Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel5
minLevel3

Who and how am I?

Code Block
languagebash
titleWhat IDP version is currently installed
$ /opt/shibboleth-idp/bin/version.sh
3.4.6

...

Code Block
languagebash
titleWhat does the IDP think of its own state?
/opt/shibboleth-idp/bin/status.sh

Applying updates

See IDP 3 Updates for detailed instructions.

What's happening right now?

Code Block
languagebash
titleWatch IDP und Webserver logs
multitail -f /opt/shibboleth-idp/logs/idp-process.log /var/log/tomcat8/access.log

...

Code Block
languagebash
titleTrail all relevant logs at once
multitail -f /opt/shibboleth-idp/logs/idp-process.log /var/log/tomcat8/access.log -l 'journalctl -u tomcat8.service -f'

Who logged in and where, with what attributes sent?

Code Block
languagebash
titleAudit log
multitail -f /opt/shibboleth-idp/logs/idp-audit.log

...

Code Block
languagebash
titleHTTP User-Agent IP address in audit and access log
fgrep 192.168.1.99 /opt/shibboleth-idp/logs/idp-audit.log /var/log/tomcat8/access.log

Statistics

ACOnet has contributed a log analysis tool for parsing the Shibboleth IDP's audit logs. For the current day use  /opt/shibboleth-idp/logs/idp-audit.log.

...

Code Block
languagebash
titleCan be done for whole months or even years
loganalysis.py -cul /opt/shibboleth-idp/logs/idp-audit.log.201812*
21 unique relying parties
15 unique userids
406 logins

Debugging

Code Block
languagebash
titleLog SAML Messages on DEBUG
$EDITOR /opt/shibboleth-idp/conf/logback.xml  # Set <logger name="PROTOCOL_MESSAGE" level="DEBUG"/> and save
/opt/shibboleth-idp/bin/reload-service.sh -id shibboleth.LoggingService

Make sure to undo this after you're done to avoid filling up file systems/volumes/disks with unnecessary DEBUG messages.

Locally managed Metadaten (non-eduID.at)

Cf. IDP 3 Metadata configuration.