .inputParam("consumer url", samlssoRespDTO.getAssertionConsumerURL())
- .inputParam("user id", samlssoRespDTO.getSubject().getUserId())
- .inputParam("issuer", authnReqDTO.getIssuer())
+ .inputParam(LogConstants.InputKeys.USER_ID, samlssoRespDTO.getSubject().getUserId())
+ .inputParam(SAMLSSOConstants.LogConstants.InputKeys.ISSUER, authnReqDTO.getIssuer())
  .resultStatus(DiagnosticLog.ResultStatus.SUCCESS)
  .logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
  LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
@@ -338,9 +340,9 @@ private SAMLSSORespDTO buildErrorResponse(String id, List<String> statusCodeList
  samlSSORespDTO.setSessionEstablished(false);
  if (LoggerUtils.isDiagnosticLogsEnabled()) {
  DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
- SAML_INBOUND_SERVICE, "saml-request-validation");
+ SAML_INBOUND_SERVICE, SAML_REQUEST_VALIDATION);
  diagnosticLogBuilder.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION)
- .inputParam("saml request", id)
+ .inputParam(SAML_REQUEST, id)
  .inputParam("error saml response", encodedResponse)
  .resultMessage("An error occurred while processing the SAML request.")
  .resultStatus(DiagnosticLog.ResultStatus.FAILED);