Input to audit logging of authentication flows

Cantor, Scott cantor.2 at osu.edu
Wed Dec 7 17:04:52 UTC 2022


Hi all,

This is just a call for feedback on what people would be interested in seeing logged (or at least built-in so possible to log) in a new audit enhancement.

Phil came up with a clean way to add audit logging to the various login flows (a thing people constantly asked for that I couldn't see a way to do), so I'm finishing up that feature for 4.3 and just want to make sure we include any fields people might want.

Feedback is preferred in Jira at
https://shibboleth.atlassian.net/browse/IDP-2039
rather than a big email thread, I just want to bring it to people's attention.

Not everything is that easy to get, but if it's reasonable, we can at least wire it in so people don't have to do extra work to get things added.

Right now each flow has its own audit format, but they're all roughly similar to each other and just differ in a few places (e.g. most flows log a username but X.509 flows log the cert subject/issuer).

Roughly, they all include:

IP address
Timestamp
requesting SP
Session ID if any
Login flow ID
Username
Error event or Success
User Agent

Password also logs the credential validator bean that was used.

The fields are extensible like in the normal audit layer but there are more limitations since there's only so much information available, but as I say if something else obvious is useful I can include it or at least make sure it's easy to enable.

-- Scott




More information about the users mailing list