I'd like to see the new SAML B2 log authentication / authorizations in the GUI (like LDAPs is logged). Just because the user is sent to a different site for credentials, I don't see why we can't have a record of the authorization on the Blackboard end. Support said to make this a suggestion, as not logging this event is functioning as designed. I think it is possible to log it, is it not?
The experts on my campus, who I defer to on this say: If a user did not submit a valid signed assertion would access be provided to Blackboard? No. Blackboard is authenticating/authorizing user identity based on a trust with our organization.I would argue that a user/password, verified through an LDAP identity provider is the equivalent of a SAML assertion verified by certificate. After the user's "identity" is determined, then authorization to service is provided. We want to know when the user's identity is first used on the Blackboard service and they previously had that info in the "auth log".
|Product Version (if applicable):||0|