Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12137

Disabling audit log does not always work

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.5.2
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:

      Description

      Disabling the audit logging using the rest api does not always work.
      To reproduce run the performance tests against AM 13.5.2-M9

      ./run-pybot.py   -c perf -s *AuthN.ExternalDJ AM
      

      The test will fail here:

      20171123 16:19:06.965 - INFO - Disabling audit logging
      20171123 16:19:06.965 - DEBUG - http -v --follow --all PUT "http://openam.example.com:8081/openam/json/global-config/services/audit" Content-type:"application/json" Accept-API-Version:"protocol=1.0,resource=1.0" Cookie:iPlanetDirectoryPro=AQIC5wM2LY4SfczZNRUzBb4o5h2B-AAMXZl0A7O3Dx4aUig.*AAJTSQACMDEAAlNLABQtMzMxNzQxMDEyMjAyMTY1ODIyNgACUzEAAA..*;amlbcookie=01
      20171123 16:19:06.965 - DEBUG - {"auditEnabled": false}
      20171123 16:19:06.966 - WARN - Unexpected audit logging state 'False'. Sleep 10 sec and try again to read it
      20171123 16:19:15.995 - DEBUG - http -v --follow --all "http://openam.example.com:8081/openam/json/global-config/services/audit" Content-type:"application/json" Accept-API-Version:"protocol=1.0,resource=1.0" Cookie:iPlanetDirectoryPro=AQIC5wM2LY4SfczZNRUzBb4o5h2B-AAMXZl0A7O3Dx4aUig.*AAJTSQACMDEAAlNLABQtMzMxNzQxMDEyMjAyMTY1ODIyNgACUzEAAA..*;amlbcookie=01
      20171123 16:19:15.995 - WARN - Installing product failed: Invalid value 'True' for name in json response (expected False)
      

      Because

      {"auditEnabled": true}

      is returned.

      You can see what is happening from the snoop log below:

      #
      T 127.0.0.1:47908 -> 127.0.0.1:8081 [AP]
      PUT /openam/json/global-config/services/audit HTTP/1.1.
      Host: openam.example.com:8081.
      Connection: keep-alive.
      Accept-Encoding: gzip, deflate.
      Accept: */*.
      User-Agent: python-requests/2.18.4.
      Content-type: application/json.
      Accept-API-Version: protocol=1.0,resource=1.0.
      Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczZNRUzBb4o5h2B-AAMXZl0A7O3Dx4aUig.*AAJTSQACMDEAAlNLABQtMzMxNzQxMDEyMjAyMTY1ODIyNgACUzEAAA..*; amlbcookie=01.
      Content-Length: 23.
      .
      {"auditEnabled": false}
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      HTTP/1.1 200 OK.
      Server: Apache-Coyote/1.1.
      Cache-Control: no-cache.
      Content-API-Version: resource=1.0.
      ETag: "74088148".
      Content-Type: application/json;charset=UTF-8.
      Transfer-Encoding: chunked.
      Date: Thu, 23 Nov 2017 15:19:05 GMT.
      .
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      89b.
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      {"auditEnabled":true,"fieldFilterPolicy":["/access/http/request/queryParameters/tokenId","/access/http/request/headers/cache-control","/access/http/request/queryParameters/redirect_uri","/access/http/request/queryParameters/Login.Token1","/access/http/request/headers/accept-language","/config/before","/access/http/request/headers/%AM_AUTH_COOKIE_NAME%","/config/after","/access/http/request/queryParameters/access_token","/access/http/request/headers/X-OpenAM-Password","/access/http/request/queryParameters/id_token_hint","/access/http/request/headers/proxy-authorization","/access/http/request/queryParameters/IDToken1","/access/http/request/queryParameters/requester","/access/http/request/headers/connection","/access/http/request/queryParameters/sessionUpgradeSSOTokenId","/access/http/request/headers/content-type","/access/http/request/cookies/%AM_COOKIE_NAME%","/access/http/request/headers/accept-encoding","/access/http/request/headers/authorization","/access/http/request/headers/content-length","/access/http/request/headers/%AM_COOKIE_NAME%"],"defaults":{"auditEnabled":true,"fieldFilterPolicy":["/access/http/request/queryParameters/tokenId","/access/http/request/headers/cache-control","/access/http/request/queryParameters/redirect_uri","/access/http/request/queryParameters/Login.Token1","/access/http/request/headers/accept-language","/config/before","/access/http/request/headers/%AM_AUTH_COOKIE_NAME%","/config/after","/access/http/request/queryParameters/access_token","/access/http/request/headers/X-OpenAM-Password","/access/http/request/queryParameters/id_token_hint","/access/http/request/headers/proxy-authorization","/access/http/request/queryParameters/IDToken1","/access/http/request/queryParameters/requester","/access/http/request/headers/connection","/access/http/request/queryParameters/sessionUpgradeSSOTokenId","/access/http/request/headers/content-type","/access/http/request/cookies/%AM_COOKIE_NAME%","/access/http/request/headers/accept-encoding","/access/http/request/headers/authorization","/access/http/request/headers/content-length","/access/http/request/headers/%AM_COOKIE_NAME%"]},"_id":"","_type":{"_id":"audit","name":"Audit Logging","collection":false}}
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      .
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      0.
      .
      #
      T 127.0.0.1:47908 -> 127.0.0.1:8081 [AP]
      GET /openam/json/global-config/services/audit HTTP/1.1.
      Host: openam.example.com:8081.
      Connection: keep-alive.
      Accept-Encoding: gzip, deflate.
      Accept: */*.
      User-Agent: python-requests/2.18.4.
      Content-type: application/json.
      Accept-API-Version: protocol=1.0,resource=1.0.
      Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczZNRUzBb4o5h2B-AAMXZl0A7O3Dx4aUig.*AAJTSQACMDEAAlNLABQtMzMxNzQxMDEyMjAyMTY1ODIyNgACUzEAAA..*; amlbcookie=01.
      Content-Length: 2.
      .
      {}
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      HTTP/1.1 200 OK.
      Server: Apache-Coyote/1.1.
      Cache-Control: no-cache.
      Content-API-Version: resource=1.0.
      ETag: "320779625".
      Content-Type: application/json;charset=UTF-8.
      Transfer-Encoding: chunked.
      Date: Thu, 23 Nov 2017 15:19:15 GMT.
      .
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      89b.
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      {"auditEnabled":true,"fieldFilterPolicy":["/access/http/request/queryParameters/tokenId","/access/http/request/headers/cache-control","/access/http/request/queryParameters/redirect_uri","/access/http/request/queryParameters/Login.Token1","/access/http/request/headers/accept-language","/config/before","/access/http/request/headers/%AM_AUTH_COOKIE_NAME%","/config/after","/access/http/request/queryParameters/access_token","/access/http/request/headers/X-OpenAM-Password","/access/http/request/queryParameters/id_token_hint","/access/http/request/headers/proxy-authorization","/access/http/request/queryParameters/IDToken1","/access/http/request/queryParameters/requester","/access/http/request/headers/connection","/access/http/request/queryParameters/sessionUpgradeSSOTokenId","/access/http/request/headers/content-type","/access/http/request/cookies/%AM_COOKIE_NAME%","/access/http/request/headers/accept-encoding","/access/http/request/headers/authorization","/access/http/request/headers/content-length","/access/http/request/headers/%AM_COOKIE_NAME%"],"defaults":{"auditEnabled":true,"fieldFilterPolicy":["/access/http/request/queryParameters/tokenId","/access/http/request/headers/cache-control","/access/http/request/queryParameters/redirect_uri","/access/http/request/queryParameters/Login.Token1","/access/http/request/headers/accept-language","/config/before","/access/http/request/headers/%AM_AUTH_COOKIE_NAME%","/config/after","/access/http/request/queryParameters/access_token","/access/http/request/headers/X-OpenAM-Password","/access/http/request/queryParameters/id_token_hint","/access/http/request/headers/proxy-authorization","/access/http/request/queryParameters/IDToken1","/access/http/request/queryParameters/requester","/access/http/request/headers/connection","/access/http/request/queryParameters/sessionUpgradeSSOTokenId","/access/http/request/headers/content-type","/access/http/request/cookies/%AM_COOKIE_NAME%","/access/http/request/headers/accept-encoding","/access/http/request/headers/authorization","/access/http/request/headers/content-length","/access/http/request/headers/%AM_COOKIE_NAME%"]},"_id":"","_type":{"_id":"audit","name":"Audit Logging","collection":false}}
      #
      T 127.0.0.1:8081 -> 127.0.0.1:47908 [AP]
      .
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              gary.williams Gary Williams
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: