@@ -360,14 +360,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
360360
361361 $ this logger ->debug ('Attributes send by the IDP: ' . json_encode ($ authgetAttributes (), JSON_THROW_ON_ERROR ));
362362
363- $ errors$ authgetErrors ();
364-
365- if (!empty ($ errors
366- foreach ($ errorsas $ error
367- $ this logger ->error ($ error'app ' => $ this appName ]);
368- }
369- $ this logger ->error ($ authgetLastErrorReason () ?? 'No last error reason found ' , ['app ' => $ this appName ]);
370- }
363+ $ this handleAuthErrors ($ auth
371364
372365 if (!$ authisAuthenticated ()) {
373366 $ this logger ->info ('Auth failed ' , ['app ' => $ this appName ]);
@@ -530,6 +523,8 @@ private function tryProcessSLOResponse(?int $idp): array {
530523 ));
531524 if ($ authgetLastErrorReason () === null ) {
532525 return [$ targetUrl$ auth
526+ } else {
527+ $ this handleAuthErrors ($ auth
533528 }
534529 } catch (Error
535530 continue ;
@@ -660,4 +655,27 @@ public function base(): Http\TemplateResponse {
660655 $ message$ this l ->t ('This page should not be visited directly. ' );
661656 return new Http \TemplateResponse ($ this appName , 'error ' , ['message ' => $ message'guest ' );
662657 }
658+
659+ private function handleAuthErrors (Auth $ authvoid {
660+ $ errors$ authgetErrors ();
661+ $ lastReason$ authgetLastErrorReason ();
662+
663+ if ($ errors
664+ if ($ lastReasonnull ) {
665+ $ this logger ->error ('Got SAML error with no error message: ' . $ errors0 ] . '. This should not happen! ' );
666+ return ;
667+ }
668+
669+ // Only the last error has a corresponding exception and reason
670+ $ this logger ->error ('Got SAML error: ' . $ lastReason'(code: ' . $ errorscount ($ errors1 ] . '). ' , [
671+ 'exception ' => $ authgetLastErrorException (),
672+ ]);
673+
674+ if (count ($ errors1 ) {
675+ for ($ i1 ; $ icount ($ errors$ i
676+ $ this logger ->error ('Got additional SAML error code: ' . $ errors0 ]);
677+ }
678+ }
679+ }
680+ }
663681}
0 commit comments