Page tree
Skip to end of metadata
Go to start of metadata

Information about current federation statistics:


FederationCurrently Collect Stats?Published?Format?Possible to push to a central service?Willing to push to a central service?WAYF Stats
SIR(2)Basic - "IdP x SP x accesses" matrix, calculated daily.

Only privately to IdP admins.

Data is stored in a MySQL database, and can be exported to CSV/XLS/PDF from the web interface, filtering/resuming by date ranges.

When SIR2 is up and running.When SIR2 is up and running.-
HAKAYesYes, but need to be able to login
We're using log analysis tool contributed by shibboleth ( Our instructions for IdP Maintainers -> ). This data provided by log analysis tool is saved by IdP Maintainers to location where from we're able to fetch em (and save to our database).
We also have statistics page where this data can be seen in visual form. There are three different point of views, total, by IdP and by SP.
* All.Logins - Shows total logins to SP's and IdP's, Most used ones are easily spotted here.
* logins.from.IdP - you can select IdP and see logins to services from that IdP.
* logins.from.SP - If you select an SP you can see IdP's where from logins are performed.
Technically yesWould need discussion with Steering Group.-
UK federationNo----Yes, but numbers very non-representative as SPs encouraged not to use.
GRnetFor GRnet IdPs yes, but not for general IdPsNo

We use Raptor and we have raw data in a database ( MySQL ) but currently N/A on a federation level

Only if it was RAPTOR basedWould need internal discussion but possible.

we are in the process of making extended modifications to our WAYF service and statistics collection is one of the considerations for enhancements.

AAI@EduHrYes, also saved in a databaseWould need to agree a format.yes-

We do not collect anything identifying the user in our statistics data. Thus we cannot say anything about unique users. We do however collect login events.

It is available to IdPs and SPs connected directly to Feide, through our customer portal.

The original data is in the form of structured log events, encoded in JSON:

    "feideSchoolList": ["NO968100211"],

It is stored in various forms. The current authorative datastore is a MongoDB database. We also push it into ElasticSearch for access through Kibana.

From the events we also produce some aggregated statistics counting the various events over different timescales.

(In addition to login events, we collect a lot of other structured log data, e.g. total time through the login process, from start to end, login failures, logout events, etc.)
PossiblyWould need internal discssion-
We have a project underway to improve this situation by collecting logs for all IdPs to a central point which will give us much greater insight into the activities of the federation.
They are available from within the Federation Registry. Restrictions apply to access to detailed reports. We also publish summary information in our annual reports.
Currently stored in a MySQL database. Not sure how / where will be held in the future.
Anything is possible (smile)
Further internal discussions would be required and an understanding of the benefits.



you're talking aggregate information? do we have a simple format for that sort of thing? maybe we need a federation MIB

In principle.

See Linus Nordberg  (CT, Tor etc) about how to architect a reasonably safe depository for usage information that could be use to support things like "long-term-key logout", eg for the purpose of doing threat mitigation for hacked accounts.

Do not keep on purpose.


Yes, we collect logins, unique users per SP, IdP and totals. We currently only publicly show live stats for logins per min/hour/day/month/year Today showing a nice new record number of logins as the new academic year has started thins week in The Netherlands

 Raw data in MysQL, aggregated data in MySQL as well

Assuming it is both periodic, script-able and high-level, yes

 Assuming it is both periodic, script-able and high-level, yes


Fyi, we currently are running 5 instances of "fallback" discovery services: 4 more or less supported ones (albeit experimental wrt their take-up within our community), and 1 widely deployed but deprecated one: Since we recommend to NOT use any of them (as per best practices in this area and from this very community, we don't have added any tooling so far to systematically collect and process the data from those 5 discovery services. (Also for the DiscoJuice-based ones we don't have any logs at all, AFAIK.) Even in the logs we do have obviously we have no uniquely identifying attribute of the subject operating the HTTP User Agent, so any questions about "[unique] users" could only be answered in terms of IPv6 and IPv4 addresses (which could be proxies, etc.). So all in all not worth the effort, IMHO.


simple MySQL db

PossiblySimple stats - yes-
EdugateYesService providers and Identity Providers can collect their stats from our registry (

The data is held in a Raptor database, graphed with rrdtool.

Migration underway to move to Nxlog, ElasticSearch and Kibana

YesYesWe do no collect stats from our WAYF (we discourage the use of a central WAYF).
SWITCHNo - the AMAAIS activity for a distributed statistics and accounting framework is currently on hold due to limited resources.n/an/an/an/a

SWITCH does collect the stats of our two central WAYF instances. However, at least one institution has its own central WAYF and a couple of SPs use local WAYFs (required for interfederation enabled SPs) and some directly link to their single IdP they serve. So what we collect is far from complete and will be less complete as interfederation gets more and more deployed. The data is not easily sharable. SWITCH manually generate about two to three times per year graphs with the top20 SPs and the top 20 IdPs.

  • No labels