Logging the value of the id attribute of the <saml2p:Response> element
kwessel at illinois.edu
Fri Jun 12 22:14:00 UTC 2020
We have a vendor who is trying to correlate various logins to their SP with our IdP logs for security reasons. It's not straightforward for them to give us an attribute from the assertion to correlate, and IP addresses of the client aren't always useful. They do log what they're calling the IdP session ID -- the value of the id attribute on the <saml2p:Response> outer element.
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="_24627358d5d6b88f6c06fd8d6e98d234" InResponseTo="_33cc3bb203b6f8e9e78dbbf51b7bea52" IssueInstant="2020-06-12T16:37:41.421Z" Version="2.0">
I see that the last column of the IdP audit log contains the id of the assertion element, but the id of the response element doesn't seem to get logged. Is there a way I can easily get this particular value into my audit logs? Or is there a reason I wouldn't want to log and correlate off of this value?
More information about the users