Does anyone know of a way to log or track logging to multiple Relying Parties during a ADFS session?
So for more clarity we have 5 relying parties on our ADFS servers. This is setup to be an SSO solution. We can log when that user authenticates to ADFS , but we need to be able to log each Relying Party the users authenticate to during the authenticated session.
You could use an ADFS Attribute Store. A SQL attribute store could be used and you could log to SQL. Once you create the attribute store under Trust Relationships -> Attribute Stores, you would then create a custom claim rule in each of your Relying Party Trusts like the following.
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(store = "SQLCustomAttributeStore", types = ("DummyType"), query = "exec spLogAccess @Resource={0}, @UserName={1}", param = "Resource 1", param = c.Value);
A custom attribute store could also be used to log to a file.