[mitreid-connect] Audit logging?
Justin Richer
jricher at mit.edu
Mon Feb 2 08:25:15 EST 2015
We don't have a lot of formal audit logging built in to the system apart
from the system logger, which is configurable with the log4j.xml file.
We'd tried it with a previous version of the server (0.9 and 1.0) but it
was applied inconsistently and not very useful, so we pulled it out for
the latest stable release (1.1) so that we could re-think it and
reintroduce it to the next version (1.2). Which is to say, it's on our
to-do list for this version and we're open to ideas on how to implement
a proper structured audit system. I believe it would be beneficial to
coordinate our efforts so that the features and functionality you're
after get included into the main project and you'll be able to deploy
1.2.0 without modification (beyond configuration) when it's released.
-- Justin
On 2/2/2015 5:50 AM, Fredrik Jönsson wrote:
> Hi,
>
> We are looking into MitreID Conncet and I’ve currently got a 1.2.0-SNAPSHOT server up and running with Active Directory integration for UserInfo and CAS authentication.
>
> So far so good.
>
> A question so far, has anyone implemented some reasonable level of audit logging for a production environment, and how? Any suggestions? Would like to modify the code as little as possible of course.
>
> Best regards,
> /Fredrik
>
More information about the mitreid-connect
mailing list