@@ -360,14 +360,7 @@ public function assertionConsumerService(): Http\RedirectResponse {
360360
361361 $ this logger ->debug ('Attributes send by the IDP: ' . json_encode ($ authgetAttributes (), JSON_THROW_ON_ERROR ));
362362
363- $ errors$ authgetErrors ();
364-
365- if (!empty ($ errors
366- foreach ($ errorsas $ error
367- $ this logger ->error ($ error'app ' => $ this appName ]);
368- }
369- $ this logger ->error ($ authgetLastErrorReason () ?? 'No last error reason found ' , ['app ' => $ this appName ]);
370- }
363+ $ this handleAuthErrors ($ auth
371364
372365 if (!$ authisAuthenticated ()) {
373366 $ this logger ->info ('Auth failed ' , ['app ' => $ this appName ]);
@@ -530,6 +523,8 @@ private function tryProcessSLOResponse(?int $idp): array {
530523 ));
531524 if ($ authgetLastErrorReason () === null ) {
532525 return [$ targetUrl$ auth
526+ } else {
527+ $ this handleAuthErrors ($ auth
533528 }
534529 } catch (Error
535530 continue ;
@@ -660,4 +655,30 @@ public function base(): Http\TemplateResponse {
660655 $ message$ this l ->t ('This page should not be visited directly. ' );
661656 return new Http \TemplateResponse ($ this appName , 'error ' , ['message ' => $ message'guest ' );
662657 }
658+
659+ private function handleAuthErrors (Auth $ authvoid {
660+ $ errors$ authgetErrors ();
661+ $ lastReason$ authgetLastErrorReason ();
662+
663+ if ($ errors
664+ return ;
665+ }
666+
667+ if ($ lastReasonnull ) {
668+ $ this logger ->error ('SAML errored with no error message: ' . $ errors0 ] . '. ' );
669+ return ;
670+ }
671+
672+ // Only the last error has a corresponding exception and reason
673+ $ this logger ->error ('SAML errored with: ' . $ lastReason' (code: ' . $ errorscount ($ errors1 ] . '). ' , [
674+ 'exception ' => $ authgetLastErrorException (),
675+ ]);
676+
677+ if (count ($ errors1 ) {
678+ // iterate from second last to first one
679+ for ($ icount ($ errors2 ; $ i0 ; $ i
680+ $ this logger ->error ('Additional SAML error code: ' . $ errors$ i
681+ }
682+ }
683+ }
663684}
0 commit comments