You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Oliver Wulff <ow...@talend.com> on 2012/08/31 09:10:02 UTC

Audit log for STS

Hi there

I'd like to add some sort of audit log. In our environment the STS is used in all sort of use cases where it's helpful to see whether requests were successful or failed and what kind of RST it was.

Therefore I'd like to add an AuditLog class to the STS which is a Map with the following content:
   REQUEST_TYPE: issue/validate/....
   STATUS: successful, failed
   TOKEN_TYPE: SAML/bst
   WSS_TOKEN: UT/BST/ST/X509
   ONBEHALFOF_TOKEN:
   ACTAS_TOKEN:
   VALIDATE_TOKEN:
   APPLIES_TO:
   CLAIMS_REQUESTED:
   ???

Eeach entry is of type a class with a "value" and "properties" attribute. The attribute "value" contains values like "issue, validate, successful, failed, SAML token". The attribute "properties" is of type Properties where you can add whatever you want dependent on the token for instance.

Maybe in the future, you could configure which properties are for auditing purposes and which for logging purposes.

WDYT?

Thanks
Oli




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division http://www.talend.com

Re: Audit log for STS

Posted by Colm O hEigeartaigh <co...@apache.org>.

Sure, sounds good to me.

Colm.

On Fri, Aug 31, 2012 at 8:10 AM, Oliver Wulff <ow...@talend.com> wrote:

> Hi there
>
> I'd like to add some sort of audit log. In our environment the STS is used
> in all sort of use cases where it's helpful to see whether requests were
> successful or failed and what kind of RST it was.
>
> Therefore I'd like to add an AuditLog class to the STS which is a Map with
> the following content:
>    REQUEST_TYPE: issue/validate/....
>    STATUS: successful, failed
>    TOKEN_TYPE: SAML/bst
>    WSS_TOKEN: UT/BST/ST/X509
>    ONBEHALFOF_TOKEN:
>    ACTAS_TOKEN:
>    VALIDATE_TOKEN:
>    APPLIES_TO:
>    CLAIMS_REQUESTED:
>    ???
>
> Eeach entry is of type a class with a "value" and "properties" attribute.
> The attribute "value" contains values like "issue, validate, successful,
> failed, SAML token". The attribute "properties" is of type Properties where
> you can add whatever you want dependent on the token for instance.
>
> Maybe in the future, you could configure which properties are for auditing
> purposes and which for logging purposes.
>
> WDYT?
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com