3 Replies Latest reply on Oct 25, 2012 10:29 AM by anil.saldhana

    PicketLink Audit Trails


      Pedro and I have been talking about creating PL audit trails.  I hope we can use this thread to come out with a format.


      The PicketBox audit framework is available to make use of.  All we need to do is a PicketLink Audit Provider that can be configure via PBox.


      A format I am thinking for the audit trail at the IDP would be:



      [date]  [Username] [Action] [Resource]


      28-04-12 03:00am anil  LOGIN  http://myidp


      28-04-12 05:00am anil  LOGOUT  http://myidp



      Something similar on the SP Side?


      We are not talking of server logs here.  This is targeted audit trails.


      JIRA: https://issues.jboss.org/browse/PLFED-305

        • 1. Re: PicketLink Audit Trails

          IMO, one important requirement for this auditing architecture is adopt a event driven architecture, where we could raise events for certain operations like when a token is issued, canceled, validated, revoked, some expception or condition occurs, etc.


          With an architecture like this we can think in using drools, for example, to apply some additional processing when some condition happens. Suppose we want to know when a certain user logs in based on informations contained in the saml assertion.


          Another important thing is that this can help PicketLink to provide some statistcs about the federation like: nr. tokens issued, canceled, loguts, revocations, unsuccesful authentications, statistics about users, etc. Maybe this can be persisted in a database.


          I think we can start coding something about this in PL 2.1.0.

          • 2. Re: PicketLink Audit Trails

            The PicketBox audit framework is based on auditevents.  So we can use it at specific locations in the codebase where events happen.

            • 3. Re: PicketLink Audit Trails

              Pedro, just wondering if we finished the auditing feature. My brains are rusty on this one.