Pedro and I have been talking about creating PL audit trails. I hope we can use this thread to come out with a format.
The PicketBox audit framework is available to make use of. All we need to do is a PicketLink Audit Provider that can be configure via PBox.
A format I am thinking for the audit trail at the IDP would be:
[date] [Username] [Action] [Resource]
28-04-12 03:00am anil LOGIN http://myidp
28-04-12 05:00am anil LOGOUT http://myidp
Something similar on the SP Side?
We are not talking of server logs here. This is targeted audit trails.
IMO, one important requirement for this auditing architecture is adopt a event driven architecture, where we could raise events for certain operations like when a token is issued, canceled, validated, revoked, some expception or condition occurs, etc.
With an architecture like this we can think in using drools, for example, to apply some additional processing when some condition happens. Suppose we want to know when a certain user logs in based on informations contained in the saml assertion.
Another important thing is that this can help PicketLink to provide some statistcs about the federation like: nr. tokens issued, canceled, loguts, revocations, unsuccesful authentications, statistics about users, etc. Maybe this can be persisted in a database.
I think we can start coding something about this in PL 2.1.0.