This event is generated when you select theoption under on the Logging page of an Identity Server configuration. Use the field and the field to determine whether the failure came from a contract, SAML 1.1, SAML 2.0, or Liberty.
Description: NIDS: User session authentication failed. This string plus one of the following phrases: for a contract failure, Contract Execution; for a SAML 1.1 failure, SAML Assertion; for a SAML 2.0 failure, SAML2 SSO; for a Liberty failure, Liberty SSO.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Authentication Contract Name Data Description: Contract URI
SubTarget (Y): Schema Title: User Identifier Data Description: User DN
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Reason Data Description: Reason Message
Text3 (F): Schema Title: Authentication Source Data Description: Contains a JSON object comprising information such as user agent, cluster ID for Identity Server, service provider name, and PID. For a contract, contains the authentication method name; for Liberty, contains the service provider IP; for SAML 1.1, contains the SAML assertion issuer; for SAML 2.0, contains the service provider IP.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication failed.