Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-2588

Suppress specified headers from being captured in logs

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 4.0.0, 4.5.0, 5.0.0, 5.5.0
    • Fix Version/s: Not Applicable
    • Component/s: Core
    • Labels:
    • Story Points:
      0

      Description

      When capture decorator is used then it logs all headers, there may be some sensitive headers that may need to be suppressed in this capture. e.g:

      Specifying amHandler to capture:all for PEF filter will log policy admin credentials in logs: 

      X-OpenAM-Password: password
      X-OpenAM-Username: policyAdmin
      

      Refer attached configs used for this testing. 

        Attachments

        1. 01-pep-igapp.json
          1 kB
        2. config.json
          2 kB
        3. route-01-pep-igapp.log
          16 kB

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                charan.mann Charan Mann
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: