Provide extendend SAML logging (like SAMLDefaultLogger)

[habizzle]

Expected Behavior

We would like to have the possibility to easily log SAML responses as with the (previous) SAMLLogger-API.

Current Behavior

We did not find a "standard" way of logging details of the SAML response.

Context

We are currently migrating from Spring Security SAML Extension to the new Spring Security Service Provider library. We have used a SAMLDefaultLogger bean to have an extensive logging of the SAML response (e.g. in the old SAMLAuthenticationProvider). In the new library we did not find something like the old SAMLLogger-API and in the new OpenSamlAuthenticationProvider, the logger does only log pretty basic information.

Are you planning to port this feature or do you recommend overriding e.g. the AuthenticationProvider for adding more logging? Thanks!

[jzheaux]

do you recommend overriding e.g. the AuthenticationProvider for adding more logging?

Hi, @habizzle. Can you tell me more about what you are trying to do? I ask since it's not clear to me how introducing a logging component will change the log detail level.

only log pretty basic information

Should the authentication provider log more advanced information and if so, where? If you and I can come to an agreement on that, the best solution could be a PR so that everyone gets the benefit of additional detail.

[spring-projects-issues]

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

[mjanczykowski]

The old library allowed to log full SAML requests and responses to server logs. It was useful for investigating issues with SAML login reported by customers (in my case we integrate with our customer's Identity Providers).

[jzheaux]

Sorry for the delay, @mjanczykowski. I think adding requests and responses to trace logging sounds reasonable.