The audit event "AM-LOGIN-COMPLETED" is logged to the authentication topic when an authentication chain completes. Unfortunately, it does not log the name of the chain used for login. Assuming that a chain was explicitly specified via a query parameter, this information is available in the http.request.queryParameters field of the associated access event (linked by having the same transactionId value).
Note. that the audit event "AM-TREE-LOGIN-COMPLETED" does not suffer from this issue. The name of the tree used for login is recorded as part of that event.
Details steps outlining how to recreate the issue (remove this text)
- Login to AM using an authentication chain
- Locate an "AM-LOGIN-COMPLETED" event
The method getAuditEntryDetail logs the index type (e.g. "service") but does not log the index value (e.g. "ldapService"). Note that the code for logging index type actually only works when the index type was explicitly specified. When the index type is not specified (e.g. using default login service) then the index type is not reported.