Is it possible to remove the user's principal from audit logs in CAS 7?
I resolve all relevant user attributes with the principal instead of using a separate LDAP connection. It seems like SAML2 authentications want to print every resolved attribute in the principal and it really clutters the logs. Anyone know of a way to remove principal attributes from the log files? I would like to keep the logs intact, just remove the principal field if possible.
Here's an example of one of these auth attempts:
2024-07-22 09:15:37,387 INFO [org.apereo.inspektr.audit.AuditTrailManager] - 2024-07-22T13:15:37.386909125!my-username!{result=Service Access Granted, principal=SimplePrincipal(id=my-username, attributes={cn=[my cn], department=[Office of Information Technology], displayName=[my name], duoAud=[some code], duoAuthCtxAccessDeviceIp=[an IP], duoAuthCtxAccessDeviceLocationCity=[my locality], duoAuthCtxAccessDeviceLocationCountry=[United States], duoAuthCtxAccessDeviceLocationState=[my state], duoAuthCtxApplicationName=[CAS - DUO Universal], duoAuthCtxAuthDeviceHostname=[a phone number], duoAuthCtxAuthDeviceIp=[an ip], duoAuthCtxAuthDeviceLocationCity=[a location], duoAuthCtxAuthDeviceLocationCountry=[United States], duoAuthCtxAuthDeviceLocationState=[a state], duoAuthCtxEventType=[authentication], duoAuthCtxFactor=[duo_push], duoAuthCtxReason=[user_approved], duoAuthCtxResult=[success], duoAuthCtxTimestamp=[1721653942], duoAuthCtxTxId=[an id], duoAuthCtxUserKey=[a key], duoAuthResult=[allow], duoAuthResultStatus=[allow], duoAuthResultStatusMessage=[Login Successful], duoAuthTime=[1721653942], duoExp=[1721657542], duoIat=[a number], duoIss=[a duo endpoint], duoPreferredUsername=[a username], duoSub=[a username], eduPersonNickName=[name], EmailAddress=[an email], givenName=[a name], memberOf=[A very long list of groups], organizationalunit=[Office of Information Technology], pwdLastSet=[data], schoolName=[data], schoolNumber=[data], sn=[surname], telephoneNumber=[a phone number], title=[a title], UDC_IDENTIFIER=[a value], uid=[username], username=[a username], userType=[data]}), service=my-service, requiredAttributes={}}!SERVICE_ACCESS_ENFORCEMENT_TRIGGERED!192.168.95.246!my server IP!