The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
FTICKSLoggingConfiguration
- Scott Cantor
Current File(s): conf/logback.xml, conf/idp.properties
Format: Logback
This is a V3.2 feature.
Overview
F-TICKS is a standardized audit record format used by some federations for collection of federated login statistics.
It is supported natively but configured separately from the regular audit log because of its special requirements. It is enabled through the use of properties and logging output is configured in the usual manner, via logback.
General Configuration
To enable F-TICKS logging, set the idp.fticks.federation property to anything you choose.
If you want to include hashed usernames in the output, you must also supply a secret random salt in the idp.fticks.salt property. Without a salt, usernames will not be included.
By default, the only destination for these records is the general process log. The normal use for F-TICKS is to provide the logs to another system, so the logback.xml file includes an appender for a remote syslog. The hostname and port can be set via the idp.fticks.loghost and idp.fticks.logport properties.
Reference
Properties
Properties are defined in idp.properties to customize various aspects of audit logging:
| Property | Type | Default | Function |
|---|---|---|---|
| idp.fticks.federation | String | Â | Enables F-TICKS output and specifies the value of the federation-identifier field |
| idp.fticks.algorithm | String | SHA-2 | Digest algorithm used to obscure usernames |
| idp.fticks.salt | String | Â | A salt to apply when digesting usernames (if not specified, the username will not be included) |
| idp.fticks.loghost | String | localhost | The remote syslog host |
| idp.fticks.logport | String | 514 | The remote syslog port |