Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SAML assertion value in logs

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

07-11-2017

Hi All,

We have a requirement to audit SAML requests in logs (say request.log or some custom log), where we need to show one of the SAML assertion value in the logs for every request.

Can you please let me know if there there any OOTB or custom way to achieve this?

Example, if below is the assertion value,

   <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
   <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
   </saml:Attribute
>

We need to log test@example.com in every request log.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 50
Level 5
TundraSteve
Level 5

Likes

51 likes

Total Posts

442 posts

Correct Reply

57 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile

Avatar
Boost 50
Level 5
TundraSteve
Level 5

Likes

51 likes

Total Posts

442 posts

Correct Reply

57 solutions
Top badges earned
Boost 50
Boost 5
Boost 3
Boost 25
Boost 10
View profile
TundraSteve
Level 5

01-12-2017

Why would the request be the responsibilty of AEM?  AEM would be passing the assertion over to the SAML server that should be able to log the request

Answers (4)

Answers (4)

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

01-12-2017

This is not a documented use case - we will continue to check with the internal AEM team.

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

01-12-2017

Bumping this one again, can you guys let me know if there is any way?

Avatar

Avatar
Affirm 1
Employee
VarunV
Employee

Likes

0 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Affirm 1
View profile

Avatar
Affirm 1
Employee
VarunV
Employee

Likes

0 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Affirm 1
View profile
VarunV
Employee

08-11-2017

Hi Veera,

Did you try configuring a Logging Writer (on debug) for com.adobe.granite.auth.saml ? This might give you some basic details (not entirely).

THanks

Varun

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

08-11-2017

bumping up, any help ?