...
To enable F-TICKS logging, set the idp.fticks.federation property to anything you choose.
...
if you want to selectively enable the feature, you can also set idp.fticks.condition to an ActivationCondition bean to apply to decide whether to run.
If you want to include hashed usernames in the output, you must also supply a secret random salt in the idp.fticks.salt property. Without a salt, usernames will not be included.
...
Properties are defined in idp.properties to customize various aspects of audit logging:
Property | Type | Default | Function |
|---|---|---|---|
idp.fticks.federation | String | Enables F-TICKS output and specifies the value of the federation-identifier field | |
idp.fticks.condition |
Bean ID | Optional bean name of a Predicate<ProfileRequestContext> to use to decide whether to run | ||
idp.fticks.algorithm | String | SHA-2 | Digest algorithm used to obscure usernames |
idp.fticks.salt | String | A salt to apply when digesting usernames (if not specified, the username will not be included) | |
idp.fticks.loghost | String | localhost | The remote syslog host |
idp.fticks.logport | String | 514 | The remote syslog port |