Logging OIDC response?

Jim Tomlinson jim7 at uw.edu
Thu Aug 5 18:44:39 UTC 2021 

Perfect; got just what I needed. Thanks!
---
Jim Tomlinson (he/him)
Software Engineer, Identity and Access Management
UW Information Technology
University of Washington

On 8/3/21, 5:18 AM, "Henri Mikkonen" <henri.mikkonen at csc.fi> wrote:

    Hi Jim,

    With the following logger element in the logback configuration, you should be able to log all the responses returned by the OIDC endpoints:

       <logger name="net.shibboleth.idp.plugin.oidc.op.encoding.impl.NimbusResponseEncoder" level="ALL" />

    Depending on the RP configuration, both id_token and user info response may be encrypted though, but with the most typical configurations they're not. You can exploit services such as jwt.io to get a human-readable version of id_token.

    BR,
    Henri.

    ----- Original Message -----
    From: "Jim Tomlinson" <jim7 at uw.edu>
    To: "Shib Users" <users at shibboleth.net>
    Sent: Thursday, 29 July, 2021 21:56:33
    Subject: Logging OIDC response?

    I'm obviously looking in all the wrong docs; a pointer would be appreciated.
    I'm trying to diagnose an issue an OIDC client is having with our Shib 4.1.0 IdP's auth response (they're receiving a multi-value claim as a space-separated list, rather than a JSON array, and yeah, I've specified "asArray="true" in the AttributeEncoder element). I'm having problems getting the IdP to fully log that response, unencrypted. I've cranked pretty much everything up to TRACE in logback.xml (including net.shibboleth.oidc.attribute.transcoding, net.shibboleth.oidc.jwk.support, net.shibboleth.oidc.security.jwt.claims.impl, net.shibboleth.oidc.metadata.impl and net.shibboleth.oidc.metadata.keyinfo.ext.impl.provider), to no avail.
    Any pointers on how to accomplish that? Thanks.
    ---
    Jim Tomlinson (he/him)
    Software Engineer, Identity and Access Management
    UW Information Technology
    University of Washington


    -- 
    For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list