Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10346

Audit logging entries missing if federation changes are done using ssoadm command in sub-realms.

    Details

    • Sprint:
      AM Sustaining Sprint 34, AM Sustaining Sprint 35, AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38
    • Story Points:
      3
    • Needs backport:
      No
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Audit logging entries are missing if federation changes(like creation and deletion of COT & Providers) are done using ssoadm script in sub-realms.

      1) Enable CSV audit logging.

      2) Create a sub realm (E.g mytestrealm)

      3) Create a Circle of Trust, Hosted Service Provider and delete SP and COT in the top realm using ssoadm

      4) Backup the logs

      5) Create a Circle of Trust, Hosted Service Provider and delete SP and COT in the sub realm using ssoadm.

      Compare the logs generated at Step 5 with Step 3 and some of the log entries are missing. Deletion of providers and cot are missing.

      • "1e224a5c-54e3-4296-90db-0b243c6d571f-188","2017-01-06T19:30:52.752Z","AM-ACCESS-OUTCOME","b66c473e-2760-4156-b8e7-e50539add8db-0","id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","[""ba8 1d18b95bc2ceb01""]",,,,,"ssoadm","CREATE_COT"," {""circle of trust"":""TOP_COT"",""trusted providers"":""[]"",""prefix url for idp discovery reader and writer url"":null}

        ",,,,,,,,"SUCCESSFUL ",,,,,"ssoadm","/"

      -access.csv:43:"1e224a5c-54e3-4296-90db-0b243c6d571f-329","2017-01-06T19:31:00.412Z","AM-ACCESS-OUTCOME","5ef5c8d8-97ab-4927-afd1-08886dc469f6-0","id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","[""5e204bb4da2962d201""]",,,,,"ssoadm","IMPORT_ENTITY","

      {""file name for the standard metadata to be imported"":""./top_sp_standard.xml"",""file name for the extended entity configuration to be imported"":""./top_sp_extended.xml"",""name of the circle of trust this entity belongs"":""TOP_COT"",""protocol specification"":""saml2""}

      ",,,,,,,,"SUCCESSFUL",,,,,"ssoadm","/"
      access.csv:54:"1e224a5c-54e3-4296-90db-0b243c6d571f-403","2017-01-06T19:31:04.242Z","AM-ACCESS-OUTCOME","319519e8-2731-4eca-8fa9-4b6a72f12b5f-0","id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","[""33279720817781ce01""]",,,,,"ssoadm","DELETE_ENTITY","

      {""entity id"":""TOP_SP"",""protocol specification"":""saml2""}

      ",,,,,,,,"SUCCESSFUL",,,,,"ssoadm","/"
      access.csv:65:"1e224a5c-54e3-4296-90db-0b243c6d571f-470","2017-01-06T19:31:07.892Z","AM-ACCESS-OUTCOME","e28b5897-7d21-454b-8ce2-40e2c741fdfd-0","id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","[""1429a003cffa554101""]",,,,,"ssoadm","DELETE_COT","

      {""circle of trust"":""TOP_COT""}

      ",,,,,,,,"SUCCESSFUL",,,,,"ssoadm","/"

        Attachments

          Activity

            People

            • Assignee:
              markdr Mark de Reeper
              Reporter:
              kamal.sivanandam@forgerock.com Kamal Sivanandam
              QA Assignee:
              Filip Kubáň [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: