diff --git a/src/Surfnet/StepupGateway/GatewayBundle/Controller/SecondFactorController.php b/src/Surfnet/StepupGateway/GatewayBundle/Controller/SecondFactorController.php index 19f38e1a..c041899b 100644 --- a/src/Surfnet/StepupGateway/GatewayBundle/Controller/SecondFactorController.php +++ b/src/Surfnet/StepupGateway/GatewayBundle/Controller/SecondFactorController.php @@ -111,7 +111,13 @@ public function selectSecondFactorForVerificationAction($authenticationMode, Req $ssoCookie = $this->getCookieService()->read($request); // Test if the SSO cookie can satisfy the second factor authentication requirements if ($this->getCookieService()->maySkipAuthentication($requiredLoa->getLevel(), $identityNameId, $ssoCookie)) { - $logger->notice('Skipping second factor authentication. Required LoA was met by the LoA recorded in the cookie'); + $logger->notice( + 'Skipping second factor authentication. Required LoA was met by the LoA recorded in the cookie', + [ + 'required-loa' => $requiredLoa->getLevel(), + 'cookie-loa' => $ssoCookie->getLoa() + ] + ); // We use the SF from the cookie as the SF that was used for authenticating the second factor authentication $secondFactor = $this->getSecondFactorService()->findByUuid($ssoCookie->secondFactorId()); $this->getResponseContext($authenticationMode)->saveSelectedSecondFactor($secondFactor); diff --git a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/CookieService.php b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/CookieService.php index 5a6dd8be..3ea05e7e 100644 --- a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/CookieService.php +++ b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/CookieService.php @@ -174,7 +174,7 @@ public function preconditionsAreMet(ResponseContext $responseContext): bool if (!$remoteSp->allowSsoOn2fa()) { $this->logger->notice( sprintf( - 'Ignoring SSO on 2FA for SP: %s', + 'SSO on 2FA is disabled by config for SP: %s', $remoteSp->getEntityId() ) ); diff --git a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/CookieValueInterface.php b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/CookieValueInterface.php index 3018ece4..cacce7d3 100644 --- a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/CookieValueInterface.php +++ b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/CookieValueInterface.php @@ -29,4 +29,6 @@ public function meetsRequiredLoa(float $requiredLoa): bool; public function authenticationTime(): int; public function secondFactorId(): string; + + public function getLoa(): float; } diff --git a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/NullCookieValue.php b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/NullCookieValue.php index 78d172b1..4cc43f4a 100644 --- a/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/NullCookieValue.php +++ b/src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/NullCookieValue.php @@ -44,4 +44,9 @@ public function secondFactorId(): string { return ''; } + + public function getLoa(): float + { + // TODO: Implement getLoa() method. + } } diff --git a/src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/CookieServiceTest.php b/src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/CookieServiceTest.php index d1a395db..7af43f3d 100644 --- a/src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/CookieServiceTest.php +++ b/src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/CookieServiceTest.php @@ -199,7 +199,7 @@ public function test_check_preconditions_is_remote_sp_disabled() $this->logger ->shouldReceive('notice') - ->with('Ignoring SSO on 2FA for SP: https://remote.sp.stepup.example.com'); + ->with('SSO on 2FA is disabled by config for SP: https://remote.sp.stepup.example.com'); self::assertFalse($this->service->preconditionsAreMet($this->responseContext)); }