Audit Saml request and saml response

nestle2377 · September 13, 2022, 9:49am

Hi to all, I’m searching a way to audit the saml request and saml response. My keycloak act like a SAML service provider and my goal is to have in audit log all the saml request made from service provider and the response returned from identity provider.

I activate the Events and insert all event related to identity provider but in log I can’t find these information, I also make some select in the event_entity table in my postgresql db but the information are the same.
finally in jboss I’ve put in debug all properties in logging.properties but with no result.

Is possible to do that? if not I’m thinking to use the event listener SPI to do that but I’m wondering if these information are available in that SPI.

any idea?

thanks!

nestle2377 · September 14, 2022, 8:13am

An update: I was able to retrieve these informations using the jboss logging adding this in jboss cli: /subsystem=logging/logger=org.keycloak.saml:add(level=DEBUG).

now in my server.log I’ve all the auth request and auth response. my goal is to have it on db and not on file. for your experience is better to use a custom log handler on jboss to write it on db or is possible via keycloak to have these informations using some keycloak properties?

thanks!

Topic		Replies	Views
How to setup event logging Configuring the server	7	11267	February 6, 2024
Keycloak as SP and Saml SSO integration Configuring the server	1	293	December 14, 2023
Any api for requesting saml assertions?	2	246	September 2, 2021
How does Keycloak verifies request id in saml response Getting advice authentication , saml	0	593	April 17, 2021
Keycloak as SP for SAML IDP Configuring the server saml	12	17368	November 14, 2021

Audit Saml request and saml response

Related Topics