Skip to content
Snippets Groups Projects

Collecting Data

Last edited by Janne Lauros

Connected Services and Activity Page require collecting and storing data of the authentication sequences.

Collecting Data

Plugin installation introduces a new interceptor flow user-profile. The user-profile flow is responsible of executing all collecting and storing actions and it has to be set as interceptor for each profile configuration data is collected from.

<!-- Collecting User Profile data only for SAML2 and OIDC clients -->
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
  <property name="profileConfigurations">
    <list>
      <bean parent="SAML2.SSO" p:outboundInterceptorFlows="#{{'user-profile'}}" p:checkAddress="false" p:signAssertions="true"/>
      <bean parent="OIDC.SSO" p:outboundInterceptorFlows="#{{'user-profile'}}"/>
      <bean parent="OAUTH2.Token" p:outboundInterceptorFlows="#{{'user-profile'}}"/>
      <bean parent="OIDC.UserInfo"/>
    </list>
  </property>
</bean>

Having the interceptor is only a prerequisite for actual data collection. See Connected Services and Activity Page on how to activate specific data collection.

Data Storage

Data storage options are in userprofile.properties - file.

Property Name Default Description
userProfile.StorageService shibboleth.StorageService Storage service for User Profile
userProfile.recordexExpiration P180D Expiration duration for dormant user record

The default in-memory storage service can be used only for initial testing. A more permanent server-side storage implementation should be used in the long run.

Collecting custom data

By defining a bean userProfile.setEventsFunction deployer may read and store custom events.

<!-- Deployer defined function for setting user profile events. -->
<bean id="userProfile.setEventsFunction" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
    p:customObject-ref="userProfile.Cache">
    <constructor-arg>
        <value>
            <![CDATA[
            result = "proceed";
            logger = Java.type("org.slf4j.LoggerFactory").getLogger("userProfile.setEventsFunction");
            var UsernamePrincipal = Java.type("net.shibboleth.idp.authn.principal.UsernamePrincipal");
            subjectContext = input.getSubcontext("net.shibboleth.idp.authn.context.SubjectContext");
            var usernamePrincipal = new UsernamePrincipal(subjectContext.getPrincipalName());
            //1. Setting nonsense event
            custom.setSingleEvent(usernamePrincipal, "MY_NONSENSE_TAG", "Nonsense");
            logger.info("Oh my what nonsense");
            result;
            ]]>
        </value>
    </constructor-arg>
</bean>

TODO Data Storage interface

Comments

    Please register or sign in to add a comment.