16.2 Enabling Identity Server Audit Events

The following steps assume that you have already set up auditing on your network. For more information, see Configuring Access Manager Appliance for Auditing.

  1. In the Administration Console, click Devices > Identity Server > Servers > Edit > Logging.

  2. In the Novell Audit Logging section, select Enabled.

  3. Select the events for notification.

    Select All: Select this option for all events. Otherwise, select one or more of the following:

    Event

    Description

    Login Provided

    Generated when an identity provider sends authentication to a service provider. Role assignment audit events are included in authentication audit events for the Identity Server.

    Login Provided Failure

    Generated when an identity provider attempts to send authentication to a service provider but fails.

    Login Consumed

    Generated when a user is authenticated either locally or by an external identity provider. Role assignment audit events are included in authentication audit events for the Identity Server.

    Login Consumed Failure

    Generated when the Identity Server initiates authentication, but the process fails.

    Logout Provided

    Generated when an identity provider sends a logout request to a service provider that it has authenticated.

    Logout Local

    Generated when the Identity Server receives a logout command from the user.

    Federation Request Sent

    Generated when a service provider attempts to federate with an identity provider.

    Federation Request Handled

    Generated by the Identity Server when processing a request for federation.

    Defederation Request Sent

    Generated by the identity provider when a request for defederation is sent to another provider.

    Defederation Request Handled

    Generated when the Identity Server processes a request for defederation.

    Register Name Request Handled

    Generated when the Identity Server processes a request for changing a name identifier.

    Attribute Query Request Handled

    Generated by the Identity Server when processing an attribute request from a service provider.

    Web Service Query Handled

    Generated when a Web service query request is sent to an identity provider.

    Web Service Modify Handled

    Generated when Web service modify request is sent to an identity provider.

    User Account Provisioned

    Generated by the Identity Server when functioning as an identity consumer and when an account has been provisioned.

    User Account Provisioned Failure

    Generated by the Identity Server when functioning as an identity consumer and when account provisioning has failed.

    LDAP Connection Lost

    Generated when the LDAP connection is lost.

    LDAP Connection Reestablished

    Generated when the LDAP connection is reestablished.

    Server Started

    Generated when the server gets a start command from the server communications module.

    Server Stopped

    Generated when the server gets a stop command from the server communications module.

    Server Refreshed

    Generated when the server gets a refresh command from the server communications module.

    Intruder Lockout Detected

    Generated when an attempt to log in as a particular user with an invalid password has occurred more times than is allowed by the directory.

    Component Log Severe Messages

    Logged for all component messages with level of Severe.

    Component Log Warning Messages

    Logged for all component messages with level of Warning.

    Brokering Across Groups Denied

    Brokering authentication request denied to a target service provider. The brokering group consists of either the Identity Provider or target Service Provider, but both does not belong to the same group.

    Brokering Rule Evaluated to Deny

    Brokering authentication request denied to a target service provider due to broker policy evaluation resulted in denying.

    Brokering Handled

    The total number of brokering authentication requests handled by the Identity Server when it started.

    WebService Request Authenticated

    Generated when a user is authenticated for requesting a token for a Web service.

    WebService Request Authentication Failed

    Generated when a user’s authentication fails for requesting a token for a Web service.

    Token Was Issued To WebService

    Generated when a token is issued for accessing a Web service.

    Token Issue To WebService Failed

    Generated when a request to issue a token for accessing a Web service fails.

    Token Was Validated To A WebService

    Generated when a token is validated for a Web service.

    Token Validation To WebService Failed

    Generated when a token validation for accessing a web service fails.

    Token Renewed

    Generated when a token is renewed for a Web service.

    Token Renew Failed

    Generated when renewing a token for a Web service fails.

    Oauth & OpenID Token Issued

    Generated when an OAuth Authorization code, OAuth token, ID token, or Refresh token is issued.

    Oauth & OpenID Token Issue Failed

    Generated when OAuth Authorization code issue, OAuth token issue, ID Token issue, or Refresh token issue failed.

    Oauth Consent Provided

    Generated when OAuth consent is provided to a client application.

    Oauth Consent Revoked

    Generated when OAuth consent is revoked from a client application.

    OAuth Client Applications

    Generated when a client is registered, updated, deleted, or client registration fails.

    Oauth & OpenID Token Validation Success

    Generated when an OAuth and OpenID token is validated successfully.

    Oauth & OpenID Token Validation Failed

    Generated when an OAuth and OpenID token validation fails.

    Risk-Based Authentication Succeeded

    Generated when rule execution succeeds.

    Risk-Based Authentication Failed

    Generated when rule execution fails.

    Risk-Based Authentication Action Involved

    Generated when rule execution succeeds and user is requested to perform additional authentication.

  4. Click Apply > OK.

  5. Click Servers > Update Servers.

NOTE:Identity Server logs the IP address of client machine, from where authentication requests originate, into audit events. If the client machine is behind a proxy, then proxy IP address will be logged. If you need to skip the proxy IP address and log the actual client machine IP address, you have to configure the RemoteIpValve in the Tomcat configuration file (server.xml) on all the identity servers.

The server.xml file can be found at /opt/novell/nam/idp/conf/server.xml (for linux) and //Program File x(86)/Novell/Tomcat/conf/server.xml (for Windows).

The details of configuring RemoteIpValve can be found at Remote IP Valve.

To configure audit events to capture the source IP address of the X-forwarded-header, add the following details after the Engine element in the server.xml file:

<Engine defaultHost="localhost" name="Catalina">  
<Valve className="org.apache.catalina.valves.RemoteIpValve"  
internalProxies="IP addresses" />

Substitute IP addresses with the IP address of the proxy and load balancer.

Restart Tomcat by using rcnovell-idp restart.