[mitreid-connect] Audit logging?
Fredrik Jönsson
fjo at kth.se
Mon Feb 2 10:31:51 EST 2015
I can get org.springframework output, but org.mitre is pretty much not logging anything at all, at any level.
What I am primarily looking for is auditing from a Internet response team perspective, not application debugging. What we would need to be able to trace are typical authenticated actions (including Oauth clients), which in this case becomes pretty much who made what request with what result to most endpoints in the application.
I don’t have an awful lot of experience on how to achieve it though. It is done reasonably well from our perspective in the Jasig CAS server, I’ll check how it is done and if it’s a pattern one would want to reuse.
/Fredrik
> 2 feb 2015 kl. 14:25 skrev Justin Richer <jricher at mit.edu>:
>
> We don't have a lot of formal audit logging built in to the system apart from the system logger, which is configurable with the log4j.xml file. We'd tried it with a previous version of the server (0.9 and 1.0) but it was applied inconsistently and not very useful, so we pulled it out for the latest stable release (1.1) so that we could re-think it and reintroduce it to the next version (1.2). Which is to say, it's on our to-do list for this version and we're open to ideas on how to implement a proper structured audit system. I believe it would be beneficial to coordinate our efforts so that the features and functionality you're after get included into the main project and you'll be able to deploy 1.2.0 without modification (beyond configuration) when it's released.
>
> -- Justin
>
> On 2/2/2015 5:50 AM, Fredrik Jönsson wrote:
>> Hi,
>>
>> We are looking into MitreID Conncet and I’ve currently got a 1.2.0-SNAPSHOT server up and running with Active Directory integration for UserInfo and CAS authentication.
>>
>> So far so good.
>>
>> A question so far, has anyone implemented some reasonable level of audit logging for a production environment, and how? Any suggestions? Would like to modify the code as little as possible of course.
>>
>> Best regards,
>> /Fredrik
>>
>
More information about the mitreid-connect
mailing list