Skip to Content.
Sympa Menu

shibboleth-dev - Re: IdP Logs: Last change to comment

Subject: Shibboleth Developers

List archive

Re: IdP Logs: Last change to comment


Chronological Thread 
  • From: Velpi <>
  • To:
  • Subject: Re: IdP Logs: Last change to comment
  • Date: Wed, 13 Jun 2007 12:46:08 +0200
  • Organization: studentenvereniging Industria vzw

Audit: contains the following information about completed transactions,
note not all fields may appear for every request/response pair: response
time, asserting party ID, relying party ID, incoming request binding,
outgoing response binding, message profile, SAML request ID, SAML
response ID, user principal name, per-sp, per-principal authentication
method, ID of released attributes


Anything additional people need in either the access or audit logs?
Note that both logs will be written in some parsable format ( | (pipe)
delimited by default).


I hope the pipes will still be written even if the field is not present (will probably be so, but just checking).

I think this is what managers certainly want to see regularly (from logs):
* amount of successful logins (par day/month)
* amount of failed logins (par day/month)
* reasons why the logins failed
"Access: ... whether they complete or error out": depending on how this information is shown (code for login ok, login fail, query fail etc? or a detailed string?), this should be very useful for those purposes.


-- Velpi



Archive powered by MHonArc 2.6.16.

Top of Page