Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13004

Transactional Authorization tree authentication outcomes do not appear to be audited or monitored

    Details

    • Target Version/s:
    • Needs backport:
      No
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      From static analysis, it appears that org.forgerock.openam.core.rest.authn.trees.SuccessProcessTreeResult#process and org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult#process exit without auditing or monitoring the authentication outcome when the authentication is in support of transactional authorization.

      How to reproduce the issue

      1. Perform transactional authorization using an authentication tree to perform the authentication
      2. Check the authentication audit log and authentication monitoring metrics after completing the authentication part of transactional authorization
      Expected behaviour
      The outcome should update audit logs and metrics.
      
      Current behaviour
      The outcome likely does not update audit logs and metrics. (needs to be confirmed by investigation).
      

      Work around

      N/A

      Code analysis

      N/A

        Attachments

          Activity

            People

            • Assignee:
              jay.bowers Jay Bowers
              Reporter:
              craig.mcdonnell Craig McDonnell
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: