diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb index 65338300e68..65f22a26029 100644 --- a/app/controllers/saml_idp_controller.rb +++ b/app/controllers/saml_idp_controller.rb @@ -136,6 +136,8 @@ def log_external_saml_auth_request analytics.saml_auth_request( requested_ial: requested_ial, + requested_aal_authn_context: saml_request&.requested_aal_authn_context, + force_authn: saml_request&.force_authn?, service_provider: saml_request&.issuer, ) end diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb index 0e560322a42..7d1ccb3b50b 100644 --- a/app/services/analytics_events.rb +++ b/app/services/analytics_events.rb @@ -2684,10 +2684,14 @@ def saml_auth( end # @param [Integer] requested_ial + # @param [String,nil] requested_aal_authn_context + # @param [Boolean,nil] force_authn # @param [String] service_provider # An external request for SAML Authentication was received def saml_auth_request( requested_ial:, + requested_aal_authn_context:, + force_authn:, service_provider:, **extra ) @@ -2695,6 +2699,8 @@ def saml_auth_request( 'SAML Auth Request', { requested_ial: requested_ial, + requested_aal_authn_context: requested_aal_authn_context, + force_authn: force_authn, service_provider: service_provider, **extra, }.compact, diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb index 279aeed87fe..71ac27cd1c2 100644 --- a/spec/controllers/saml_idp_controller_spec.rb +++ b/spec/controllers/saml_idp_controller_spec.rb @@ -569,6 +569,7 @@ def name_id_version(format_urn) with('SAML Auth Request', { requested_ial: authn_context, service_provider: sp1_issuer, + force_authn: false, }) expect(@analytics).to receive(:track_event). with('SAML Auth', { @@ -710,6 +711,7 @@ def name_id_version(format_urn) with('SAML Auth Request', { requested_ial: 'ialmax', service_provider: sp1_issuer, + force_authn: false, }) expect(@analytics).to receive(:track_event). with('SAML Auth', { @@ -925,6 +927,19 @@ def name_id_version(format_urn) saml_final_post_auth(saml_request(saml_settings(overrides: { force_authn: true }))) expect(session[:sp][:final_auth_request]).to be_falsey end + + it 'logs SAML Auth Request' do + stub_analytics + expect(@analytics).to receive(:track_event). + with('SAML Auth Request', { + requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, + service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: true, + }) + + saml_get_auth(saml_settings(overrides: { force_authn: true })) + end end context 'service provider is inactive' do @@ -1549,6 +1564,8 @@ def name_id_version(format_urn) with('SAML Auth Request', { requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false, }) saml_get_auth(saml_settings) @@ -1992,6 +2009,8 @@ def name_id_version(format_urn) with('SAML Auth Request', { requested_ial: Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false, }) expect(@analytics).to receive(:track_event). with('SAML Auth', analytics_hash) @@ -2037,6 +2056,8 @@ def stub_requested_attributes with('SAML Auth Request', { requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false, }) expect(@analytics).to receive(:track_event).with('SAML Auth', analytics_hash) expect(@analytics).to receive(:track_event). @@ -2073,6 +2094,8 @@ def stub_requested_attributes with('SAML Auth Request', { requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false, }) expect(@analytics).to receive(:track_event).with('SAML Auth', analytics_hash) expect(@analytics).to receive(:track_event). diff --git a/spec/features/saml/saml_spec.rb b/spec/features/saml/saml_spec.rb index fd43089ca59..78d39cd729d 100644 --- a/spec/features/saml/saml_spec.rb +++ b/spec/features/saml/saml_spec.rb @@ -407,7 +407,9 @@ expect(fake_analytics.events['SAML Auth Request']).to eq( [{ requested_ial: 'http://idmanagement.gov/ns/assurance/ial/1', - service_provider: 'http://localhost:3000' }], + service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false }], ) expect(fake_analytics.events['SAML Auth'].count).to eq 2 @@ -439,7 +441,8 @@ expect(fake_analytics.events['SAML Auth Request']).to eq( [{ requested_ial: 'http://idmanagement.gov/ns/assurance/ial/2', - service_provider: 'saml_sp_ial2' }], + service_provider: 'saml_sp_ial2', + force_authn: false }], ) expect(fake_analytics.events['SAML Auth'].count).to eq 2 @@ -463,7 +466,9 @@ expect(fake_analytics.events['SAML Auth Request']).to eq( [{ requested_ial: 'http://idmanagement.gov/ns/assurance/ial/1', - service_provider: 'http://localhost:3000' }], + service_provider: 'http://localhost:3000', + requested_aal_authn_context: Saml::Idp::Constants::AAL2_AUTHN_CONTEXT_CLASSREF, + force_authn: false }], ) expect(fake_analytics.events['SAML Auth'].count).to eq 2