Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

Shibboleth

Avatar Permanently deleted user
December 11, 2024 07:59
Follow
app-360000775529.png

 

 

General Description

The Shibboleth application normalizes Shibboleth events and enables you to analyze the data using reports. You can further customize the searches to perform in-depth analysis.

For LogPoint v6.7.0 or later For LogPoint v6.0.0 to v6.6.6

Release Details

Fields

Details

Name

Shibboleth

Version

5.0.1

Supported On

LogPoint v6.7.0 and later

Release Date

2020-05-14

Document Date

2020-05-14

Download

Shibboleth_5.0.1.pak

SHA256

a0c8608201dd7bed29bbbd49ba88238182a1fadef6adc7443ff82ed6532aed2d


Package Details

The application consists of the following components:

  1. Report Packages
    • LP_ShibbolethV2
    • LP_ShibbolethV3 
    • LP_Shibboleth Identity Provider 
  2. Compiled Normalizer
    • ShibbolethV2CompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the Shibboleth v5.0.1 application:

  1. Download the Shibboleth package from the Download section above.
  2. Add Shibboleth as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.

Supported Devices

The supported devices of Shibboleth with LogPoint in this configuration are:

  • Shibboleth v2.x, v3.x

Log Format

Expected Log Format

Syslog

Log Samples

<38>Apr 11 18:36:26 lp.dk [qtp1100439041-18] Shibboleth-Audit.SSO 20170411T163626Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b6be1a5696b56078697866ab58ab69a2|https://logpoint/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://logpoint|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8fa09988ea318874b6081a91766be4d2|username|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,memberOf|AAdzZWNyZXQxeCGywE3Jjc7i4FlyGwUsnfenYMGjsy1+hFraT3oe7VBpoyZeGMA9hsV6axlw60L7pMi9l9DEdmT/Anq2uYjqUSGawsaXHn9S16NMTmiYjVj6FQIMHrjkSfU4ZOPUEjUcvotdO1w=|_dba21a2cd72ebda095809fa1b94bad9f|

16:45:18.260 - WARN [org.opensaml.common.binding.security.IssueInstantRule:108] - Message was expired: message issue time was '2017-03-29T10:12:37.000Z', message expired at: '2017-03-29T10:18:37.000Z', current time: '2017-11-02T16:45:18.260Z'

16:45:18.261 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406] - Message did not meet security requirements

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Release Details

Fields

Details

Name

Shibboleth

Version

3.3.0

Supported On

LogPoint v6.0.0 to v6.6.6

Release Date

2020-05-14

Document Date

2020-05-14

Download

Shibboleth_3.3.0.pak

SHA256

41cb8f15641cc96f19d290c098501137f4ccff912a7b234fce0432e1e1e89d25


Package Details

The application consist of the following components:

  1. Report Packages
    • LP_ShibbolethV2
    • LP_ShibbolethV3 
    • LP_Shibboleth Identity Provider 
  2. Compiled Normalizer
    • ShibbolethV2CompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the Shibboleth v3.3.0 application:

  1. Download the Shibboleth package from the Download section above.
  2. Add Shibboleth as the required device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.

Supported Devices

The supported devices of Shibboleth with LogPoint in this configuration are:

  • Shibboleth v2.x, v3.x

Log Format

Expected Log Format

Syslog

Log Samples

<38>Apr 11 18:36:26 lp.dk [qtp1100439041-18] Shibboleth-Audit.SSO 20170411T163626Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b6be1a5696b56078697866ab58ab69a2|https://logpoint/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://logpoint|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8fa09988ea318874b6081a91766be4d2|username|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,memberOf|AAdzZWNyZXQxeCGywE3Jjc7i4FlyGwUsnfenYMGjsy1+hFraT3oe7VBpoyZeGMA9hsV6axlw60L7pMi9l9DEdmT/Anq2uYjqUSGawsaXHn9S16NMTmiYjVj6FQIMHrjkSfU4ZOPUEjUcvotdO1w=|_dba21a2cd72ebda095809fa1b94bad9f|

16:45:18.260 - WARN [org.opensaml.common.binding.security.IssueInstantRule:108] - Message was expired: message issue time was '2017-03-29T10:12:37.000Z', message expired at: '2017-03-29T10:18:37.000Z', current time: '2017-11-02T16:45:18.260Z'

16:45:18.261 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406] - Message did not meet security requirements

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.


Support

If you have any queries or require assistance, please feel free to contact our support team: 

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Article is closed for comments.

Related articles

  • Sidewinder Firewall
  • SAML Authentication
  • Symantec Security
  • A10 Networks
  • Microsoft Defender ATP
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.