Logging the value of the id attribute of the <saml2p:Response> element

Wessel, Keith kwessel at illinois.edu
Mon Jun 15 15:11:55 UTC 2020

Thanks, Scott. Somehow, I missed the fact that this is defined in audit.xml. The configuration is clear now, and I see the item I was looking for right after the IdP entityID and response binding in the default audit log entry format.


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Monday, June 15, 2020 9:52 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Logging the value of the id attribute of the <saml2p:Response> element

On 6/15/20, 10:38 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> So, I assume that %msg is preconfigured for several of these tokens for the audit log entries. Is it best practice to just
> add to that, or is it recommended that we rebuild what currently comes out of %msg from these tokens?

The audit log format is controlled by audit.xml and adding or changing fields is done there. You can't add fields (other than a couple of minor exceptions) any other way.

-- Scott

For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list