Introduction
...
Log
...
format
...
Log format
The F-TICKS format implemented by this log appender is a generalization of the eduroam F-TICKS format:
Code Block |
---|
'F-TICKS/' federationIdentifier '/' version *('#' attribute '=' value ) '#'
|
In SWAMID federationIdentifier
is 'SWAMID' and version
is '21.0'.
The attributes exposed are:
Name | Description |
---|---|
TS | the login time stamp |
RP | the relying party entityID |
AP | the asserting party entityID (typcially the IdP) |
PN | a sha256-hash of the local principal name and a unique key |
AM | the authentication method URN |
The
...
Pre-requisites
...
instruction is know to work for Shibboleth Identity Provider version
...
3.
...
1 or later.
...
...
Configuration
Configuration is done in loggingidp.xmlproperties:
Appender
Add an appender definition to logging.xml close to where the other appenders are (before the loggers).
Code Block | ||
---|---|---|
| ||
<appender name="IDP_FTICKS" class="net.nordu.logback.FTicksAppender">
<syslogHost>syslog.swamid.se</syslogHost>
<federationIdentifier>SWAMID</federationIdentifier>
<version>2.0</version>
<keyFile>/opt/shibboleth-idp/conf/fticks-key.txt</keyFile>
</appender>
|
Code Block | ||
---|---|---|
| ||
<appender name="IDP_FTICKS" class="net.nordu.logback.FTicksAppender">
<syslogHost>syslog.swamid.se</syslogHost>
<federationIdentifier>SWAMID</federationIdentifier>
<version>2.0</version>
<keyFile>C:/Program Files (x86)/Internet2/Shib2IdP/conf/fticks-key.txt</keyFile>
</appender>
|
Change the keyFile to point to where you want to store your random key for protecting local principal names.
Salt
Use the following command to generate a salt
Code Block |
---|
openssl rand -base64 36 2>/dev/null |
Warning |
---|
Do not lose this salt |
Warning |
Do not loose this file once you've started to generate logs |
...
. If this salt is lost or reset then all local principal names will appear to have changed to analysis tools so avoid this! |
Enable the
...
logging
Add the appender to the Shibboleth-Audit logger by changing
Code Block |
---|
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="IDP_AUDIT" />
</logger>
|
to
Code Block |
---|
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="IDP_AUDIT" />
<appender-ref ref="IDP_FTICKS" />
</logger>
|
This assumes that you haven't changed logging.xml from the default.
Build software
To build fticks, you need git, maven and Java JDK.
Code Block | ||
---|---|---|
| ||
# git clone git://github.com/leifj/ndn-shib-fticks.git
# cd ndn-shib-fticks
# mvn
... build finishes ...
|
Code Block | ||
---|---|---|
| ||
$ cd Desktop
$ git clone git://github.com/leifj/ndn-shib-fticks.git
$ cd ndn-shib-fticks
$ export JAVA_HOME="/c/Program Files (x86)/Java/jdk1.7.0_25"
$ /c/apache-maven-3.1.0/bin/mvn
... build finishes ...
|
The target directory should contain a jar-file. This is what you need for the next step.
Install software
Copy the jar-file to
Code Block | ||
---|---|---|
| ||
shibboleth-identity-provider-2.2.x/lib
|
Code Block | ||
---|---|---|
| ||
C:/Program Files (x86)/Internet2/Shib2IdPInstall/lib
|
...
following options to idp.properties
Code Block |
---|
idp.fticks.federation=SWAMID
idp.fticks.algorithm=SHA-256
idp.fticks.salt=<salt>
idp.fticks.loghost=syslog.swamid.se
|