The F-TICKS format implemented by this log appender is a generalization of the eduroam F-TICKS format:
'F-TICKS/' federationIdentifier '/' version *('#' attribute '=' value ) '#'
federationIdentifier is 'SWAMID' and
version is '1.0'.
The attributes exposed are:
the login time stamp
the relying party entityID
the asserting party entityID (typcially the IdP)
a sha256-hash of the local principal name and a unique key
the authentication method URN
The instruction is know to work for Shibboleth Identity Provider version 3.1 or later.
Configuration is done in idp.properties:
Use the following command to generate a salt
openssl rand -base64 36 2>/dev/null
Do not lose this salt once you've started to generate logs. If this salt is lost or reset then all local principal names will appear to have changed to analysis tools so avoid this!
Enable the logging
Add the following options to idp.properties
idp.fticks.federation=SWAMID idp.fticks.algorithm=SHA-256 idp.fticks.salt=<salt> idp.fticks.loghost=syslog.swamid.se