Uploaded image for project: 'Shibboleth IdP 2 - Java'
  1. Shibboleth IdP 2 - Java
  2. SIDP-203

Insufficient information logged to track down errant users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.1.0
    • Component/s: None
    • Labels:
      None
    • Java Version:
      Sun 1.5
    • Servlet Container:
      Apache Tomcat 5.5

      Description

      With default settings for logging on Shib 2.0 SP and Shib 2.0 IdP on RedHat, there is too little information to enable linking a session on the SP to a session on the IdP. There are no shared identifiers between the following log entries, other than the time stamp and that cannot be relied on. If a user misuses the resource, this means that the IdP cannot work out who this person was from information supplied by the SP.

      This bug will be duplicated for the SP as it affects both systems.

      Sample log entries:

      SP

      shid.log
      2008-07-04 12:38:16 INFO Shibboleth.SessionCache [26]: new session created: ID (_b2c31b4ed82daa948745cbcc110b2258) IdP (https://far-project.lse.ac.uk/shibboleth-idp) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (158.143.8.41)

      transaction.log
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: New session (ID: _b2c31b4ed82daa948745cbcc110b2258) with (applicationId: default) for principal from (IdP: https://far-project.lse.ac.uk/shibboleth-idp) at (ClientAddress: 158.143.8.41) with (NameIdentifier: _caec77a8594c1ecc9e1c0445815f4b8d) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: Cached the following attributes with session (ID: _b2c31b4ed82daa948745cbcc110b2258) for (applicationId: default) {
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: uid (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: unscoped-affiliation (2 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: eppn (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: organizationName (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: sn (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: affiliation (2 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: givenName (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: entitlement (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: ou (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: computedID (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: email (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: l (1 values)
      2008-07-04 12:38:16 INFO Shibboleth-TRANSACTION [26]: }

      IdP

      idp-process.log
      12:38:08.668 INFO [Shibboleth-Access:72] - 20080704T113808Z|158.143.8.41|far-project.lse.ac.uk:443|/profile/SAML2/Redirect/SSO|
      12:38:15.230 INFO [Shibboleth-Access:72] - 20080704T113815Z|158.143.8.41|far-project.lse.ac.uk:443|/profile/SAML2/Redirect/SSO|
      12:38:15.293 INFO [Shibboleth-Audit:557] - 20080704T113815Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_0e06becbc36df1b59fa1025377d9938a|https://far-project.lse.ac.uk/shibboleth-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://far-project.lse.ac.uk/shibboleth-idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_cab9d943427cde134eb065ccbe0f6917|marysmith|urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified||

      idp-audit.log
      20080704T113815Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_0e06becbc36df1b59fa1025377d9938a|https://far-project.lse.ac.uk/shibboleth-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://far-project.lse.ac.uk/shibboleth-idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_cab9d943427cde134eb065ccbe0f6917|marysmith|urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified||

      idp-access.log
      20080704T113808Z|158.143.8.41|far-project.lse.ac.uk:443|/profile/SAML2/Redirect/SSO|
      20080704T113815Z|158.143.8.41|far-project.lse.ac.uk:443|/profile/SAML2/Redirect/SSO|

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lajoie@georgetown.edu Chad La Joie
                Reporter:
                smcleish Simon McLeish
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: