Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

SAML assertion value in logs

Veera_kandregul
Level 3
Level 3

Hi All,

We have a requirement to audit SAML requests in logs (say request.log or some custom log), where we need to show one of the SAML assertion value in the logs for every request.

Can you please let me know if there there any OOTB or custom way to achieve this?

Example, if below is the assertion value,

   <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
   <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
   </saml:Attribute
>

We need to log test@example.com in every request log.

1 Accepted Solution
TundraSteve
Correct answer by
Level 8
Level 8

Why would the request be the responsibilty of AEM?  AEM would be passing the assertion over to the SAML server that should be able to log the request

View solution in original post

0 Replies
VarunV
Employee
Employee

Hi Veera,

Did you try configuring a Logging Writer (on debug) for com.adobe.granite.auth.saml ? This might give you some basic details (not entirely).

THanks

Varun

Veera_kandregul
Level 3
Level 3

Bumping this one again, can you guys let me know if there is any way?

smacdonald2008
Level 10
Level 10

This is not a documented use case - we will continue to check with the internal AEM team.

TundraSteve
Correct answer by
Level 8
Level 8

Why would the request be the responsibilty of AEM?  AEM would be passing the assertion over to the SAML server that should be able to log the request

View solution in original post