Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:latest:logs [2019/08/21 22:01]
127.0.0.1 external edit
documentation:latest:logs [2019/10/03 17:11] (current)
coudot
Line 1: Line 1:
 ====== Logs ====== ====== Logs ======
  
-**REMOTE_USER** : session attribute used for logging user access.+===== Presentation =====
  
-**REMOTE_CUSTOM** : can be used for logging a second user attribute (optionnal+Main settings: 
- +  * **REMOTE_USER** : session attribute used for logging user access. 
-**Hidden attributes** : session attributes never displayed or sent+  * **REMOTE_CUSTOM** : can be used for logging a second user attribute (optional
 +  ​* ​**Hidden attributes** : session attributes never displayed or sent
  
 LemonLDAP::​NG provides 5 levels of error and has two kind of logs: LemonLDAP::​NG provides 5 levels of error and has two kind of logs:
Line 32: Line 33:
  
 Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, ''​General Parameters''​ > ''​Logging''​ > ''​REMOTE_USER''​. Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, ''​General Parameters''​ > ''​Logging''​ > ''​REMOTE_USER''​.
 +
 +===== User log samples =====
 +
 +Authentication:​
 +<​file>​
 +[notice] Session granted for clement.oudot by LDAP (81.20.13.21)
 +[notice] User clement.oudot.com successfully authenticated at level 2
 +[notice] clement.oudot connected
 +</​file>​
 +
 +Logout:
 +<​file>​
 +[notice] User clement.oudot has been disconnected from LDAP (81.20.13.21)
 +</​file>​
 +
 +Access to an SAML SP:
 +<​file>​
 +[notice] User clement.oudot is authorized to access to sp-example-entityid
 +[notice] SAML authentication response sent to SAML SP sp-example for clement.oudot
 +</​file>​
 +
 +Access to an OIDC RP:
 +<​file>​
 +[notice] User clement.oudot is authorized to access to rp-example
 +</​file>​
  
 ===== Default loggers ===== ===== Default loggers =====