Tagged: ,

This topic has 0 replies, 1 voice, and was last updated 5 years ago by abarry.

  • Author
    Posts
  • #18918
     abarry
    Participant

    Hello,
    I’m trying to understand the log file generated when user allow or deny access to his personal data.
    Before doing this use case, I logged in the user (paul) and deleted all log files. That way I can have logs for only consent action…
    When paul allows access the file access.audit.json is created and it contains that :

    {"realm":"/openLDAP","timestamp":"2017-09-20T12:37:41.065Z","transactionId":"3240327b-293e-4ad4-aded-77721ca0685a-73550","eventName":"AM-ACCESS-OUTCOME","component":"OAuth","userId":"id=paul,ou=user,o=openldap,ou=services,dc=openam,dc=forgerock,dc=org","response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":108,"elapsedTimeUnits":"MILLISECONDS"},"client":{"ip":"xxxxx","port":xxxx},"server":{"ip":"xxxxxxxxxx","port":xxxx},"http":{"request":{"secure":false,"method":"GET","path":"http://openam.test.com:8080/openam/oauth2/authorize","queryParameters":{"response_type":["code"],"client_id":["agent2"],"realm":["%2FopenLDAP"],"scope":["profile+email"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"host":["openam.test.com:8080"],"referer":["http://uma.test.com/umaTestAppli/userInfoStepByStep.php"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"]},"cookies":{"JSESSIONID":"0B1C6337215D33FB9C2A9FAE85A7A980","_ga":"GA1.2.1158446660.1501594042","amlbcookie":"01","i18next":"en-US"}}},"trackingIds":["4accc543ecd57d2001"],"_id":"3240327b-293e-4ad4-aded-77721ca0685a-73556"}
    {"realm":"/openLDAP","timestamp":"2017-09-20T12:37:43.415Z","transactionId":"3240327b-293e-4ad4-aded-77721ca0685a-73558","eventName":"AM-ACCESS-OUTCOME","component":"OAuth","userId":"id=paul,ou=user,o=openldap,ou=services,dc=openam,dc=forgerock,dc=org","response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":27,"elapsedTimeUnits":"MILLISECONDS"},"client":{"ip":"xxxx","port":xxxx},"server":{"ip":"xxxx","port":xxxx},"http":{"request":{"secure":false,"method":"POST","path":"http://openam.test.com:8080/openam/oauth2/authorize","queryParameters":{"response_type":["code"],"client_id":["agent2"],"realm":["%2FopenLDAP"],"scope":["profile+email"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"host":["openam.test.com:8080"],"origin":["http://openam.test.com:8080"],"referer":["http://openam.test.com:8080/openam/oauth2/authorize?response_type=code&client_id=agent2&realm=%2FopenLDAP&redirect_uri=http%3A%2F%2Fuma.test.com%2FumaTestAppli%2FuserInfoStepByStep.php&scope=profile+email"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"]},"cookies":{"JSESSIONID":"0B1C6337215D33FB9C2A9FAE85A7A980","_ga":"GA1.2.1158446660.1501594042","amlbcookie":"01","i18next":"en-US"}}},"trackingIds":["4accc543ecd57d2001","3240327b-293e-4ad4-aded-77721ca0685a-73557"],"_id":"3240327b-293e-4ad4-aded-77721ca0685a-73562"}

    When he denied access I also got access.audit.json and it contains that :

    {"realm":"/openLDAP","timestamp":"2017-09-20T12:39:29.414Z","transactionId":"3240327b-293e-4ad4-aded-77721ca0685a-73957","eventName":"AM-ACCESS-OUTCOME","component":"OAuth","userId":"id=paul,ou=user,o=openldap,ou=services,dc=openam,dc=forgerock,dc=org","response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":55,"elapsedTimeUnits":"MILLISECONDS"},"client":{"ip":"xxxxx","port":xxxx},"server":{"ip":"xxxx","port":xxx},"http":{"request":{"secure":false,"method":"GET","path":"http://openam.test.com:8080/openam/oauth2/authorize","queryParameters":{"response_type":["code"],"client_id":["agent2"],"realm":["%2FopenLDAP"],"scope":["profile+email"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"host":["openam.test.com:8080"],"referer":["http://uma.test.com/umaTestAppli/userInfoStepByStep.php?code=ff64381f-1a51-46ab-a494-0647abb06937&scope=profile%20email&iss=http%3A%2F%2Fopenam.test.com%3A8080%2Fopenam%2Foauth2%2FopenLDAP&client_id=agent2"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"]},"cookies":{"JSESSIONID":"0B1C6337215D33FB9C2A9FAE85A7A980","_ga":"GA1.2.1158446660.1501594042","amlbcookie":"01","i18next":"en-US"}}},"trackingIds":["4accc543ecd57d2001"],"_id":"3240327b-293e-4ad4-aded-77721ca0685a-73963"}
    {"realm":"/openLDAP","timestamp":"2017-09-20T12:39:32.255Z","transactionId":"3240327b-293e-4ad4-aded-77721ca0685a-73964","eventName":"AM-ACCESS-OUTCOME","component":"OAuth","userId":"id=paul,ou=user,o=openldap,ou=services,dc=openam,dc=forgerock,dc=org","response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":18,"elapsedTimeUnits":"MILLISECONDS"},"client":{"ip":"xxxx","port":xxxx},"server":{"ip":"xxxxx","port":xxx},"http":{"request":{"secure":false,"method":"POST","path":"http://openam.test.com:8080/openam/oauth2/authorize","queryParameters":{"response_type":["code"],"client_id":["agent2"],"realm":["%2FopenLDAP"],"scope":["profile+email"]},"headers":{"accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"host":["openam.test.com:8080"],"origin":["http://openam.test.com:8080"],"referer":["http://openam.test.com:8080/openam/oauth2/authorize?response_type=code&client_id=agent2&realm=%2FopenLDAP&redirect_uri=http%3A%2F%2Fuma.test.com%2FumaTestAppli%2FuserInfoStepByStep.php&scope=profile+email"],"upgrade-insecure-requests":["1"],"user-agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"]},"cookies":{"JSESSIONID":"0B1C6337215D33FB9C2A9FAE85A7A980","_ga":"GA1.2.1158446660.1501594042","amlbcookie":"01","i18next":"en-US"}}},"trackingIds":["4accc543ecd57d2001"],"_id":"3240327b-293e-4ad4-aded-77721ca0685a-73966"}

    There is no information showing that paul allowed or denied the access. And it’s the only file created for this action. Do I need to do some configuration ? where openam save the authorization code that it retrieves after user’s consent ?
    Thank you in advance for your help.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?