I have a request to log all inbound and outbound SSOs for auditing purposes. Specifically, I need is the SAML response with the assertion. This is not a problem on inbound, but I am having a hard time figuring out how to do this outbound without reflection. This going to be on a client’s server, and we cannot use IIS tracing. Is there not some way to get the SAML response before/during the call to SAMLIdentityProvider.InitiateSSO?
I have thought about creating a mocked up http response object, calling it with that, and then calling it with the real http response. However I don’t want to hack something if you guys have something available.
If this is the way I have to go, is there any way you guys could look at adding this functionality (something like SAMLIdentityProvider.GetSAMLResponse) or possibly adding overloads with an out parameter to give us access to the response for logging?
Thanks for your time and help!
We include a notification interface that you could use for logging SAML responses.
You’ll find the interface and related classes under the ComponentSpace.SAML2.Notifications namespace.
The interface is ISAMLObserver.
There’s an abstract class called AbstractSAMLObserver that implements this interface.
You can derive your class from AbstractSAMLObserver and only implement the methods you’re interested in.
For example:
public class MySAMLObserver : AbstractSAMLObserver
{
public override void OnSAMLResponseSent(string partnerName, XmlElement samlResponse, string relayState)
{
// TODO – log the SAML response.
}
}
There’s also a OnSAMLResponseReceived if you want to log the SAML response at the SP.
You register your class as follows.
SAMLObservable.Subscribe(new MySAMLObserver());