The UKf helpdesk were passed idp-process.log to assist an debugging IdP configuration problem, and I noticed this line close to the ERROR:
2016-09-29 16:50:17,567 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.dc.impl.BaseComputedIDDataConnectorParser:80] - Data Connector 'myStoredId': Generated Attribute: 'persistentID', sourceAttribute = 'uid', salt (or property): '*** redacted ***'
From an opsec point of view, I would not expect the salt to be logged. However, from an application development point of view, https://issues.shibboleth.net/jira/browse/IDP-771 and https://issues.shibboleth.net/jira/browse/IDP-982 were both diagnosed specifically because the DEBUG log has the salt in them.
Not sure what to make of this, so flagging it up here.