SAML assertion value in logs | Community
Skip to main content
Veera_kandregul
Veera_kandregul
Level 2
November 7, 2017
Solved

SAML assertion value in logs

  • November 7, 2017
  • 5 replies
  • 3172 views

Hi All,

We have a requirement to audit SAML requests in logs (say request.log or some custom log), where we need to show one of the SAML assertion value in the logs for every request.

Can you please let me know if there there any OOTB or custom way to achieve this?

Example, if below is the assertion value,

   <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
   <saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
   </saml:Attribute>

We need to log test@example.com in every request log.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by user7587541

Why would the request be the responsibilty of AEM?  AEM would be passing the assertion over to the SAML server that should be able to log the request

5 replies

Veera_kandregul
Veera_kandregulAuthor
Level 2
November 8, 2017

bumping up, any help ?

V
Adobe Employee
vvenkataAdobe Employee
Adobe Employee
November 8, 2017

Hi Veera,

Did you try configuring a Logging Writer (on debug) for com.adobe.granite.auth.saml ? This might give you some basic details (not entirely).

THanks

Varun

Veera_kandregul
Veera_kandregulAuthor
Level 2
December 2, 2017

Bumping this one again, can you guys let me know if there is any way?

smacdonald2008
smacdonald2008
Level 10
December 2, 2017

This is not a documented use case - we will continue to check with the internal AEM team.

U
Adobe Employee
user7587541Adobe EmployeeAccepted solution
Adobe Employee
December 2, 2017

Why would the request be the responsibilty of AEM?  AEM would be passing the assertion over to the SAML server that should be able to log the request

Terms & ConditionsAccessibility statement

Loading footer...