Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14546

SSOADM access not audited to the ssoadm.access logs anymore

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 14.1.0, 14.1.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.0.0.6
    • Fix Version/s: 6.5.1, 14.1.2, 6.0.1, 7.0.0, 5.5.2
    • Component/s: ssoadm
    • Labels:
    • Environment:
      Using any ssoadm including the ones in AM6 AM-SSOAdminTools-5.1.1.5.zip
    • Sprint:
      AM Sustaining Sprint 60, AM Sustaining Sprint 61
    • Story Points:
      1
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When legacy logging is enabled so that all ssoadm activity is audited, the ssoadm audit log is not empty. There is an exception like this

      amLog:03/06/2019 11:30:41:922 AM SGT: Thread[main,5,main]: TransactionId[unknown
      ]
      ERROR: Logger:processNewLoggerObject:Could not instantiate handler: com.sun.iden
      tity.log.handlers.FileHandler
      java.lang.reflect.InvocationTargetException
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
      orAccessorImpl.java:62)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
      onstructorAccessorImpl.java:45)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
              at com.sun.identity.log.Logger.processNewLoggerObject(Logger.java:209)
              at com.sun.identity.log.Logger.getLogger(Logger.java:473)
              at com.sun.identity.cli.LogWriter.log(LogWriter.java:138)
              at com.sun.identity.cli.Authenticator.ldapLogin(Authenticator.java:167)
              at com.sun.identity.cli.AuthenticatedCommand.ldapLogin(AuthenticatedComm
      and.java:151)
              at com.sun.identity.cli.serverconfig.ListServers.handleRequest(ListServe
      rs.java:60)
              at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
              at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
              at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
              at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:585)
              at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:182)
              at com.sun.identity.cli.CommandManager.main(CommandManager.java:159)
      Caused by: com.google.inject.ConfigurationException: Guice configuration errors:
      
      
      1) No implementation for java.security.PrivilegedAction<com.iplanet.sso.SSOToken> was bound.
        while locating java.security.PrivilegedAction<com.iplanet.sso.SSOToken>
          for parameter 0 at com.iplanet.services.naming.ServiceListeners.<init>(Unknown Source)
        while locating com.iplanet.services.naming.ServiceListeners
          for parameter 0 at com.sun.identity.monitoring.MonitoringConfig.<init>(Unknown Source)
        while locating com.sun.identity.monitoring.MonitoringConfig
          for parameter 0 at com.sun.identity.monitoring.MonitoringManager.<init>(Unknown Source)
        while locating com.sun.identity.monitoring.MonitoringManager
      1 error
              at com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:1004)
              at com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:961)
              at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013)
              at org.forgerock.guice.core.InjectorHolder.getInstance(InjectorHolder.java:72)
              at com.sun.identity.monitoring.MonitoringUtil.isRunning(MonitoringUtil.java:58)
              at com.sun.identity.log.handlers.FileHandler.<init>(FileHandler.java:394)
              ... 16 more
      

      How to reproduce the issue

      1. Enable legacy Logging (Global settings > Logging) so that legacy logging is enabled
      2. Now test running ssoadm list-server
      3. Observe on the ssoadm log directory the file ssoadm.access contents
      Expected behaviour
      There is some audit information of what ssoadm ran
      
      Current behaviour
      There is no logged content. File may be created but it is always size 0
      

      Work around

      None.

      Code analysis

      FileHandler.java
      The FileHandler should not need to use the MonitoringUtil
      

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: