Shibboleth Developers

[Philip Brusten <>]

On 9-2-2011 16:11, Cantor, Scott E. wrote:
[...]
> > OTOH I can not thinkof any good use of User-Agent and Protocol (should that
> > mean http/https?) fields, IMO these would only generate noise. SP entityID
> > seems to be redundant with the application id, if that's true, I'd keep the
> > application id.
> Agree with the latter
EntityID is useful if you analyse the logs outside the context of that 
SP. In that case the SP entityID says more than applicationID which is 
just an internal mapping.
> , but Protocol presumably means SSO protocol, which I believe I track now, 
> and I think is useful for troubleshooting. User-Agent I'm not sure about, but 
> I think that in many cases people don't log it in their web server, so I 
> think it might be useful.
Indeed, I was pointing at the SSO protocol.
User-Agent is easy for end-user support. The first thing I usually ask 
when a user has trouble logging into an application is to try a 
different browser, that way it would be easy to verify. But in a way 
it's not strictly necessary.

[...]
> I think I would probably end up creating something that was pattern-based and 
> allowed people to specify how they wanted the fields ordered, or omitted, and 
> then created log output through the existing library.
Seems like a very good idea. You could do it the Apache-way, with a 
default common log format.

Philip