This event is generated when you select the Web Service Query Handled option under Audit Logging on the Logging page of an Identity Server configuration. Identity Server uses this event for two types of web service queries:
Discovery: This is a query to discover a service. For this type of query, the Group (G) field is not used. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.
Profile: This is a query to get attributes for a user from a profile (personal, credential, etc.). For this type of query, the Group (G) field contains a GroupingID for all attributes selected in the request. A separate event is generated for each attribute select list in the request. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.
Description: NIDS: Web Service query
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier Data Description: Requesting Provider ID
Text2 (T): Schema Title: Select String Data Description: Requested attributes; select string
Text3 (F): Schema Title: Service Identifier Data Description: Web Service URI
Value1 (1): Schema Title: Local Data Description: 0 – Remote 1 – Local
Group (G): Schema Title: Query Group Data Description: If this is a profile query, it contains the grouping ID for all attributes selected in this request. Otherwise, this field is not used in the event.
Data Length (X): 0
Data (D): null