Logging attributes to audit log - SSO
It is possible to nominate additional attributes to be logged in the audit log. This is useful for example when billing depends on a customer attribute or attribute received from an Identity Provider.
The attributes which are logged are defined in the uas.properties
file:
whitelist.assertion-received = email organisation whitelist.ticket-granted = email organisation
- whitelist.assertion-received are attributes that are received from upstream IDP or authentication method (method attributes)
- whitelist.ticket-granted are attributes that were sent to a connected application (Service Provider), as defined in the Authorization Policy.
The attribute names are delimited by a whitespace character.
The attribute values are logged within quotation marks (") and separated by commas. They appear before the User Agent value.
(existing audit log content),"example@example.com","Example, Inc.","Mozilla 5.0xxxxxxxxxx"
To enable the above configuration, the following commands must be run:
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config" tomcat\update.cmd net stop ubilogin-server net start ubilogin-server
Multi-value attributes are not supported. Only the first value of a multi-value attribute will be logged.
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.