In Engineblock, we can trace the user through the system based on the user session id. We also want to be able to trace which PDP-events (request, decision and any errors) are carried out in the user's journey through the login process.
So, we want to add the user session-id to the PDP requests from Engine to the PDP. The PDP should then add this session-id to all logging related to this request.
For backward-compatibility, the PDP should gracefully handle the case that no session-id is sent, and log a null-value in that case.
The way in which the session-id is trasnmitted in the PDP-request is to be determined. I see two possibilities:
- add it as part of the XACML requests, for example in a new
Environments or IntermediarySubject section
- add it as extra GET parameter on the decision request
- add it in some other (custom) HTTP header
We need to check how SSID handles this.
In Engineblock, we can trace the user through the system based on the user session id. We also want to be able to trace which PDP-events (request, decision and any errors) are carried out in the user's journey through the login process.
So, we want to add the user session-id to the PDP requests from Engine to the PDP. The PDP should then add this session-id to all logging related to this request.
For backward-compatibility, the PDP should gracefully handle the case that no session-id is sent, and log a
null-value in that case.The way in which the session-id is trasnmitted in the PDP-request is to be determined. I see two possibilities:
EnvironmentsorIntermediarySubjectsectionWe need to check how SSID handles this.