logging the SAML messages
David Bantz
dabantz at alaska.edu
Fri Apr 11 20:50:12 EDT 2014
Is there a straightforward way to include the unencrypted incoming and outgoing SAML assertion in logs?
The edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler logger
includes the unencrypted SAML assertion just prior to encryption and I’ve used that output
many times to document to Service Providers what I sent them, or in responding to claims
from end users and end user support concerning the attributes sent. But
1) I have a small number of SPs that cannot consume encrypted assertions; the assertion
isn’t added to the logs by that logger in those cases, and
2) that logger understandably does not include the incoming authN request.
The PROTOCOL_MESSAGE logger includes both the incoming request and the outgoing SAML assertion,
and it’s human-readable if unencrypted, but turning that on creates massive output, usually
not human-readable (encrypted).
Thanks for your suggestions,
David Bantz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140411/b84e6ef2/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140411/b84e6ef2/attachment-0001.bin
More information about the users
mailing list