[R] ADFS one more time – auditing

Reading Time: < 1 minute

I want to get back to ADFS configuration once again. In current version of ADFS documentation available on Microsoft web site one important – in my opinion – thing was omitted and I know that it would not be updated in short time, I think about ADFS auditing. ADFS comes with some auditing capability available through standard Windows interface which is Event Log. All what You need to do is to enable auditing of object access events for success and failures on the server where ADFS service is located and You will notice ADFS related events in Security log. One more thing about ADFS auditing – for each organizational claim which is being defined in the trust policy there is an option to mark this claim as a claim with limited auditing. It means that value passed through this claims will not be stored in the Event log. This is important because in some cases claims can be based on sensitive values and it is very common in organizations that event log entries are gathered and stored in some kind of database. It is not always desired that persons who has access to these logs should be able to retrieve sensitive information passed in the claim from other organization. So it is good to memorize that such possibility exists and it is available with single click.