Logging principal from the SAML proxy

[Wessel, Keith]

I'll take the hint and submit a couple of feature requests in the issue tracker after lunch. Apologies in advance if I miscategorize them again. Jira has gotten more screen reader friendly, but it's still not great.

Thanks,
Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Friday, January 7, 2022 11:49 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Logging principal from the SAML proxy

On 1/7/22, 12:01 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    Most of the authn flows in the IdP seem to log a message upon 
> completion or failure. For instance, the Kerberos and Duo flows log 
> the principal that authenticated upon success. I'm not seeing a 
> similar message from the SAML proxy authentication flow. Is there not one, or is there just some logging I need to adjust in my logback config?

No. There's a final step that records a success in a metric counter where something could be logged, but there's nothing being logged like the password flow does.

Operationally speaking, I don't run the SAML proxy flow, and probably never will (best guess), so in the longer term somebody involved with the project that does use it will be better positioned to help enhance it in ways that I tend to do for things I actually use.

Interestingly I don’t think the "finalize" step of all authentication outputs a true "principal XXX authenticated" message, which is kind of odd. Other than being duplicative of the password flow logging essentially a similar message there's no obvious reason not to log something there.

-- Scott


--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!uPLd4vP_MTcf70JppudFZG3F0l99esWrItndIxccn2Y1gHpP06eGPWx8MQeYvZwFCw$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net