shibboleth-dev - Re: Custom logging in Shibbolth 1.3 IdP
Subject: Shibboleth Developers
List archive
- From: "Simone Avogadro" <>
- To:
- Subject: Re: Custom logging in Shibbolth 1.3 IdP
- Date: Mon, 30 Jul 2007 14:47:02 +0200
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=GjCXaUepWlRnWXZ4p9dJQ+aO9YL1ez96nRcMxyUn0ElwLT3f9uaAveDK4vBdWH802AqlovAs5iKcbX6gODRE8ZPyWn3AvVQoizpmY6mGCfhjXpssRAcn2fbmmwWIwYI/Kj+B0PaPy9m0jK5M1zfRwdQRXoCyHq9fS/z6QbYe104=
Hi Tom,
thanks for the answer, I will try to dig into the IdP logs so to understand if this is enougth for us. The only real problem I foresee is the bi-directionality of this information, but probably we might address this problems by post-processing and merging the logs so to make is one-way
thansk for helping,
-Simone
P.s.: I don't actually unserstand very well what already exists within shibboleth and what needs to be implemented so I made my choice of posting to shib-dev by a raw guess...
2007/7/27, Tom Scavo <>:
[this thread probably belongs in shibboleth-users]
Hi Simone,
Since the authentication step is separate from Shibboleth, the logging
of the authentication context is mostly out of scope (as Scott said).
I say "mostly" since the IdP will accept three values from the
authentication service:
1. the authenticated user name (via REMOTE_USER)
2. the time of authentication (AuthenticationInstant)
3. the method of authentication (AuthenticationMethod)
These values will be logged by the IdP along with other detailed
information regarding the authentication assertion it issues to the
SP. Does this help?
Tom
On 7/27/07, Simone Avogadro <> wrote:
> Thanks for the answer Scott!
> Here in Italy (and elsewhere in the world nowadays, I suppose) we have some
> laws which require us to track whom are we giving access to services and we
> try to do it in the most privacy-aware way
> do you have at hand any document/link that you belive might help us?
>
>
> -Simone
>
> --
> ------------------------------------------------------
> Simone Ing. Avogadro
> Wise-Lab S.r.l.
> via del Lavoro, 16 - 22100 Como (Italy)
> Email: simone.avogadro/at/wise-
> lab.it
> Tel/Fax: +39-031-526012
> Web: http://www.wise-lab.it
> ------------------------------------------------------
>
>
>
> Leggi l'informativa in base all'art.13 del D.lgs. 30 giugno 2003, 196 sul
> trattamento dei dati personali:
> http://www.wise-lab.it/switch/switch2Meta.jsp?meta=90
> 2007/7/26, Scott Cantor <>:
> > > we are going to setup a Shibboleth IdP and are considering which data
> to
> > > track during the authentication process
> > > in order to do this the auth application needs to know which shibbleth-
> > > session-id has been assigned to the authenticated user
> >
> > There is no such thing, the current IdP is nominally stateless and any
> > sessions are handled by the authentication component.
> >
> > -- Scott
> >
> >
> >
> >
>
>
- Custom logging in Shibbolth 1.3 IdP, Simone Avogadro, 07/26/2007
- RE: Custom logging in Shibbolth 1.3 IdP, Scott Cantor, 07/26/2007
- Message not available
- Re: Custom logging in Shibbolth 1.3 IdP, Simone Avogadro, 07/27/2007
- Re: Custom logging in Shibbolth 1.3 IdP, Tom Scavo, 07/27/2007
- Re: Custom logging in Shibbolth 1.3 IdP, Simone Avogadro, 07/30/2007
- Re: Custom logging in Shibbolth 1.3 IdP, Tom Scavo, 07/27/2007
- Re: Custom logging in Shibbolth 1.3 IdP, Simone Avogadro, 07/27/2007
Archive powered by MHonArc 2.6.16.