Shibboleth Developers

["Tom Scavo" <>]

[this thread probably belongs in shibboleth-users]

Hi Simone,

Since the authentication step is separate from Shibboleth, the logging
of the authentication context is mostly out of scope (as Scott said).
I say "mostly" since the IdP will accept three values from the
authentication service:

1. the authenticated user name (via REMOTE_USER)
2. the time of authentication (AuthenticationInstant)
3. the method of authentication (AuthenticationMethod)

These values will be logged by the IdP along with other detailed
information regarding the authentication assertion it issues to the
SP.  Does this help?

Tom

On 7/27/07, Simone Avogadro 
<>
 wrote:
> Thanks for the answer Scott!
> Here in Italy (and elsewhere in the world nowadays, I suppose) we have some
> laws which require us to track whom are we giving access to services and we
> try to do it in the most privacy-aware way
> do you have at hand any document/link that you belive might help us?
>
>
>     -Simone
>
> --
> ------------------------------------------------------
> Simone Ing. Avogadro
> Wise-Lab S.r.l.
> via del Lavoro, 16 - 22100 Como (Italy)
> Email: simone.avogadro/at/wise-
> lab.it
> Tel/Fax: +39-031-526012
> Web: http://www.wise-lab.it
> ------------------------------------------------------
>
>
>
> Leggi l'informativa in base all'art.13 del D.lgs. 30 giugno 2003, 196 sul
> trattamento dei dati personali:
>  http://www.wise-lab.it/switch/switch2Meta.jsp?meta=90
> 2007/7/26, Scott Cantor 
> <>:
> > >  we are going to setup a Shibboleth IdP and are considering which data
> to
> > > track during the authentication process
> > > in order to do this the auth application needs to know which shibbleth-
> > > session-id has been assigned to the authenticated user
> >
> > There is no such thing, the current IdP is nominally stateless and any
> > sessions are handled by the authentication component.
> >
> > -- Scott
> >
> >
> >
> >
>
>