Custom Attribute in Audit Log

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Custom Attribute in Audit Log

Justin Andrews
Hi folks - I realize this has been asked once or twice and forgive me I haven't looked at Shibboleth config recently... I'm looking to add a specific attribute that is resolved for each user in the audit log. I see the skeletal example in the wiki, but I just don't understand what I am to use as a value. It mentions the value should be a "Function<ProfileRequestContext,Object> instance" - but quite honestly I don't know exactly what that means. Specifically I'd like to put the uid attribute in the audit log (which is different than the %u already present.) Thanks for any guidance.

Justin

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Custom Attribute in Audit Log

Cantor, Scott E.
On 5/2/18, 8:40 PM, "users on behalf of Justin Andrews" <[hidden email] on behalf of [hidden email]> wrote:

> It mentions the value should be a "Function<ProfileRequestContext,Object> instance" - but quite honestly I don't know
> exactly what that means.

http://google.github.io/guava/releases/23.0/api/docs/com/google/common/base/Function.html

Java interface. We have examples of scripted functions and other shorthand ways to provide them scattered around the wiki, and actual examples of functions deriving audit values in audit-system.xml

>  Specifically I'd like to put the uid attribute in the audit log (which is different than the %u already present.)

You need a Function that walks into the context tree down to the AttributeContext to pull out a specific IdPAttribute and then (I guess) assumes there's one value at most to pull out.

ProfileRequestContext -> RelyingPartyContext -> AttributeContext

Any of the maps of extractors that are later in the sequence (post-assertion, for example) would be late enough.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Custom Attribute in Audit Log

Justin Andrews
Thank you!

On Wed, May 2, 2018 at 8:49 PM Cantor, Scott <[hidden email]> wrote:
On 5/2/18, 8:40 PM, "users on behalf of Justin Andrews" <[hidden email] on behalf of [hidden email]> wrote:

> It mentions the value should be a "Function<ProfileRequestContext,Object> instance" - but quite honestly I don't know
> exactly what that means.

http://google.github.io/guava/releases/23.0/api/docs/com/google/common/base/Function.html

Java interface. We have examples of scripted functions and other shorthand ways to provide them scattered around the wiki, and actual examples of functions deriving audit values in audit-system.xml

>  Specifically I'd like to put the uid attribute in the audit log (which is different than the %u already present.)

You need a Function that walks into the context tree down to the AttributeContext to pull out a specific IdPAttribute and then (I guess) assumes there's one value at most to pull out.

ProfileRequestContext -> RelyingPartyContext -> AttributeContext

Any of the maps of extractors that are later in the sequence (post-assertion, for example) would be late enough.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]