Page tree
Skip to end of metadata
Go to start of metadata

It is possible to nominate additional attributes to be logged in the audit log. This is useful for example when billing depends on a customer attribute or attribute received from an Identity Provider.

The attributes which are logged are defined in the uas.properties file:

/ubilogin-sso/webapps/uas/WEB-INF/uas.properties
whitelist.assertion-received = email organisation
whitelist.ticket-granted = email organisation
  • whitelist.assertion-received are attributes that are received from upstream IDP or authentication method (method attributes)
  • whitelist.ticket-granted are attributes that were sent to a connected application (Service Provider), as defined in the Authorization Policy.

The attribute names are delimited by a whitespace character.

The attribute values are logged within quotation marks (") and separated by commas. They appear before the User Agent value.

(existing audit log content),"example@example.com","Example, Inc.","Mozilla 5.0xxxxxxxxxx"

To enable the above configuration, the following commands must be run:

cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config"
tomcat\update.cmd
net stop ubilogin-server
net start ubilogin-server

Multi-value attributes are not supported. Only the first value of a multi-value attribute will be logged.

  • No labels