3 Replies Latest reply: Oct 25, 2012 10:29 AM by Anil Saldhana RSS

PicketLink Audit Trails

Anil Saldhana Master

Pedro and I have been talking about creating PL audit trails.  I hope we can use this thread to come out with a format.

 

The PicketBox audit framework is available to make use of.  All we need to do is a PicketLink Audit Provider that can be configure via PBox.

 

A format I am thinking for the audit trail at the IDP would be:

 

 

[date]  [Username] [Action] [Resource]

 

28-04-12 03:00am anil  LOGIN  http://myidp

 

28-04-12 05:00am anil  LOGOUT  http://myidp

 

 

Something similar on the SP Side?

 

We are not talking of server logs here.  This is targeted audit trails.

 

JIRA: https://issues.jboss.org/browse/PLFED-305

  • 1. Re: PicketLink Audit Trails
    Pedro Igor Apprentice

    IMO, one important requirement for this auditing architecture is adopt a event driven architecture, where we could raise events for certain operations like when a token is issued, canceled, validated, revoked, some expception or condition occurs, etc.

     

    With an architecture like this we can think in using drools, for example, to apply some additional processing when some condition happens. Suppose we want to know when a certain user logs in based on informations contained in the saml assertion.

     

    Another important thing is that this can help PicketLink to provide some statistcs about the federation like: nr. tokens issued, canceled, loguts, revocations, unsuccesful authentications, statistics about users, etc. Maybe this can be persisted in a database.

     

    I think we can start coding something about this in PL 2.1.0.

  • 2. Re: PicketLink Audit Trails
    Anil Saldhana Master

    The PicketBox audit framework is based on auditevents.  So we can use it at specific locations in the codebase where events happen.

  • 3. Re: PicketLink Audit Trails
    Anil Saldhana Master

    Pedro, just wondering if we finished the auditing feature. My brains are rusty on this one.