Failure Reason in Logs, Chain vs Tree

This topic contains 2 replies, has 2 voices, and was last updated by  william.hepler 10 hours, 20 minutes ago.

  • Author
    Posts
  • #26623
     reeprice 
    Participant

    I am trying to understand if its possible to have Failure Reason in the Authentication Audit logs for Authentication Trees?

    When using simple LDAP chain login the log file shows “Failure Reason”

    {"realm":"/test","transactionId":"e35e6667-e938-418a-bfcf-9093da584647-37743","component":"Authentication","eventName":"AM-LOGIN-MODULE-COMPLETED","result":"FAILED","entries":[{"moduleId":"DataStore","info":{"authControlFlag":"REQUIRED","moduleClass":"DataStore","failureReason":"INVALID_PASSWORD","ipAddress":"100.71.10.14","authLevel":"0"}}],"principal":["dev2@tex.gov"],"timestamp":"2019-10-03T18:48:04.231Z","trackingIds":["e35e6667-e938-418a-bfcf-9093da584647-37738"],"_id":"e35e6667-e938-418a-bfcf-9093da584647-37745"}
    {"realm":"/test","transactionId":"e35e6667-e938-418a-bfcf-9093da584647-37743","component":"Authentication","eventName":"AM-LOGIN-COMPLETED","result":"FAILED","entries":[{"moduleId":"DataStore","info":{"failureReason":"INVALID_PASSWORD","ipAddress":"100.71.10.14","authLevel":"0"}}],"principal":["dev2@tex.gov"],"timestamp":"2019-10-03T18:48:04.234Z","trackingIds":["e35e6667-e938-418a-bfcf-9093da584647-37738"],"_id":"e35e6667-e938-418a-bfcf-9093da584647-37747"}

    When I change the login to a simple Tree with just page node (username,password collector) and the data store decision. Failure reason is no longer displayed in logs

    {"realm":"/Test","transactionId":"e35e6667-e938-418a-bfcf-9093da584647-37767","component":"Authentication","eventName":"AM-NODE-LOGIN-COMPLETED","entries":[{"info":{"nodeOutcome":"outcome","treeName":"test","displayName":"Page Node","nodeType":"PageNode","nodeId":"56b52a2c-abbd-4ffd-b662-46bbeee91511","authLevel":"0"}}],"principal":["dev2@tex.gov"],"timestamp":"2019-10-03T18:48:18.044Z","trackingIds":["e35e6667-e938-418a-bfcf-9093da584647-37760"],"_id":"e35e6667-e938-418a-bfcf-9093da584647-37769"}
    {"realm":"/Test","transactionId":"e35e6667-e938-418a-bfcf-9093da584647-37767","component":"Authentication","eventName":"AM-NODE-LOGIN-COMPLETED","entries":[{"info":{"nodeOutcome":"false","treeName":"test","displayName":"Data Store Decision","nodeType":"DataStoreDecisionNode","nodeId":"d4601dfd-019c-4ff2-88ef-35e1db29460a","authLevel":"0"}}],"principal":["dev2@tex.gov"],"timestamp":"2019-10-03T18:48:18.203Z","trackingIds":["e35e6667-e938-418a-bfcf-9093da584647-37760"],"_id":"e35e6667-e938-418a-bfcf-9093da584647-37771"}
    {"realm":"/Test","transactionId":"e35e6667-e938-418a-bfcf-9093da584647-37767","component":"Authentication","eventName":"AM-TREE-LOGIN-COMPLETED","result":"FAILED","entries":[{"info":{"treeName":"test","ipAddress":"100.71.10.14","authLevel":"0"}}],"principal":["dev2@tex.gov"],"timestamp":"2019-10-03T18:48:18.204Z","trackingIds":["e35e6667-e938-418a-bfcf-9093da584647-37760"],"_id":"e35e6667-e938-418a-bfcf-9093da584647-37775"}

    Does anyone have some advise or course of action to get this piece of data while using auth trees?

    • This topic was modified 1 week, 6 days ago by  reeprice.
    #26882
     william.hepler 
    Participant

    Wouldn’t the failure still be clear as:

    “nodeOutcome”:”false”
    “nodeType”:”DataStoreDecisionNode”

    With trees there’s less of a standard one way to fail. Reporting the failed Node instead of “invalid password” would make sense to me. But are you wanting “Was it a invalid password vs. invalid username?”

    #26883
     william.hepler 
    Participant

    The only other option maybe covered here:
    https://backstage.forgerock.com/docs/am/6.5/auth-nodes/#auditing-nodes

    to add more low level details to a node.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?