Shibboleth Developers

[Philip Brusten <>]

Hi,

I posted a feature request for the SP at the Jira: 
https://bugs.internet2.edu/jira/browse/SSPCPP-349
Scott suggested to open the discussion to this list, so hereby...

I'll repeat my suggestion, feel free to comment on this:

It would be nice if we had an audit-log similar to the audit log from the 
IdP. 
The transaction log already provides some useful information, but is not 
easily parseable and does not contain a useful identifier of the user (e.g. 
REMOTE_USER variable) 

idp-audit.log format: 
auditEventTime|requestBinding|requestId|relyingPartyId|messageProfileId|assertingPartyId|responseBinding|responseId|principalName|authNMethod|releasedAttributeId1,releasedAttributeId2,|nameIdentifier|assertion1ID,assertion2ID,|
 

I think, the SP audit log should contain at least the following fields 
delimited by a '|': 
- Authentication Time 
- SessionId 
- REMOTE_USER if any 
- Client IP address 
- Authentication Context Class 
- User-agent 
- Application id 
- entityID of SP 
- entityID of IdP 
- Protocol 
- Binding 
- filtered attribute IDs 

Regards,

Philip

PS: I'll be out of the office until monday