-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.0.0
-
Fix Version/s: 6.5.0
-
Component/s: audit logging, authentication, monitoring, trees
-
Target Version/s:
-
Needs backport:No
-
Needs QA verification:Yes
-
Functional tests:No
-
Are the reproduction steps defined?:Yes but I used my own steps. (If so, please add them in a new comment)
Bug description
From static analysis, it appears that org.forgerock.openam.core.rest.authn.trees.SuccessProcessTreeResult#process and org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult#process exit without auditing or monitoring the authentication outcome when the authentication is in support of transactional authorization.
How to reproduce the issue
- Perform transactional authorization using an authentication tree to perform the authentication
- Check the authentication audit log and authentication monitoring metrics after completing the authentication part of transactional authorization
Expected behaviour
The outcome should update audit logs and metrics.
Current behaviour
The outcome likely does not update audit logs and metrics. (needs to be confirmed by investigation).
Work around
N/A
Code analysis
N/A