Impersonation and uu line log in idp_audit

Francesco Malvezzi francesco.malvezzi at
Fri Aug 27 11:24:56 UTC 2021

thank you so much for the impersonation flow that works great.

Documentation [1] reads:

"If the policy allows access, the flow will:

    add an audit field ("uu") containing the impersonating account so
that it can be recorded in the audit log"

The only log line about impersonation I can find is:

2021-08-27 11:53:27,806 - INFO
[net.shibboleth.idp.profile.interceptor:-2] - Impersonation by principal
'alice' as 'bob' to relying party 'my_relying_party'

in idp-process.log.

Unfortunately the IdP has been upgraded in-place since version 2.4.0 up
to 4.1.4 and I'm pretty sure some of the conf files date back to ancient

So I pretty much suspect the ability to add the uu line in the logs is
coded in a file that it's not up-to-date because there was a small
conflict and upgrade process skipped it.

If you could point to some suspects I can merge by hand,

thank you,



More information about the users mailing list