When enabled, the debug option shows all parameters fetched from the browser before submitting the fingerprint.
Perform the following steps to enable the debug option for the Device Fingerprint rule:
Linux:Open /opt/novell/nam/idp/conf/tomcat.conf of Identity Server:
Windows: Go to \Program Files (x86)\Novell\Tomcat\bin. Double click tomcat7w and open the Java tab.
Add the following option:
JAVA_OPTS="${JAVA_OPTS} -Dcom.microfocus.nam.device.fingerprint.debug=true"Restart Identity Server.
NOTE:When the Debug option is enabled, fingerprint data is be shown to all users during login to Identity Server. It is recommended to disable this option after debugging is completed.
If you encounter any error during the Device Fingerprint rule evaluation, check the log files to review the error code. The log file location is:
Linux: /opt/novell/nam/idp/logs/catalina.out
Windows: \Program Files (x86)\Novell\Tomcat\logs\stdout.log
For example, a Device Fingerprint Rule is set up with the following details:
Parameters selected for individual evaluation: Operating System Parameters
Parameters selected for group evaluation: Hardware Parameters, Language Set, User Agent
Parameters in the group must match: 80%
The following sections include evaluation traces and log entries in different scenarios for this rule:
When a user logs in first time, no fingerprint is available for that device.
Device Fingerprint Evaluation Trace:
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: NA
Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"nonce":"1470327524972","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24, }
Total number of known devices to compare against: 0
Overall Result: Mismatch
Failure Cause: No fingerprint or known device found.
***************************Trace End*************************
</amLogEntry>
<amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-4
DFPRule : false </amLogEntry>
<amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-4
Rule considered for risk score: DFPRule </amLogEntry>
<amLogEntry> 2016-08-04T16:18:49Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-4
traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55
RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~
</amLogEntry>
When all parameters matches 100%.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: NA
Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"nonce":"1470327774198","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,}
Total number of known devices to compare against: 1
Overall Result: Match
************Summary of comparison against known device*************
Evaluation Result: Match
Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470327529609","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470327524972","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"}
Match Percentage: 100.0
************End of comparison against known device***************
**************************Trace End*************************
</amLogEntry>
<amLogEntry> 2016-08-04T16:22:55Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-1
DFPRule : true </amLogEntry>
<amLogEntry> 2016-08-04T16:22:55Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-1
traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~0
RU~~DFPRule~~negateResult~false~exceptionRule~false~result~true~
</amLogEntry>
When the evaluation on an individual parameter fails. In this example, it is Operating system Parameters.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: NA
Currently fetched device info: {"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86","operatingSystem_osName":"Linux"},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328154673","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24}
Total number of known devices to compare against: 1
Overall Result: Mismatch
*************Summary of comparison against known device*************
Evaluation Result: Mismatch
Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470328017123","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328016641","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"}
Failure Cause: At least one mandatory attribute failed match/is unavailable.
Offending Mandatory Attribute: operatingSystem_osVersion
***************End of comparison against known device***************
***************************Trace End*************************
</amLogEntry>
<amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-1
DFPRule : false </amLogEntry> <amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-1
Rule considered for risk score: DFPRule </amLogEntry>
<amLogEntry> 2016-08-04T16:29:36Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-1
traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55
RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~
</amLogEntry>
When the group parameters do not match 100%, but meet the match criteria specified in the rule.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: NA
Currently fetched device info: {"availFontSet":{},"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US,en"},"html5DataSet":{},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86_64"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"screenResolution":{},"userAgent":{"userAgent_uaVersion":"39.1","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328282330","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,"headerSet":{},"userDN":{},"clientIP":{}}
Total number of known devices to compare against: 1
Overall Result: Match
*************Summary of comparison against known device*************
Evaluation Result: Match
Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.0","lastUsageTime":"1470328017123","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328016641","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86_64","colorDepth":"24","operatingSystem_osName":"Linux"}
Match Percentage: 85.71429
Mismatching Flexible Attributes: [userAgent_uaVersion]
***************End of comparison against known device***************
***************************Trace End*************************
</amLogEntry>
<amLogEntry> 2016-08-04T16:31:39Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-2
DFPRule : true </amLogEntry>
<amLogEntry> 2016-08-04T16:31:39Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-2
traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~0
RU~~DFPRule~~negateResult~false~exceptionRule~false~result~true~
</amLogEntry>
When the group parameters does not match the criteria as specified in the rule.
Device Fingerprint Evaluation Trace
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: NA
Currently fetched device info: {"availFontSet":{},"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceDefaultLanguage":"en-US","deviceLanguage_deviceLanguageSet":"en-US"},"html5DataSet":{},"navigatorPlatform":{"navigatorPlatform_navigatorPlatform":"Linux x86"},"operatingSystem":{"operatingSystem_osVersion":"x86_64","operatingSystem_osName":"Linux"},"screenResolution":{},"userAgent":{"userAgent_uaVersion":"39.0","userAgent_uaName":"Firefox"},"webglData":{},"nonce":"1470328761567","deviceType":"NA$NA$NA","dnt":"NA","navigatorConcurrency":"NA","deviceTouchPoints":"NA","colorDepth":24,"headerSet":{},"userDN":{},"clientIP":{}}
Total number of known devices to compare against: 1
Overall Result: Mismatch
*************Summary of comparison against known device*************
Evaluation Result: Mismatch
Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceDefaultLanguage":"en-US","userAgent_uaVersion":"39.1","lastUsageTime":"1470328521354","cpuArchitecture_cpuArchitecture":"amd64","dnt":"NA","nonce":"1470328503258","operatingSystem_osVersion":"x86_64","deviceLanguage_deviceLanguageSet":"en-US,en","userAgent_uaName":"Firefox","navigatorConcurrency":"NA","deviceTouchPoints":"NA","navigatorPlatform_navigatorPlatform":"Linux x86","colorDepth":"24","operatingSystem_osName":"Linux"}
Failure Cause: Flexible attributes percentage match is lesser than threshold.
Match Percentage: 71.42857
Mismatching Flexible Attributes: [userAgent_uaVersion, deviceLanguage_deviceLanguageSet]
**************End of comparison against known device***************
**************************Trace End*************************
</amLogEntry>
<amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-2
DFPRule : false </amLogEntry>
<amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-2
Rule considered for risk score: DFPRule </amLogEntry>
<amLogEntry> 2016-08-04T16:39:51Z DEBUG NIDS Application:
Method: RiskManager.evaluateRisk
Thread: http-nio-164.99.184.39-8443-exec-2
traceList: RL~groupName~GeneralGP~ruleCount~1~Success~riskScore~55
RU~~DFPRule~~negateResult~false~exceptionRule~false~result~false~
</amLogEntry>