Shibboleth Developers

[Chad La Joie <>]

I agree with pretty much all of that.  One question I have though is
what you think you'd use the user-agent for?

I'd also suggest adding a field that indicates whether the request
errored out somehow (as far as the SP is concerned).  The error itself
can still be in the normal shibd log, but just a T/F indicator in the
audit log would help with reporting.

On 2/8/11 4:28 PM, Philip Brusten wrote:
> Hi,
> 
> I posted a feature request for the SP at the Jira: 
> https://bugs.internet2.edu/jira/browse/SSPCPP-349
> Scott suggested to open the discussion to this list, so hereby...
> 
> I'll repeat my suggestion, feel free to comment on this:
> 
> It would be nice if we had an audit-log similar to the audit log from the 
> IdP. 
> The transaction log already provides some useful information, but is not 
> easily parseable and does not contain a useful identifier of the user (e.g. 
> REMOTE_USER variable) 
> 
> idp-audit.log format: 
> auditEventTime|requestBinding|requestId|relyingPartyId|messageProfileId|assertingPartyId|responseBinding|responseId|principalName|authNMethod|releasedAttributeId1,releasedAttributeId2,|nameIdentifier|assertion1ID,assertion2ID,|
>  
> 
> I think, the SP audit log should contain at least the following fields 
> delimited by a '|': 
> - Authentication Time 
> - SessionId 
> - REMOTE_USER if any 
> - Client IP address 
> - Authentication Context Class 
> - User-agent 
> - Application id 
> - entityID of SP 
> - entityID of IdP 
> - Protocol 
> - Binding 
> - filtered attribute IDs 
> 
> Regards,
> 
> Philip
> 
> PS: I'll be out of the office until monday

-- 
Chad La Joie
http://itumi.biz
trusted identities, delivered