logging CAS name in apache server logs
Scott Battaglia
scott.battaglia at gmail.com
Thu Aug 23 08:27:04 EDT 2007
Thomas,
There is no easy way for CAS to actually set the "resolved" principal's name
in a cookie. You could add an "Action" to the web flow that sets whatever
the supplied username is in a cookie (and depending on how your organization
is set up, that may be the resolved principal's id).
-Scott
On 8/22/07, Thomas Olausson <thomas.olausson at gmail.com> wrote:
>
> I'm looking for a way to generate user activity stats from web server
> logs.
>
> All my external apps run on various internal web app servers, reverse
> proxy'd by Apache ProxyPass.
> Apache is an "edge server" in my case.
> Every external app is CAS-ified and part of the same base domain.
>
> I want to track what a specific user does in all these apps.
> But to do that, I have to look in many app server logs, if the app
> even logs it.
>
> Since the reverse proxy logs every request, it would be nice to have
> the CAS user name in that log.
>
> The reverse proxy has access to the CASTGC cookie, but that doesn't
> readily contain a user name, and it would be expensive to resolve the
> CASTGC for each request.
>
> A friend suggested tweaking CAS to set an additional clear text
> cookie with the username upon successful login.
> The reverse proxy could log the contents of that cookie using Apache
> Custom Log.
>
> I know CAS doesn't do "global" cookies like this (by design).
> Has anyone else had the same logging scenario like me, or any other
> tips to solve this?
>
> /Tom
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070823/0badfc31/attachment.html
More information about the cas
mailing list