Impersonation and uu line log in idp_audit
Francesco Malvezzi
francesco.malvezzi at unimore.it
Fri Aug 27 11:24:56 UTC 2021
thank you so much for the impersonation flow that works great.
Documentation [1] reads:
"If the policy allows access, the flow will:
[...]
add an audit field ("uu") containing the impersonating account so
that it can be recorded in the audit log"
The only log line about impersonation I can find is:
2021-08-27 11:53:27,806 - INFO
[net.shibboleth.idp.profile.interceptor:-2] - Impersonation by principal
'alice' as 'bob' to relying party 'my_relying_party'
in idp-process.log.
Unfortunately the IdP has been upgraded in-place since version 2.4.0 up
to 4.1.4 and I'm pretty sure some of the conf files date back to ancient
age.
So I pretty much suspect the ability to add the uu line in the logs is
coded in a file that it's not up-to-date because there was a small
conflict and upgrade process skipped it.
If you could point to some suspects I can merge by hand,
thank you,
Francesco
[1]
https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631718/ImpersonateInterceptConfiguration
More information about the users
mailing list