Shibboleth Developers

["Scott Cantor" <>]

> I want to add some log information as following:
> 1. who access the sp and why(I wanna write down the resource he or she
> want to access and his or her username )

That's already in the web server's log. The username in the log will be
whatever was exported to REMOTE_USER, since there is no assumed notion of a
username in Shibboleth.

> 2. which idp provide the authentication and the authentication
> result(success or fail).

There is no "success or failure", because authorization is up to the web
server or application. The transaction log file already contains a record of
every session created, and includes the IdP that was used, the underlying
identifier that was provided and some other details. It also logs every
attribute that's received. It does not log values because that would put
sensitive data in the logs in some cases.

If you wanted to change what goes in that log, you can search for
"getTransactionLog" to find all the spots where information is written to
it.

-- Scott