Logging principal from the SAML proxy

Cantor, Scott cantor.2 at osu.edu
Fri Jan 7 17:49:01 UTC 2022

On 1/7/22, 12:01 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    Most of the authn flows in the IdP seem to log a message upon completion or failure. For instance, the
> Kerberos and Duo flows log the principal that authenticated upon success. I'm not seeing a similar message
> from the SAML proxy authentication flow. Is there not one, or is there just some logging I need to adjust in my
> logback config?

No. There's a final step that records a success in a metric counter where something could be logged, but there's nothing being logged like the password flow does.

Operationally speaking, I don't run the SAML proxy flow, and probably never will (best guess), so in the longer term somebody involved with the project that does use it will be better positioned to help enhance it in ways that I tend to do for things I actually use.

Interestingly I don’t think the "finalize" step of all authentication outputs a true "principal XXX authenticated" message, which is kind of odd. Other than being duplicative of the password flow logging essentially a similar message there's no obvious reason not to log something there.

-- Scott

More information about the users mailing list