Shibboleth

Release Details

Package Details

The application consists of the following components:

1. Report Packages
   
   • LP_ShibbolethV2
   • LP_ShibbolethV3 
   • LP_Shibboleth Identity Provider 
2. Compiled Normalizer
   
   • ShibbolethV2CompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the Shibboleth v5.0.1 application:

1. Download the Shibboleth package from the Download section above.
2. Add Shibboleth as the required device in LogPoint.
3. Create a collection policy with the Syslog collector and appropriate processing policy. 
4. Assign the policy to the device.

Supported Devices

The supported devices of Shibboleth with LogPoint in this configuration are:

• Shibboleth v2.x, v3.x

Log Format

Expected Log Format

Syslog

Log Samples

<38>Apr 11 18:36:26 lp.dk [qtp1100439041-18] Shibboleth-Audit.SSO 20170411T163626Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b6be1a5696b56078697866ab58ab69a2|https://logpoint/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://logpoint|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8fa09988ea318874b6081a91766be4d2|username|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,memberOf|AAdzZWNyZXQxeCGywE3Jjc7i4FlyGwUsnfenYMGjsy1+hFraT3oe7VBpoyZeGMA9hsV6axlw60L7pMi9l9DEdmT/Anq2uYjqUSGawsaXHn9S16NMTmiYjVj6FQIMHrjkSfU4ZOPUEjUcvotdO1w=|_dba21a2cd72ebda095809fa1b94bad9f|

16:45:18.260 - WARN [org.opensaml.common.binding.security.IssueInstantRule:108] - Message was expired: message issue time was '2017-03-29T10:12:37.000Z', message expired at: '2017-03-29T10:18:37.000Z', current time: '2017-11-02T16:45:18.260Z'

16:45:18.261 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406] - Message did not meet security requirements

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.