Skip to content

✨ Feature / Telemetry events across the SSO lifecycle #40

Description

@docJerem

Context

ex_saml currently emits no :telemetry events. The only observability seam is the :on_error parse hook added in #29. Operators integrating SSO need first-class visibility into authentication outcomes (success, failure reasons, signature/replay/decrypt failures) to feed dashboards, alerting and SIEM/OCSF pipelines — without ex_saml owning the formatting.

Goal

Emit a documented set of :telemetry events across the SSO lifecycle, generalising the ad-hoc :on_error hook into a coherent observability layer.

Proposed events

  • [:ex_saml, :signin, :start | :stop | :exception] — SP-initiated request build.
  • [:ex_saml, :assertion, :consume, :start | :stop | :exception] — ACS processing, with idp_id, outcome, and failure reason on stop.
  • [:ex_saml, :signature, :verify] — result (:ok / reason atom), algorithm, idp_id.
  • [:ex_saml, :replay, :rejected] — anti-replay hit.
  • [:ex_saml, :decrypt, :exception] — encrypted-assertion failures.
  • [:ex_saml, :logout, :start | :stop].

Measurements carry durations where meaningful; metadata carries idp_id, sp_id, outcome, and a stable reason atom (never raw payloads).

Proposed scope

  • Add :telemetry as a dependency and a thin ExSaml.Telemetry emit helper.
  • Instrument AuthHandler, Core.Sp, Dsig, and the relay-state / replay path.
  • Document the event table in the README / ExDoc.
  • Keep the ✨ Feature / SafeXml — single hardened xmerl_scan entry point #29 :on_error hook working (or route it through telemetry) for backward compatibility.

Why

  • Idiomatic Elixir observability, low runtime risk.
  • Lets consumers wire SIEM/metrics without any code change in ex_saml.
  • Stable reason atoms double as a contract for alerting on auth failures.

Relates to #29.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions