Shibboleth Developers

[Patrik Schnellmann <>]

Hello Chad

That looks very good. I think we will be able to pull out all we need.

Would it make sense to add timezone information to the request/response times?

Best regards,
Patrik

Chad La Joie wrote:
> Okay, last chance for comments.
> 
> The Shibboleth 2.0 IdP will have three logs: access, audit, and normal
> log4j log(s).
> 
> Access: contains information about incoming requests, whether they
> complete or error out.  Contains the following fields: request time,
> remote host IP, server host IP, server port, request path
> 
> Audit: contains the following information about completed transactions,
> note not all fields may appear for every request/response pair: response
> time, asserting party ID, relying party ID, incoming request binding,
> outgoing response binding, message profile, SAML request ID, SAML
> response ID, user principal name, per-sp, per-principal authentication
> method, ID of released attributes
> 
> log4j log(s): logging messages from the IdP as it executes, could be
> split into separate logs based on severity (i.e. error log for error and
> fatal messages, another for everything else).
> 
> Anything additional people need in either the access or audit logs?
> Note that both logs will be written in some parsable format ( | (pipe)
> delimited by default).