When enabled, the debug option shows all parameters fetched from the browser before submitting the fingerprint.
Perform the following steps to enable the debug option for the Device Fingerprint rule:
Open /opt/novell/nam/idp/conf/tomcat.conf of Identity Server:
Add the following option:
JAVA_OPTS="${JAVA_OPTS} -Dcom.microfocus.nam.device.fingerprint.debug=true"
Restart Identity Server.
NOTE:When the Debug option is enabled, fingerprint data is be shown to all users during login to Identity Server. It is recommended to disable this option after debugging is completed.
If you encounter any error during the Device Fingerprint rule evaluation, check the log files to review the error code. The log file location is:
/opt/novell/nam/idp/logs/catalina.out
For example, a Device Fingerprint Rule is set up with the following details:
Parameters selected for individual evaluation: Operating System Parameters
Parameters selected for group evaluation: Hardware Parameters, Language Set, User Agent
Parameters in the group must match: 80%
The following sections include evaluation traces and log entries in different scenarios for this rule:
When a user logs in first time, no fingerprint is available for that device.
Device Fingerprint Evaluation Trace:
Evaluating device fingerprint for user: cn=admin,o=novell Correlation ID: NA Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"nonce":"1470327524972","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24, } Total number of known devices to compare against: 0 Overall Result: Mismatch Failure Cause: No fingerprint or known device found. ***************************Trace End************************* </amLogEntry> <amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-4 DFPRule : false </amLogEntry> <amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-4 Rule considered for risk score: DFPRule </amLogEntry> <amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-4 traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55 RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~ </amLogEntry>
When all parameters matches 100%.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell Correlation ID: NA Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"nonce":"1470327774198","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,} Total number of known devices to compare against: 1 Overall Result: Match ************Summary of comparison against known device************* Evaluation Result: Match Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470327529609","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470327524972","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"} Match Percentage: 100.0 ************End of comparison against known device*************** **************************Trace End************************* </amLogEntry> <amLogEntry> 2016-08-04T16:22:55Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-1 DFPRule : true </amLogEntry> <amLogEntry> 2016-08-04T16:22:55Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-1 traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~0 RU~~DFPRule~~negateResult~false~exceptionRule~false~result~true~ </amLogEntry>
When the evaluation on an individual parameter fails. In this example, it is Operating system Parameters.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell Correlation ID: NA Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328154673","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24} Total number of known devices to compare against: 1 Overall Result: Mismatch *************Summary of comparison against known device************* Evaluation Result: Mismatch Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470328017123","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328016641","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"} Failure Cause: At least one mandatory attribute failed match/is unavailable. Offending Mandatory Attribute: operatingSystem_osVersion ***************End of comparison against known device*************** ***************************Trace End************************* </amLogEntry> <amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-1 DFPRule : false </amLogEntry> <amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-1 Rule considered for risk score: DFPRule </amLogEntry> <amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-1 traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55 RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~ </amLogEntry>
When the group parameters do not match 100%, but meet the match criteria specified in the rule.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell Correlation ID: NA Currently fetched device info: {"availFontSet":{},"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"html5DataSet":{},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"screenResolution":{},"userAgent":{"userAgent_uaVersion":"39.1","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328282330","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,"headerSet":{},"userDN":{},"clientIP":{}} Total number of known devices to compare against: 1 Overall Result: Match *************Summary of comparison against known device************* Evaluation Result: Match Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470328017123","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328016641","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"} Match Percentage: 85.71429 Mismatching Flexible Attributes: [userAgent_uaVersion] ***************End of comparison against known device*************** ***************************Trace End************************* </amLogEntry> <amLogEntry> 2016-08-04T16:31:39Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-2 DFPRule : true </amLogEntry> <amLogEntry> 2016-08-04T16:31:39Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-2 traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~0 RU~~DFPRule~~negateResult~false~exceptionRule~false~result~true~ </amLogEntry>
When the group parameters does not match the criteria as specified in the rule.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell Correlation ID: NA Currently fetched device info: {"availFontSet":{},"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US"},"html5DataSet":{},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"screenResolution":{},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328761567","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,"headerSet":{},"userDN":{},"clientIP":{}} Total number of known devices to compare against: 1 Overall Result: Mismatch *************Summary of comparison against known device************* Evaluation Result: Mismatch Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.1","lastUsageTime":"1470328521354","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328503258","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86","colorDepth":"24","operatingSystem_osName":"Linux"} Failure Cause: Flexible attributes percentage match is lesser than threshold. Match Percentage: 71.42857 Mismatching Flexible Attributes: [userAgent_uaVersion, deviceLanguage_deviceLanguageSet] **************End of comparison against known device*************** **************************Trace End************************* </amLogEntry> <amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-2 DFPRule : false </amLogEntry> <amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-2 Rule considered for risk score: DFPRule </amLogEntry> <amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application: Method: RiskManager.evaluateRisk Thread: http-nio-164.99.184.39-8443-exec-2 traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55 RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~ </amLogEntry>