Shibboleth Developers

[Chad La Joie <>]

Jeff, if you turn on debug logging for OpenSAML (org.opensaml) you'll
get all the SAML messages (incoming and outgoing).


 wrote:
> That looks like Shib 1.3 stuff, and I guess I didn't make it clear, but
> I'm curious about Shib 2.0 beta logging.  I am familiar with the logging
> levels in Shib 1.3. 
>  
> Thanks,
> Jeff
>  
> 
> ________________________________
> 
> From: Bill Doster 
> [mailto:]
>  
> Sent: Thursday, September 20, 2007 4:29 PM
> To: 
> 
> Cc: Bill Doster
> Subject: Re: Shibboleth IDP Logging?
> 
> 
> On Sep 20, 2007, at 16:17 , 
> <>
>  wrote:
> 
>       Where (or how) do I get the IDP to start logging things like
> assertions
>       generated?  I can see the assertions that arrive on the
> Shibboleth SP
>       via it's logfiles, but I don't see anywhere that I am logging
> what was
>       sent on the IDP.  Do I simply need to change the loglevel for
> the audit
>       log?  If so, is there any place on the Wiki that defines what
> data I get
>       at the various log levels?
> 
> 
> Well, on my dev IdP I get the following:
> 
> in IdP shib-access.log:
> 2007-08-29 09:34:43,621 Attribute assertion generated for provider
> (null) on behalf of principal (billdo) with the following attributes:
> (urn:mace:dir:attribute-def:eduPersonEntitlement)(urn:mace:dir:attribute
> -def:displayName)(urn:mace:dir:attribute-def:eduPersonPrincipalName)
> 2007-08-29 09:34:43,621 Attribute assertion
> (_47609c632994d15767a14d49c554a61c) issued to anonymous provider at
> (141.213.231.220) on behalf of principal (billdo).
> 
> and in IdP shib-error.log:
> 2007-08-29 09:34:43,621 INFO  [IdP] 411510098
> - Found 3 attribute(s) for billdo
> 2007-08-29 09:34:43,631 DEBUG [IdP] 411510098
> - Dumping generated SAML Response:
> <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> InResponseTo="_cc363068a5107daf6e9aa990e864cda3"
> IssueInstant="2007-08-29T13:34:43.621Z" MajorVersion="1"
> MinorVersion="1"
> ResponseID="_b983e52fe64aac743473eb8d9ff92b58"><Status><StatusCode
> Value="samlp:Success"></StatusCode></Status><Assertion
> xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> AssertionID="_47609c632994d15767a14d49c554a61c"
> IssueInstant="2007-08-29T13:34:43.621Z"
> Issuer="https://billdo-wsvr.staff.itd.umich.edu/shibboleth/testshib/idp";
> MajorVersion="1" MinorVersion="1"><Conditions
> NotBefore="2007-08-29T13:34:43.621Z"
> NotOnOrAfter="2007-08-29T14:04:43.621Z"><AudienceRestrictionCondition><A
> udience>urn:mace:shibboleth:testshib</Audience><Audience>https://billdo-
> sp.us.itd.umich.edu/shibboleth/testshib/sp</Audience><!
>  
> /AudienceRestrictionCondition></Conditions><AttributeStatement><Subject>
> <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier"
> NameQualifier="https://billdo-wsvr.staff.itd.umich.edu/shibboleth/testsh
> ib/idp">_4dd05d2f659c49ade48b1b1b9b9b239c</NameIdentifier></Subject><Att
> ribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement"
> AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><Att
> ributeValue>1</AttributeValue></Attribute><Attribute
> AttributeName="urn:mace:dir:attribute-def:displayName"
> AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><Att
> ributeValue>William A Doster</AttributeValue></Attribute><Attribute
> AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
> AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><Att
> ributeValue>billdo</AttributeValue></Attribute></AttributeStatement></As
> sertion></Response>
> 2007-08-29 09:34:43,632 INFO  [IdP] 411510098
> - Successfully created response for principal (billdo).
> 
> You get the attribute count logging at an "INFO" level.  You need
> "DEBUG" to get the actual attribute names and the dump of the SAML
> response.
> 

-- 
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124