I'd like to use CAS at a customer site that has very strict auditing requirements. The requirements are pretty straightforward and CAS implements some of them already, but some work would still have to be done before I can deploy it there.
Basically, every audit record should have: • remote username • remote user's IP address • time and date • the service being accessed • description of the event... • local host's name and IP address (and domain if available) The events that should be audited: • system startup and shutdown • authentication and ticket creation - successful and unsuccessful • ticket validation (esp. including the service being accessed) - successful and unsuccessful • single sign-off - successful and unsuccessful • logoffs due to SSO session timeout (does http session timeouts occur in CAS? what would it mean?) • activity in the services management console, i.e., 1. creation or deletion of managed service 2. modification of managed service (showing changed values) The audit trail has to be written to a database and constructed such that the activities of a specific user can be traced. So, the user's name should be part of the primary key and appear in every record. Before I start anything I'd like to get a reading on what it might take. Is the needed data even available in the tickets? Thanks, Merlin -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
