The following steps assume that you have already set up auditing on your network. For more information, see Configuring Access Manager for Auditing.
Click Devices > Identity Server > Servers > Edit > Auditing and Logging.
In the Audit Logging section, select Enabled.
Select the events for notification.
Select All: Select this option for all events. Otherwise, select one or more of the following:
|
Event |
Description |
|---|---|
|
Login Provided |
Generated when an identity provider sends authentication to a service provider. Role assignment audit events are included in authentication audit events for Identity Server. |
|
Login Provided Failure |
Generated when an identity provider attempts to send authentication to a service provider but fails. |
|
Login Consumed |
Generated when a user is authenticated either locally or by an external identity provider. Role assignment audit events are included in authentication audit events for Identity Server. |
|
Login Consumed Failure |
Generated when Identity Server initiates authentication, but the process fails. |
|
Logout Provided |
Generated when an identity provider sends a logout request to a service provider that it has authenticated. |
|
Logout Local |
Generated when Identity Server receives a logout command from the user. |
|
Federation Request Sent |
Generated when a service provider attempts to federate with an identity provider. |
|
Federation Request Handled |
Generated by Identity Server when processing a request for federation. |
|
Defederation Request Sent |
Generated by the identity provider when a request for defederation is sent to another provider. |
|
Defederation Request Handled |
Generated when Identity Server processes a request for defederation. |
|
Register Name Request Handled |
Generated when Identity Server processes a request for changing a name identifier. |
|
Attribute Query Request Handled |
Generated by Identity Server when processing an attribute request from a service provider. |
|
Web Service Query Handled |
Generated when a web service query request is sent to an identity provider. |
|
Web Service Modify Handled |
Generated when web service modify request is sent to an identity provider. |
|
User Account Provisioned |
Generated by Identity Server when functioning as an identity consumer and when an account has been provisioned. |
|
User Account Provisioned Failure |
Generated by Identity Server when functioning as an identity consumer and when account provisioning has failed. |
|
LDAP Connection Lost |
Generated when the LDAP connection is lost. |
|
LDAP Connection Reestablished |
Generated when the LDAP connection is reestablished. |
|
Server Started |
Generated when the server gets a start command from the server communications module. |
|
Server Stopped |
Generated when the server gets a stop command from the server communications module. |
|
Server Refreshed |
Generated when the server gets a refresh command from the server communications module. |
|
Intruder Lockout Detected |
Generated when an attempt to log in as a particular user with an invalid password has occurred more times than is allowed by the directory. |
|
Component Log Severe Messages |
Logged for all component messages with level of Severe. |
|
Component Log Warning Messages |
Logged for all component messages with level of Warning. |
|
Brokering Across Groups Denied |
Brokering authentication request denied to a target service provider. The brokering group consists of either the Identity Provider or target Service Provider, but both does not belong to the same group. |
|
Brokering Rule Evaluated to Deny |
Brokering authentication request denied to a target service provider due to broker policy evaluation resulted in denying. |
|
Brokering Handled |
The total number of brokering authentication requests handled by Identity Server when it started. |
|
WebService Request Authenticated |
Generated when a user is authenticated for requesting a token for a web service. |
|
WebService Request Authentication Failed |
Generated when a user’s authentication fails for requesting a token for a web service. |
|
Token Was Issued To WebService |
Generated when a token is issued for accessing a web service. |
|
Token Issue To WebService Failed |
Generated when a request to issue a token for accessing a web service fails. |
|
Token Was Validated To A WebService |
Generated when a token is validated for a web service. |
|
Token Validation To WebService Failed |
Generated when a token validation for accessing a web service fails. |
|
Token Renewed |
Generated when a token is renewed for a web service. |
|
Token Renew Failed |
Generated when renewing a token for a web service fails. |
|
Risk-Based Authentication Succeeded |
Generated when the rule execution succeeds. |
|
Risk-Based Authentication Failed |
Generated when the rule execution fails. |
|
Risk-Based Authentication Action Invoked |
Generated when the rule execution succeeds and the user is requested to perform additional authentication. |
|
Risk-based Pre-authentication Succeeded |
Generated when pre-authentication rule execution succeeds. |
|
Risk-based Pre-authentication Failed |
Generated when pre-authentication rule execution fails. |
|
Risk-based Pre-authentication Action Invoked |
Generated when the pre-authentication rule execution succeeds and the user is requested to perform additional authentication. |
|
Risk-based IP List Load From Datasource Failed |
Generated when fetching the IP address list from the datasource fails. |
|
Risk-based Device Fingerprint Rule Created |
Generated when a new fingerprint rule is created for a user device. |
|
Risk-based Device Fingerprint Rule Match Failed |
Generated when a device fingerprint does not match with the stored device fingerprint. |
|
OAuth & OpenID Token Issued |
Generated when an OAuth Authorization code, OAuth token, ID token, or Refresh token is issued. |
|
OAuth & OpenID Token Issue Failed |
Generated when OAuth Authorization code issue, OAuth token issue, ID Token issue, or Refresh token issue failed. |
|
OAuth Consent Provided |
Generated when OAuth consent is provided to a client application. |
|
OAuth Consent Revoked |
Generated when OAuth consent is revoked from a client application. |
|
OAuth Client Applications |
Generated when a client is registered, updated, deleted, or client registration fails. |
|
OAuth & OpenID Token Validation Success |
Generated when an OAuth and OpenID token is validated successfully. |
|
OAuth & OpenID Token Validation Failed |
Generated when an OAuth and OpenID token validation fails. |
|
OAuth Refresh Token Revocation Success |
Generated when an OAuth refresh token revocation request succeeds. |
|
OAuth Refresh Token Revocation Failed |
Generated when an OAuth refresh token revocation request fails. |
|
Authorization Code from AA Server |
Generated when an authorization code is sent from the Advanced Authentication server to Access Manager. |
|
Access Token from AA Server |
Generated when an access token is sent from the Advanced Authentication server to Access Manager. |
|
Session Assurance Device Fingerprint Match Failed |
Generated when device fingerprint match fails for an Identity Server session. |
|
Impersonation Sign-in |
Generated when a help desk user logs in as an impersonator to a user’s setup. |
|
Impersonation Sign-out |
Generated when a help desk user logs out as an impersonator from a user’s setup. |
|
Impersonation Requested |
Generated when a request is sent to a user to allow impersonating the user’s identity. |
|
Impersonation Denied by Impersonatee |
Generated when a user denies the impersonation request. |
|
Impersonation Approved by Impersonatee |
Generated when a user approves the impersonation request. |
|
Impersonation Request Canceled by Impersonator |
Generated when an impersonator cancels the impersonation request sent to an impersonatee. |
|
Impersonation Policy Failed |
Generated when a help desk user tries to access own account as an impersonator. |
|
Federation Step-up |
Events are generated based on success or failure of federated step-up authentication where Access Managers acts as a SAML 2.0 service provider. |
Click Apply > OK.
Click Servers > Update Servers.
Identity Server records the IP address of the client machine from where authentication requests originate into audit events. If the client machine is behind a proxy, then proxy IP address is logged. To log the actual client machine IP address instead of the proxy IP address, configure the RemoteIpValve in the Tomcat configuration file (server.xml) on all Identity Server instances.
The server.xml file is located at /opt/novell/nam/idp/conf/server.xml (Linux) and //Program File x(86)/Novell/Tomcat/conf/server.xml (Windows).
For more information, see Remote IP Valve.
To configure audit events to record the source IP address of the X-forwarded-header, perform the following steps:
Add the following details after the Engine element in the server.xml file:
<Engine defaultHost="localhost" name="Catalina">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="IP addresses" />Substitute the IP addresses with the IP address of the proxy and load balancer.
Restart Tomcat by running the rcnovell-idp restart command.