Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

record saml_idp_sessions event #52202

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

record saml_idp_sessions event #52202

wants to merge 1 commit into from
+178 −127

Conversation

flyinghermit
Copy link
Contributor

@flyinghermit flyinghermit commented Feb 15, 2025
edited
Loading

The SAML IdP auth handler emits audit event saml.idp.auth.
The event is based on event type SAMLIdPAuthAttempt.
This PR handles successful auth attempt audit event as saml_idp_session start event SessionStartEvent and adds the event counter to the user activity record.

Sample user activity record with the saml_idp_sessions:

 {
  "report_uuid": "McxKGo9pSumU8DPPXeRDzg==",
  "cluster_name": "Qe8aKevkim6h3hReJvEnWzdVoCW49OjE2qYVEqlU4Ng=",
  "reporter_hostid": "Gl+XkAEDry4dQszdh/U8dAytD/WOadbWioX1ecu3ZIE=",
  "start_time": {
   "seconds": 1739577720
  },
  "records": [
   {
    "user_name": "i/P37sO9T0Xcd6HFV9N0AM05h1faMuyP8FQh7wASx0I=",
    "user_kind": 1,
    "saml_idp_sessions": 2
   }
  ]
 }

Cloud prehog twin PR https://github.com/gravitational/cloud/pull/12092
Part of https://github.com/gravitational/teleport.e/issues/5946

@flyinghermit flyinghermit changed the title record saml idp session event record saml_idp_sessions event Feb 15, 2025
@flyinghermit flyinghermit added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v17 labels Feb 15, 2025
smallinsky
smallinsky approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@smallinsky smallinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM when the https://github.com/gravitational/teleport/pull/52202/files#r1959507472 will be address.

@ravicious ravicious removed their request for review February 19, 2025 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smallinsky smallinsky smallinsky approved these changes

@r0mant r0mant r0mant approved these changes

@doggydogworld doggydogworld Awaiting requested review from doggydogworld

Assignees
No one assigned
Labels
backport/branch/v17 do-not-merge no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@flyinghermit @r0mant @smallinsky