Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12293

Audit logging no longer logs REST operation details

    Details

    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51, AM Sustaining Sprint 52
    • Story Points:
      3
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes

      Description

      Common Audit logging no longer logs REST operation details, as it used to in 13.5.x common audit logging.

      For example, creating a user profile:

      curl --request POST --header iPlanetDirectoryPro:"AQIC5wM2LY4SfcyNNkMoTvcyoSWxxz3TFv8bG1RjM1VcV_8.*AAJTSQACMDEAAlNLABMxNzc2ODEzMzQ5MDQwODc2Njc5AAJTMQAA*" --header "Content-Type: application/json" --data '{ "username": "tester2", "uName" : "tester2","telephoneNumber":[], "userPassword": "password"}' http://openam.example.com:8080/openam/json/users/?_action=create
      

      13.5.x: 

      ==> 13.5.x access.csv <==
      "8d1b010d-ee0f-43cb-a502-e63ebd652d21-3331","2017-12-18T15:34:27.465Z","AM-ACCESS-OUTCOME","8d1b010d-ee0f-43cb-a502-e63ebd652d21-3329","id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","[""c149751683ee29d001""]","127.0.0.1","8080","127.0.0.1","39156","CREST","CREATE",,"false","POST","http://openam.example.com:8080/openam/json/users/","{""_action"":[""create""]}","{""accept"":[""*/*""],""Accept-API-Version"":[""protocol=1.0""],""host"":[""openam.example.com:8080""],""user-agent"":[""curl/7.29.0""]}","{}",,"SUCCESSFUL",,,"13","MILLISECONDS","Users","/"
      {"username":"tester2","realm":"/","uid":["tester2"],"universalid":["id=tester2,ou=user,dc=openam,dc=forgerock,dc=org"],"objectClass":["iplanet-am-managed-person","inetuser","sunFederationManagerDataStore","sunFMSAML2NameIdentifier","devicePrintProfilesContainer","inetorgperson","sunIdentityServerLibertyPPService","iPlanetPreferences","pushDeviceProfilesContainer","iplanet-am-user-service","forgerock-am-dashboard-service","organizationalperson","top","kbaInfoContainer","sunAMAuthAccountLockout","person","oathDeviceProfilesContainer","iplanet-am-auth-configuration-service"],"inetUserStatus":["Active"],"dn":["uid=tester2,ou=people,dc=openam,dc=forgerock,dc=org"],"sn":["tester2"],"cn":["tester2"],"createTimestamp":["20171218153534Z"]}
      
      

      The same create operation on 5.1/5.5.1:

      ==> 5.5.1 access.audit.json <==
      {"realm":"/","transactionId":"c5d656e7-8fa5-4735-8cd4-77c19d4a158c-1716","client":{"ip":"192.168.56.1","port":51285},"server":{"ip":"192.168.56.103","port":8080},"http":{"request":{"secure":false,"method":"POST","path":"http://openam.example.com:8080/openam/json/users/","queryParameters":{"_action":["create"]},"headers":{"accept":["*/*"],"Accept-API-Version":["protocol=2.1"],"host":["openam.example.com:8080"],"user-agent":["curl/7.54.0"]},"cookies":{}}},"request":{"protocol":"CREST","operation":"CREATE"},"timestamp":"2018-01-08T13:54:14.848Z","eventName":"AM-ACCESS-OUTCOME","component":"Users","response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":72,"elapsedTimeUnits":"MILLISECONDS"},"userId":"id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org","trackingIds":["245e0ed6e481dc7501"],"_id":"c5d656e7-8fa5-4735-8cd4-77c19d4a158c-1731"}
      
      

       
      Without the additional logging, it is not possible to identify which user has been created or updated from the audit logs anymore. This is key for Audit logging to be useful for auditing and process compliance.

      Expected Outcome
      Details of the REST operation should be logged, as in 13.5.x

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                john.noble John Noble
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: