Shibboleth Developers

[Velpi <>]

> Audit: contains the following information about completed transactions,
> note not all fields may appear for every request/response pair: response
> time, asserting party ID, relying party ID, incoming request binding,
> outgoing response binding, message profile, SAML request ID, SAML
> response ID, user principal name, per-sp, per-principal authentication
> method, ID of released attributes


> Anything additional people need in either the access or audit logs?
> Note that both logs will be written in some parsable format ( | (pipe)
> delimited by default).


I hope the pipes will still be written even if the field is not present 
(will probably be so, but just checking).

I think this is what managers certainly want to see regularly (from logs):
* amount of successful logins (par day/month)
* amount of failed logins (par day/month)
* reasons why the logins failed
"Access: ... whether they complete or error out": depending on how this 
information is shown (code for login ok, login fail, query fail etc? or 
a detailed string?), this should be very useful for those purposes.


-- Velpi