Feature/issue 1971 correlation id logging

config/packages/ci/monolog.yaml

@@ -0,0 +1,10 @@
+monolog:
+    handlers:
+        test_log_handler:
+            type: service
+            id: OpenConext\EngineBlockFunctionalTestingBundle\Log\TestLogHandler
+        test_log_file:
+            type: stream
+            path: '/tmp/eb-fixtures/log-records.ndjson'
+            level: debug
+            formatter: monolog.formatter.json

config/packages/test/monolog.yaml

@@ -12,3 +12,6 @@ monolog:
             type:   stream
             path:   "%kernel.logs_dir%/%kernel.environment%.log"
             level:  DEBUG
+        test_log_handler:
+            type: service
+            id: OpenConext\EngineBlockFunctionalTestingBundle\Log\TestLogHandler

config/services/logging.yml

@@ -30,6 +30,12 @@ services:
         tags:
             - { name: monolog.processor }
 
+    OpenConext\EngineBlock\Logger\Processor\CorrelationIdProcessor:
+        arguments:
+            - '@OpenConext\EngineBlock\Request\CurrentCorrelationId'
+        tags:
+            - { name: monolog.processor }
+
     OpenConext\EngineBlock\Logger\Processor\SessionIdProcessor:
         tags:
             - { name: monolog.processor }

config/services/services.yml

@@ -57,6 +57,20 @@ services:
             - '@OpenConext\EngineBlock\Request\UniqidGenerator'
         public: true
 
+    OpenConext\EngineBlock\Request\CurrentCorrelationId:
+        public: true
+
+    OpenConext\EngineBlock\Request\CorrelationIdRepository:
+        public: true
+        arguments:
+            - '@request_stack'
+
+    OpenConext\EngineBlock\Request\CorrelationIdService:
+        public: true
+        arguments:
+            - '@OpenConext\EngineBlock\Request\CorrelationIdRepository'
+            - '@OpenConext\EngineBlock\Request\CurrentCorrelationId'
+
     OpenConext\EngineBlockBundle\Security\Http\EntryPoint\JsonBasicAuthenticationEntryPoint:
         arguments:
             - 'engine-api.%domain%'
@@ -379,3 +393,12 @@ services:
         class: OpenConext\EngineBlockBundle\Sbs\SbsAttributeMerger
         arguments:
             - "%sram.allowed_attributes%"
+
+    EngineBlock_Saml2_AuthnRequestSessionRepository:
+        class: EngineBlock_Saml2_AuthnRequestSessionRepository
+        public: true
+        arguments:
+            - '@request_stack'
+
+    OpenConext\EngineBlockFunctionalTestingBundle\Log\TestLogHandler:
+        public: true

config/services_ci.yaml

@@ -68,6 +68,11 @@ services:
     OpenConext\EngineBlockFunctionalTestingBundle\Features\Context\MinkContext:
         tags: ['fob.context']
 
+    OpenConext\EngineBlockFunctionalTestingBundle\Features\Context\LoggingContext:
+        arguments:
+            $logFile: '/tmp/eb-fixtures/log-records.ndjson'
+        tags: ['fob.context']
+
     OpenConext\EngineBlockFunctionalTestingBundle\Fixtures\SbsClientStateManager:
         arguments:
             - "@engineblock.functional_testing.data_store.sbs_client_state_mananger"

library/EngineBlock/Application/DiContainer.php

@@ -20,6 +20,7 @@
 use OpenConext\EngineBlock\Metadata\Factory\Factory\ServiceProviderFactory;
 use OpenConext\EngineBlock\Metadata\LoaRepository;
 use OpenConext\EngineBlock\Metadata\MetadataRepository\MetadataRepositoryInterface;
+use OpenConext\EngineBlock\Request\CorrelationIdService;
 use OpenConext\EngineBlock\Service\MfaHelperInterface;
 use OpenConext\EngineBlock\Service\ReleaseAsEnforcer;
 use OpenConext\EngineBlock\Service\TimeProvider\TimeProviderInterface;
@@ -613,4 +614,20 @@ public function getNameIdSubstituteResolver()
     {
         return new EngineBlock_Arp_NameIdSubstituteResolver($this->container->get('engineblock.compat.logger'));
     }
+
+    /**
+     * @return CorrelationIdService
+     */
+    public function getCorrelationIdService(): CorrelationIdService
+    {
+        return $this->container->get(CorrelationIdService::class);
+    }
+
+    /**
+     * @return EngineBlock_Saml2_AuthnRequestSessionRepository
+     */
+    public function getAuthnRequestSessionRepository(): EngineBlock_Saml2_AuthnRequestSessionRepository
+    {
+        return $this->container->get(EngineBlock_Saml2_AuthnRequestSessionRepository::class);
+    }
 }

library/EngineBlock/Corto/Module/Service/AssertionConsumer.php

@@ -89,6 +89,9 @@ public function serve($serviceName, Request $httpRequest)
         $receivedRequest = $this->_server->getReceivedRequestFromResponse($receivedResponse);
 
         $application = EngineBlock_ApplicationSingleton::getInstance();
+
+        $correlationIdService = $application->getDiContainer()->getCorrelationIdService();
+        $correlationIdService->resolve($receivedResponse->getInResponseTo());
         $log = $application->getLogInstance();
 
         if(!$receivedRequest instanceof EngineBlock_Saml2_AuthnRequestAnnotationDecorator){

library/EngineBlock/Corto/Module/Service/ContinueToIdp.php

@@ -85,7 +85,9 @@ public function serve($serviceName, Request $httpRequest)
             );
         }
 
-        $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->_server->getLogger());
+        $container = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer();
+
+        $authnRequestRepository = $container->getAuthnRequestSessionRepository();
         $request = $authnRequestRepository->findRequestById($id);
 
         if (!$request) {
@@ -94,6 +96,9 @@ public function serve($serviceName, Request $httpRequest)
             );
         }
 
+        $correlationIdService = $container->getCorrelationIdService();
+        $correlationIdService->resolve($id);
+
         // Flush log if SP or IdP has additional logging enabled
         if ($request->isDebugRequest()) {
             $sp = $this->getEngineSpRole($this->_server);

library/EngineBlock/Corto/Module/Service/ProcessConsent.php

@@ -85,6 +85,12 @@ public function serve($serviceName, Request $httpRequest)
         $response = $processStep->getResponse();
 
         $request = $this->_server->getReceivedRequestFromResponse($response);
+
+        $correlationIdService = EngineBlock_ApplicationSingleton::getInstance()
+            ->getDiContainer()
+            ->getCorrelationIdService();
+        $correlationIdService->resolve($request->getId());
+
         $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()->getValue());
 
         $destinationMetadata = EngineBlock_SamlHelper::getDestinationSpMetadata(

library/EngineBlock/Corto/Module/Service/ProvideConsent.php

@@ -100,14 +100,19 @@ public function serve($serviceName, Request $httpRequest)
 
         $receivedRequest = $this->_server->getReceivedRequestFromResponse($response);
 
+        $correlationIdService = EngineBlock_ApplicationSingleton::getInstance()
+            ->getDiContainer()
+            ->getCorrelationIdService();
+        $correlationIdService->resolve($receivedRequest->getId());
+
         // update previous response with current response
         $this->_processingStateHelper->updateStepResponseByRequestId(
             $receivedRequest->getId(),
             ProcessingStateHelperInterface::STEP_CONSENT,
             $response
         );
 
-        $request = $this->_server->getReceivedRequestFromResponse($response);
+        $request = $receivedRequest;
         $serviceProvider = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer()->getValue());
         $spMetadataChain = EngineBlock_SamlHelper::getSpRequesterChain(
             $serviceProvider,

library/EngineBlock/Corto/Module/Service/SingleSignOn.php

@@ -73,6 +73,7 @@ public function __construct(
     public function serve($serviceName, Request $httpRequest)
     {
         $application = EngineBlock_ApplicationSingleton::getInstance();
+        $container = $application->getDiContainer();
 
         $log = $this->_server->getLogger();
 
@@ -202,9 +203,9 @@ public function serve($serviceName, Request $httpRequest)
         // Multiple IdPs found...
 
         // Auto-select IdP when 'feature_enable_sso_notification' is enabled and send AuthenticationRequest on success
-        if ($application->getDiContainer()->getFeatureConfiguration()->isEnabled("eb.enable_sso_notification")) {
-            $idpEntityId = $application->getDiContainer()->getSsoNotificationService()->
-                handleSsoNotification($application->getDiContainer()->getSymfonyRequest()->cookies, $this->_server);
+        if ($container->getFeatureConfiguration()->isEnabled("eb.enable_sso_notification")) {
+            $idpEntityId = $container->getSsoNotificationService()->
+                handleSsoNotification($container->getSymfonyRequest()->cookies, $this->_server);
 
             if (!empty($idpEntityId)) {
                 try {
@@ -220,8 +221,8 @@ public function serve($serviceName, Request $httpRequest)
         }
 
         // Auto-select IdP when 'wayf.rememberChoice' feature is enabled and is allowed for the current request
-        if (($application->getDiContainer()->getRememberChoice() === true) && !($request->getForceAuthn() || $request->isDebugRequest())) {
-            $cookies = $application->getDiContainer()->getSymfonyRequest()->cookies->all();
+        if (($container->getRememberChoice() === true) && !($request->getForceAuthn() || $request->isDebugRequest())) {
+            $cookies = $container->getSymfonyRequest()->cookies->all();
             if (array_key_exists('rememberchoice', $cookies)) {
                 $remembered = json_decode($cookies['rememberchoice']);
                 if (array_search($remembered, $candidateIDPs) !== false) {
@@ -240,9 +241,13 @@ public function serve($serviceName, Request $httpRequest)
             return;
         }
 
-        $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($log);
+        $authnRequestRepository = $container->getAuthnRequestSessionRepository();
         $authnRequestRepository->store($request);
 
+        $correlationIdService = $container->getCorrelationIdService();
+        $correlationIdService->mint($request->getId());
+        $correlationIdService->resolve($request->getId());
+
         // Show WAYF
         $log->info("Multiple candidate IdPs: redirecting to WAYF");
         $this->_showWayf($request, $candidateIDPs);

library/EngineBlock/Corto/ProxyServer.php

@@ -461,16 +461,20 @@ public function sendAuthenticationRequest(
             }
         }
 
-        $authenticationState = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()
-            ->getAuthenticationStateHelper()
-            ->getAuthenticationState();
+        $container =  EngineBlock_ApplicationSingleton::getInstance()->getDiContainer();
+
+        $authenticationState = $container->getAuthenticationStateHelper()->getAuthenticationState();
         $authenticationState->startAuthenticationOnBehalfOf($ebRequest->getId(), $serviceProvider);
 
         // Store the original Request
-        $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->_logger);
+        $authnRequestRepository = $container->getAuthnRequestSessionRepository();
         $authnRequestRepository->store($spRequest);
         $authnRequestRepository->link($ebRequest, $spRequest);
 
+        $correlationIdService = $container->getCorrelationIdService();
+        $correlationIdService->mint($spRequest->getId());
+        $correlationIdService->link($ebRequest->getId(), $spRequest->getId());
+        $correlationIdService->resolve($spRequest->getId());
 
         $this->getBindingsModule()->send($ebRequest, $identityProvider);
     }
@@ -552,10 +556,19 @@ public function sendStepupAuthenticationRequest(
 
 
         // Link with the original Request
-        $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->_logger);
+        $authnRequestRepository = EngineBlock_ApplicationSingleton::getInstance()
+            ->getDiContainer()
+            ->getAuthnRequestSessionRepository();
         $authnRequestRepository->store($spRequest);
         $authnRequestRepository->link($ebRequest, $spRequest);
 
+        $correlationIdService = EngineBlock_ApplicationSingleton::getInstance()
+            ->getDiContainer()
+            ->getCorrelationIdService();
+        $correlationIdService->mint($spRequest->getId());
+        $correlationIdService->link($ebRequest->getId(), $spRequest->getId());
+        $correlationIdService->resolve($spRequest->getId());
+
         $this->getBindingsModule()->send($ebRequest, $identityProvider, true);
     }
 
@@ -1097,7 +1110,9 @@ public function getReceivedRequestFromResponse(EngineBlock_Saml2_ResponseAnnotat
 
     public function findRequestFromRequestId(string $requestId): ?EngineBlock_Saml2_AuthnRequestAnnotationDecorator
     {
-        $authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->getLogger());
+        $authnRequestRepository = EngineBlock_ApplicationSingleton::getInstance()
+            ->getDiContainer()
+            ->getAuthnRequestSessionRepository();
 
         $spRequestId = $authnRequestRepository->findLinkedRequestId($requestId);
         if ($spRequestId === null) {