Introduction
...
Log
...
format
...
Log format
The F-TICKS format implemented by this log appender is a generalization of the eduroam F-TICKS format:
Code Block |
---|
'F-TICKS/' federationIdentifier '/' version *('#' attribute '=' value ) '#'
|
In SWAMID federationIdentifier
is 'SWAMID' and version
is '21.0'.
The attributes exposed are:
Name | Description |
---|---|
TS | the login time stamp |
RP | the relying party entityID |
AP | the asserting party entityID (typcially the IdP) |
PN | a sha256-hash of the local principal name and a unique key |
AM | the authentication method URN |
...
Pre-requisites
The instruction is know to work for Shibboleth Identity Provider version
...
3.
...
1 or later
...
.
...
Configuration
Configuration is done in loggingidp.xmlproperties:
Appender
Salt
Use the following command to generate a saltAdd an appender definition to logging.xml close to where the other appenders are.
Code Block |
---|
<appender name="IDP_FTICKS" class="net.nordu.logback.FTicksAppender">
<syslogHost>syslog.swamid.se</syslogHost>
<federationIdentifier>SWAMID</federationIdentifier>
<version>2.0</version>
<keyFile>/opt/shibboleth-idp/conf/fticks-key.txt</keyFile>
</appender>
|
Change the keyFile to point to where you want to store your random key for protecting local principal names.
openssl rand -base64 36 2>/dev/null |
Warning |
---|
Do not lose this salt |
Warning |
Do not loose this file once you've started to generate logs |
...
. If this salt is lost or reset then all local principal names will appear to have changed to analysis tools so avoid this! |
Enable the
...
logging
Add the appender to the Shibboleth-Audit logger by changing
Code Block |
---|
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="IDP_AUDIT" />
</logger>
|
to
Code Block |
---|
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="IDP_AUDIT" />
<appender-ref ref="IDP_FTICKS" />
</logger>
|
This assumes that you haven't changed logging.xml from the default.
Build software
To build fticks, you need git, maven and Java JDK.
Code Block |
---|
# git clone git://github.com/leifj/ndn-shib-fticks.git
# cd ndn-shib-fticks
# mvn
... build finishes ...
|
The target directory should contain a jar-file. This is what you need for the next step.
Install software
...
following options to idp.properties
Code Block |
---|
idp.fticks.federation=SWAMID
idp.fticks.algorithm=SHA-256
idp.fticks.salt=<salt>
idp.fticks.loghost=syslog.swamid.se
|