[mitreid-connect] Audit logging?

Justin Richer jricher at mit.edu
Mon Feb 2 08:25:15 EST 2015


We don't have a lot of formal audit logging built in to the system apart 
from the system logger, which is configurable with the log4j.xml file. 
We'd tried it with a previous version of the server (0.9 and 1.0) but it 
was applied inconsistently and not very useful, so we pulled it out for 
the latest stable release (1.1) so that we could re-think it and 
reintroduce it to the next version (1.2). Which is to say, it's on our 
to-do list for this version and we're open to ideas on how to implement 
a proper structured audit system. I believe it would be beneficial to 
coordinate our efforts so that the features and functionality you're 
after get included into the main project and you'll be able to deploy 
1.2.0 without modification (beyond configuration) when it's released.

  -- Justin

On 2/2/2015 5:50 AM, Fredrik Jönsson wrote:
> Hi,
>
> We are looking into MitreID Conncet and I’ve currently got a 1.2.0-SNAPSHOT server up and running with Active Directory integration for UserInfo and CAS authentication.
>
> So far so good.
>
> A question so far, has anyone implemented some reasonable level of audit logging for a production environment, and how? Any suggestions? Would like to modify the code as little as possible of course.
>
> Best regards,
> /Fredrik
>



More information about the mitreid-connect mailing list