The more SAML-oriented fields that are supported out of the box are as follows (note that not every field is always populated; that depends on the timing of errors and the specific transaction being audited): Field | Description |
|---|
SP | Service provider name | IDP | Identity provider name | p | Protocol | b | Inbound binding | bb | Outbound binding | RS 4.1 | RelayState | n | NameID value | f | NameID format | SPQ | NameID SPNameQualifier | pf | NameIDPolicy required format | PSPQ | NameIDPolicy required SPNameQualifier | i | Assertion ID | d | Assertion timestamp | I | Inbound message ID | D | Inbound message timestamp | II | InResponseTo | III | Outbound message ID | DD | Outbound message timestamp | t | AuthenticationInstant | x | SessionIndex | ac | AuthenticationContext | S | Status code | SS | Sub-status code | SM | Status message | pasv | IsPassive | fauth | ForceAuthn | SCC 4.2 | Scoping ProxyCount from an AuthnRequest | SCI 4.2 | Scoping IdP list from an AuthnRequest | SCR 4.2 | Scoping Requester ID(s) from an AuthnRequest | PRC 4.2 | ProxyRestriction ProxyCount | PRA 4.2 | ProxyRestriction Audiences | XX | Signed inbound messages | X | Encrypted assertions | XA | Encryption algorithm |
|