Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14603

Audit Log does not Logged when Create UMA Policy with incorrect format

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.0.0.2
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      The current audit log does not logged information when user create UMA policy with incorrect format such as incorrect/without SSO Token ID etc.

      How to reproduce the issue

      1. Following the documentation Register an UMA Resource Set (https://backstage.forgerock.com/docs/am/6/uma-guide/#register-an-uma-resource-set)
      2. Register an UMA Resource Set without token bearer 
      curl -X POST \
        http://am.example.com:8080/openam/uma/resource_set \
        -H 'Cache-Control: no-cache' \
        -H 'Content-Type: application/json' \
        -d '{
        "resource_scopes": [
              "read", "write"
          ],
          "name": "my resource 111",
          "type": "type",
          "uri": "http://rs.example.com/alice/myresource111"
      }'
      

      Audit log

      {"realm":"/","transactionId":"a459dc38-0820-4c1a-9996-4803c8e8a4ca-17526","timestamp":"2019-03-13T03:08:58.317Z","eventName":"AM-ACCESS-OUTCOME","component":"OAuth","response":{"status":"FAILED","statusCode":"401","elapsedTime":9,"elapsedTimeUnits":"MILLISECONDS","detail":{"reason":"The request requires user authentication"}},"client":{"ip":"127.0.0.1","port":59865},"server":{"ip":"127.0.0.1","port":8080},"http":{"request":{"secure":false,"method":"POST","path":"http://am.example.com:8080/openam/uma/resource_set","queryParameters":{},"headers":{"accept":["*/*"],"host":["am.example.com:8080"],"postman-token":["1aaccfdb-4ccd-4cf5-93c1-bfedd6aeb312"],"user-agent":["PostmanRuntime/7.6.0"]},"cookies":{}}},"_id":"a459dc38-0820-4c1a-9996-4803c8e8a4ca-17528"}
      
      1. Register an UMA Resource Set without IPlanetDirectoryPro Cookie:
      curl -X PUT \
        http://am.example.com:8080/openam/json/users/alice/uma/policies/e5bc40df-e70d-4ae9-b482-a6a4faa4cd6c0 \
        -H 'Accept-API-Version: resource=1.0' \
        -H 'Cache-Control: no-cache' \
        -H 'Content-Type: application/json' \
        -H 'If-None-Match: *' \
        -d '{
          "policyId": "e5bc40df-e70d-4ae9-b482-a6a4faa4cd6c0",
          "permissions":
          [
            {
              "subject": "bob",
              "scopes": [
                "read",
                "write"
              ]
            }
          ]
        }'
      
      Expected behaviour
      Audit log should logged the information
      Current behaviour
      Audit log does not logged the information

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              wanning.tan WanNing Tan
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: