Log failures instead of just bubbling them back to httpd.

author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)

committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)
author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)
committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)
diff --git a/shib/ShibBrowserProfile.cpp b/shib/ShibBrowserProfile.cpp

index 663d5ad..869df11 100644 (file)
--- a/shib/ShibBrowserProfile.cpp
+++ b/shib/ShibBrowserProfile.cpp
@@ -126,6 +126,7 @@ SAMLBrowserProfile::BrowserProfileResponse ShibBrowserProfile::receive(
              log.debug("passing signed response to trust layer");
              if (!t.validate(*bpr.response,role)) {
                  bpr.clear();
+                log.error("unable to verify signed profile response");
                  TrustException ex("unable to verify signed profile response");
                  annotateException(&ex,role); // throws it
              }
@@ -135,6 +136,7 @@ SAMLBrowserProfile::BrowserProfileResponse ShibBrowserProfile::receive(
              log.debug("passing signed authentication assertion to trust layer"); 
              if (!t.validate(*bpr.assertion,role)) {
                  bpr.clear();
+                log.error("unable to verify signed authentication assertion");
                  TrustException ex("unable to verify signed authentication assertion");
                  annotateException(&ex,role); // throws it
              }
author	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)
committer	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Wed, 20 Jul 2005 02:38:01 +0000 (02:38 +0000)