Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1643

Feature request: configurable activationCondition for WriteFTICKSLog

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 4.1.0
    • Labels:
      None
    • Environment:

      Description

      Hi,

      As a federation, we (Tuakiri) are running a centralized log collection service for FTICKS logs - and are asking our members to configure their IdP to send the logs to us.

      However, some of our members would prefer to avoid sending us logs for connections to SPs outside our federation (where they have bilateral agreements) - which is perfectly reasonable.

      I have looked at available options and I have come up with a solution using the activationCondition on the WriteFTICKSLog bean defined in system/flows/saml/saml-abstract-beans.xml.

      I've done this by putting a new bean into conf/global.xml(alternatively conf/audit.xml) and then changing the definition of WriteFTICKSLog in system/flows/saml/saml-abstract-beans.xml to:

           <bean id="WriteFTICKSLog" class="net.shibboleth.idp.saml.audit.impl.WriteFTICKSLog" scope="prototype"
              p:activationCondition-ref="TuakiriFTicksCondition"
              p:federationId="#{'%{idp.fticks.federation:Undefined}'.trim()}"
              p:digestAlgorithm="#{'%{idp.fticks.algorithm:SHA-256}'.trim()}" p:salt="%{idp.fticks.salt:}" />
      

      However, this means changing a file under system/ ...

      I have not found a way to override WriteFTICKSLog without touching {{system/ }}- my understanding is this would take adding a public configurable parameter that beans defined under {{system/ }}- hence this feature request.

      Please let me know whether this can be considered.

      Thanks a lot in advance for getting back to me.

      Cheers,
      Vlad

       

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            tuakiriadmin-vmencl@virtualhome.tuakiri.ac.nz Vladimir Mencl
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: