This topic tells you how to use AuthServer
audit logs in Application Single
Sign-On (commonly called AppSSO).
AuthServer
s perform the following tasks:
- Handle user authentication
- Issue
id_token
andaccess_token
Each audit event contains the following information:
ts
- date/time of the eventremoteIpAddress
- the IP of the user-authentication or if not attainable, the IP of the last proxy
AuthServer
produce the following authentication events:
AUTHENTICATION_SUCCESS
- Trigger successful authentication
- Data recorded Username, Provider ID, Provider Type (INTERNAL, OPENID, ...)
AUTHENTICATION_LOGOUT
- Trigger successful logout
- Data recorded Username, Provider ID, Provider Type (INTERNAL, OPENID, ...)
AUTHENTICATION_FAILURE
- Trigger failed authentication using either
internalUnsafe
orldap
identity provider - Data recorded Username, Provider ID, Provider Type (INTERNAL or LDAP)
- Trigger failed authentication using either
INVALID_IDENTITY_PROVIDER_CONFIGURATION
- Trigger some cases of failed authentication with an
openId
orsaml
identity provider - Data recorded Provider ID, Provider Type, error
- Note usually followed by a human-readable help message, with
"logger": "appsso.help"
- Trigger some cases of failed authentication with an
AuthServer
produce the following authorization_code and token events:
AUTHORIZATION_CODE_ISSUED
- Trigger
authorization_code
grant type, successful call to/oauth2/authorize
- Data recorded Username, Provider ID, Provider Type, Client ID, Scopes requested, Redirect URI
- Trigger
AUTHORIZATION_CODE_REQUEST_REJECTED
- Trigger
authorization_code
grant type, unsuccessful call to/oauth2/authorize
, for example invalid Client ID, invalid Redirect URI, ... - Data recorded Error, Error Code (ex:
invalid_scope
), Client ID, Scopes requested Redirect URI, Username (may beanonymousUser
), Provider ID and Provider Type if available
- Trigger
TOKEN_ISSUED
- Trigger successful call to
/oauth2/token
- Data recorded Scopes, Client ID, Grant Type (
authorization_code
orclient_credentials
), Username
- Trigger successful call to
TOKEN_REQUEST_REJECTED
- Trigger unsuccessful call to
/oauth2/token
, for example invalid Client Secret - Data recorded Client ID, Scopes requested, Error
- Trigger unsuccessful call to