audit log of Duo login

Cantor, Scott cantor.2 at
Fri Dec 11 11:34:12 EST 2015

On 12/11/15, 11:21 AM, "users on behalf of Doan, Tommy" <users-bounces at on behalf of tdoan at> wrote:

>Is there a way in the IdP audit log to capture the fact that a Duo login occurred, even when PasswordProtectedTransport is the method that is returned to the SP? By default, the audit log appears identical to when Duo is not required.

If you define a new audit field and plugin a bit of code to extract it.

>For testing and evaluation, I have two different configurations to require Duo login for different scenarios. I have one SP in the RelyingPartyByName configuration. This causes Duo to be required for anyone who logs into that SP. I also have a Mapped attribute that requires Duo when the criteria matches on this definition. It appears the relying party configuration (RelyingPartyByName) causes the authN context to be logged, but the attribute resolver configuration (Mapped attribute) does not. None of my SPs sends an RequestedAuthnContext.

None of that is material to what gets logged. It's logging the value returned in the assertion in every case, nothing else.

"Duo" is not an AuthnContextClassRef (and if anybody is defining it as one, don't, that's a bad idea for lots of reasons).

The system records which flow's AuthenticationResult is formally used to satisfy the request for authentication, but there's no audit field for that right now. Would make sense to have that I think.

The value is in ProfileRequestContext ->

-- Scott

More information about the users mailing list