Storing entityIds instead of Names

* Because the SP / IdP can change the name, there is a problem that after changing the name, this SP / IdP is stored in statistics multiple times.
* It is better to store SP/Idp identifier (EntityID and ClientID; This identifier should be unchangeable) and store tables for mapping identifier to Name.

Author: vyskocilpavel

CHANGELOG.md

@@ -2,6 +2,11 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+[Added]
+- Added mapping tables for mapping identifier to name
+
+[Changed]
+- Storing entityIds instead of SpName/IdPName. 
 
 ## [v1.2.1]
 [Fixed]

config-templates/module_statisticsproxy.php

@@ -38,11 +38,21 @@
      */
     'identityProvidersTableName' => 'identityProviders',
 
+    /*
+     * Fill the table name for identityProvidersMap
+     */
+    'identityProvidersMapTableName' => 'identityProvidersMap',
+
     /*
      * Fill the table name for serviceProviders
      */
     'serviceProvidersTableName' => 'serviceProviders',
 
+    /*
+     * Fill the table name for serviceProviders
+     */
+    'serviceProvidersMapTableName' => 'serviceProvidersMap',
+
     /*
      * Fill true, if you want to use encryption, false if not.
      */

config-templates/tables.sql

@@ -1,4 +1,4 @@
-#Statistics for IdPs
+--Statistics for IdPs
 CREATE TABLE identityProviders (
 	year INT NOT NULL,
 	month INT NOT NULL,
@@ -12,7 +12,7 @@ CREATE TABLE identityProviders (
 	PRIMARY KEY (year, month, day, sourceIdp)
 );
 
-#Statistics for services
+--Statistics for services
 CREATE TABLE serviceProviders(
 	year INT NOT NULL,
 	month INT NOT NULL,
@@ -24,4 +24,18 @@ CREATE TABLE serviceProviders(
 	INDEX (year,month),
 	INDEX (year,month,day),
 	PRIMARY KEY (year, month, day, service)
+);
+
+--Tables for mapping identifier to name
+CREATE TABLE identityProvidersMap(
+	entityId VARCHAR(255) NOT NULL,
+	name VARCHAR(255) NOT NULL,
+	PRIMARY KEY (entityId)
+);
+
+DROP TABLE serviceProvidersMap;
+CREATE TABLE serviceProvidersMap(
+	identifier VARCHAR(255) NOT NULL,
+	name VARCHAR(255) NOT NULL,
+	PRIMARY KEY (identifier)
 );

lib/Auth/Process/DatabaseCommand.php

@@ -13,25 +13,47 @@ public static function insertLogin(&$request, &$date)
         $conn = $databaseConnector->getConnection();
         assert($conn != NULL);
         $identityProvidersTableName = $databaseConnector->getIdentityProvidersTableName();
+        $identityProvidersMapTableName = $databaseConnector->getIdentityProvidersMapTableName();
         $serviceProvidersTableName = $databaseConnector->getServiceProvidersTableName();
-        $sourceIdp = $request['Attributes']['sourceIdPName'][0];
-        $service = $request['Destination']['name']['en'];
+        $serviceProvidersMapTableName = $databaseConnector->getServiceProvidersMapTableName();
+        $idpEntityID = $request['saml:sp:IdP'];
+        $idpName = $request['Attributes']['sourceIdPName'][0];
+        $spEntityId = $request['Destination']['entityid'];
+        $spName = $request['Destination']['name']['en'];
         $year = $date->format('Y');
         $month = $date->format('m');
         $day = $date->format('d');
 
-        $stmt = $conn->prepare("INSERT INTO ".$identityProvidersTableName."(year, month, day, sourceIdp, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
-        $stmt->bind_param("iiis", $year, $month, $day, $sourceIdp);
-        if ($stmt->execute() === FALSE) {
-            SimpleSAML\Logger::error("The login log wasn't inserted into the database.");
-        }
+        if (is_null($idpEntityID) || empty($idpEntityID) || is_null($spEntityId) || empty($spEntityId)) {
+            SimpleSAML\Logger::error("Some from attribute: 'idpEntityId', 'idpName', 'spEntityId' and 'spName' is null or empty and login log wasn't inserted into the database.");
+        } else {
+            $stmt = $conn->prepare("INSERT INTO ".$identityProvidersTableName."(year, month, day, sourceIdp, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
+            $stmt->bind_param("iiis", $year, $month, $day, $idpEntityID);
+            if ($stmt->execute() === FALSE) {
+                SimpleSAML\Logger::error("The login log wasn't inserted into table: " . $identityProvidersTableName . ".");
+            }
+
+            $stmt = $conn->prepare("INSERT INTO ".$serviceProvidersTableName."(year, month, day, service, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
+            $stmt->bind_param("iiis", $year, $month, $day, $spEntityId);
+            if ($stmt->execute() === FALSE) {
+                SimpleSAML\Logger::error("The login log wasn't inserted into into table: " . $serviceProvidersTableName . ".");
+            }
+
+            if (is_null($idpName) || empty($idpName)) {
+	            $stmt->prepare("INSERT INTO " . $identityProvidersMapTableName . "(entityId, name) VALUES (?, ?) ON DUPLICATE KEY UPDATE name = ?");
+	            $stmt->bind_param("sss", $idpEntityID, $idpName, $idpName);
+	            $stmt->execute();
+            }
 
-        $stmt = $conn->prepare("INSERT INTO ".$serviceProvidersTableName."(year, month, day, service, count) VALUES (?, ?, ?, ?, '1') ON DUPLICATE KEY UPDATE count = count + 1");
-        $stmt->bind_param("iiis", $year, $month, $day, $service);
-        if ($stmt->execute() === FALSE) {
-            SimpleSAML\Logger::error("The login log wasn't inserted into the database.");
+            if (is_null($spName) || empty($spName)) {
+	            $stmt->prepare("INSERT INTO " . $serviceProvidersMapTableName . "(identifier, name) VALUES (?, ?) ON DUPLICATE KEY UPDATE name = ?");
+	            $stmt->bind_param("sss", $spEntityId, $spName, $spName);
+	            $stmt->execute();
+            }
         }
 
+        SimpleSAML\Logger::error("The login log was successfully stored in database");
+
         $conn->close();
     }
 
@@ -56,12 +78,13 @@ public static function getLoginCountPerDeyPerService()
         $databaseConnector = new DatabaseConnector();
         $conn = $databaseConnector->getConnection();
         assert($conn != NULL);
-        $table_name = $databaseConnector->getIdentityProvidersTableName();
-        $stmt = $conn->prepare("SELECT year, month, sourceIdp, SUM(count) AS count FROM ".$table_name. " GROUP BY year, month, sourceIdp HAVING sourceIdp != '' ORDER BY year DESC, month DESC, count DESC");
+        $identityProvidersTableName = $databaseConnector->getIdentityProvidersTableName();
+        $identityProvidersMapTableName = $databaseConnector->getIdentityProvidersMapTableName();
+        $stmt = $conn->prepare("SELECT year, month, IFNULL(name,sourceIdp) AS idPName, SUM(count) AS count FROM ".$identityProvidersTableName. " LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId GROUP BY year, month, sourceIdp HAVING sourceIdp != '' ORDER BY year DESC, month DESC, count DESC");
         $stmt->execute();
         $result = $stmt->get_result();
         while($row = $result->fetch_assoc()) {
-            echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["sourceIdp"]."', {v:".$row["count"]."}],";
+            echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["idPName"]."', {v:".$row["count"]."}],";
         }
         $conn->close();
     }
@@ -71,12 +94,13 @@ public static function getAccessToServicesPerMonth()
         $databaseConnector = new DatabaseConnector();
         $conn = $databaseConnector->getConnection();
         assert($conn != NULL);
-        $table_name = $databaseConnector->getServiceProvidersTableName();
-        $stmt = $conn->prepare("SELECT year, month, service, SUM(count) AS count FROM ".$table_name." GROUP BY year DESC, month DESC, service HAVING service != '' ORDER BY year DESC, month DESC, count DESC");
+        $serviceProvidersTableName = $databaseConnector->getServiceProvidersTableName();
+        $serviceProvidersMapTableName = $databaseConnector->getServiceProvidersMapTableName();
+        $stmt = $conn->prepare("SELECT year, month, IFNULL(name,service) AS spName, SUM(count) AS count FROM ".$serviceProvidersTableName." LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier GROUP BY year DESC, month DESC, service HAVING service != '' ORDER BY year DESC, month DESC, count DESC");
         $stmt->execute();
         $result = $stmt->get_result();
         while($row = $result->fetch_assoc()) {
-            echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["service"]."', {v:".$row["count"]."}],";        }
+            echo "[new Date(".$row["year"].",".($row["month"] - 1 )."),'".$row["spName"]."', {v:".$row["count"]."}],";        }
         $conn->close();
     }
 
@@ -128,12 +152,13 @@ public static function getAccessCountPerService()
         $databaseConnector = new DatabaseConnector();
         $conn = $databaseConnector->getConnection();
         assert($conn != NULL);
-        $table_name = $databaseConnector->getServiceProvidersTableName();
-        $stmt = $conn->prepare("SELECT service, SUM(count) AS count FROM ".$table_name." GROUP BY service HAVING service != ''");
+        $serviceProvidersTableName = $databaseConnector->getServiceProvidersTableName();
+        $serviceProvidersMapTableName = $databaseConnector->getServiceProvidersMapTableName();
+        $stmt = $conn->prepare("SELECT IFNULL(name,service) AS spName, SUM(count) AS count FROM ".$serviceProvidersTableName." LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier GROUP BY service HAVING service != ''");
         $stmt->execute();
         $result = $stmt->get_result();
         while($row = $result->fetch_assoc()) {
-            echo "['".$row["service"]."', ".$row["count"]."],";
+            echo "['".$row["spName"]."', ".$row["count"]."],";
         }
         $conn->close();
     }
@@ -143,12 +168,13 @@ public static function getLoginCountPerIdp()
         $databaseConnector = new DatabaseConnector();
         $conn = $databaseConnector->getConnection();
         assert($conn != NULL);
-        $table_name = $databaseConnector->getIdentityProvidersTableName();
-        $stmt = $conn->prepare("SELECT sourceIdp, SUM(count) AS count FROM ".$table_name." GROUP BY sourceIdp HAVING sourceIdp != ''");
+        $identityProvidersTableName = $databaseConnector->getIdentityProvidersTableName();
+        $identityProvidersMapTableName = $databaseConnector->getIdentityProvidersMapTableName();
+        $stmt = $conn->prepare("SELECT IFNULL(name,sourceIdp) AS idPName, SUM(count) AS count FROM ".$identityProvidersTableName. " LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId GROUP BY sourceIdp HAVING sourceIdp != ''");
         $stmt->execute();
         $result = $stmt->get_result();
         while($row = $result->fetch_assoc()) {
-            echo "['".$row["sourceIdp"]."', ".$row["count"]."],";
+            echo "['".$row["idPName"]."', ".$row["count"]."],";
         }
         $conn->close();
     }

lib/Auth/Process/DatabaseConnector.php

@@ -11,7 +11,9 @@ class databaseConnector
     private $password;
     private $databaseName;
     private $identityProvidersTableName;
+    private $identityProvidersMapTableName;
     private $serviceProvidersTableName;
+    private $serviceProvidersMapTableName;
     private $encryption;
     private $sslCA;
     private $sslCert;
@@ -25,7 +27,9 @@ class databaseConnector
     const PASSWORD = 'password';
     const DATABASE = 'databaseName';
     const IDP_TABLE_NAME = 'identityProvidersTableName';
+    const IDP_MAP_TABLE_NAME = 'identityProvidersMapTableName';
     const SP_TABLE_NAME = 'serviceProvidersTableName' ;
+    const SP_MAP_TABLE_NAME = 'serviceProvidersMapTableName';
     const ENCRYPTION = 'encryption';
     const SSL_CA = 'ssl_ca';
     const SSL_CERT = 'ssl_cert_path';
@@ -43,7 +47,9 @@ public function __construct ()
         $this->password = $conf->getString(self::PASSWORD);
         $this->databaseName = $conf->getString(self::DATABASE);
         $this->identityProvidersTableName = $conf->getString(self::IDP_TABLE_NAME);
+        $this->identityProvidersMapTableName = $conf->getString(self::IDP_MAP_TABLE_NAME);
         $this->serviceProvidersTableName = $conf->getString(self::SP_TABLE_NAME);
+        $this->serviceProvidersMapTableName = $conf->getString(self::SP_MAP_TABLE_NAME);
         $this->encryption = $conf->getBoolean(self::ENCRYPTION);
         $this->sslCA = $conf->getString(self::SSL_CA);
         $this->sslCert = $conf->getString(self::SSL_CERT);
@@ -80,11 +86,20 @@ public function getIdentityProvidersTableName()
 
     }
 
+    public function getIdentityProvidersMapTableName()
+    {
+    	return $this->identityProvidersMapTableName;
+    }
+
     public function getServiceProvidersTableName()
     {
         return $this->serviceProvidersTableName;
 
     }
 
+	public function getServiceProvidersMapTableName()
+	{
+		return $this->serviceProvidersMapTableName;
+	}
 
 }