Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15832

AM 6.5.2.2 's syslog is missing Agent 5 's authenticated username

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 6.5.2.2
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
    • Target Version/s:
    • Sprint:
      AM Sustaining Sprint 71
    • Story Points:
      3
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      AM 6.5.2.2 's syslog is missing Agent 5 's username

      How to reproduce the issue

      Setup Agent 5.6.1.1/5.6.2.0 with AM 6.5.2.2

      https://backstage.forgerock.com/docs/am/6.5/maintenance-guide/#configuring-audit-logging

      To setup rsyslog in Centos 7, reference this article note 

      https://www.tecmint.com/setup-rsyslog-client-to-send-logs-to-rsyslog-server-in-centos-7/

      Made the following change too

       

      #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat  <== uncomment
      
      $ActionFileDefaultTemplate RSYSLOG_DebugFormat
      

       

      local7.* /var/log/boot.log
      local5.* /:q!
      sam.log

       

      Access agent 5 's protected page using a demo username

      This appear in the audit access log of AM 6.5.2.2

      {"timestamp":"2020-01-10T06:44:47Z","transactionId":"aa4221a8-c09f-57f8-588b-3579be19d799","trackingIds":["ec9509ca-3c21-466f-b5d7-47965ab1b985-5363"],"eventName":"AM-ACCESS-OUTCOME","component":"Web Policy Agent","realm":"/","user":"demo","request":{"protocol":"http","method":"GET"},"server":{"ip":"172.28.1.112","port":8000},"client":{"ip":"172.28.1.37"},"http":{"request":{"secure":false,"method":"GET","path":"/","cookies":"am-auth-jwt=eyJ0eXAiOiJKV1QiLCJraWQiOiJiL082T3ZWdjEreStXZ3JINVVpOVdUaW9MdDA9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJkZW1vIiwiYXVkaXRUcmFja2luZ0lkIjoiZWM5NTA5Y2EtM2MyMS00NjZmLWI1ZDctNDc5NjVhYjFiOTg1LTUzNjMiLCJpc3MiOiJodHRwOi8vb3BlbmFtLmludGVybmFsLmV4YW1wbGUuY29tOjgwODAvb3BlbmFtL29hdXRoMiIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwibm9uY2UiOiJBRTY0OEM0MEM3MkFBRDNFOEIzMUY2MkQwNzNFQzU2QyIsImF1ZCI6IndlYmFnZW50IiwiYWNyIjoiMCIsInNfaGFzaCI6ImxiZ0psOGFvQVd5enk3UzJiSkozZ2ciLCJhenAiOiJ3ZWJhZ2VudCIsImF1dGhfdGltZSI6MTU3ODYzODIyNywiZm9yZ2Vyb2NrIjp7InNzb3Rva2VuIjoiZVZqVjg3QUhVemJpOGo1Sk1LeDRnbEY3NldjLipBQUpUU1FBQ01ERUFBbE5MQUJ4TFRVNXpia3BPVHpobFdXZFBSV2t5WkdGVVozQkVlVEpVV2pROUFBUjBlWEJsQUFORFZGTUFBbE14QUFBLioiLCJzdWlkIjoiZWM5NTA5Y2EtM2MyMS00NjZmLWI1ZDctNDc5NjVhYjFiOTg1LTUzMTAifSwicmVhbG0iOiIvIiwiZXhwIjoxNTc4NjQ1NDI3LCJ0b2tlblR5cGUiOiJKV1RUb2tlbiIsImlhdCI6MTU3ODYzODIyNywiYWdlbnRfcmVhbG0iOiIvIn0.SBiCSjcoToif6GnmDlV4_wPGrV_oMIMISlE0P_4R9mrfo_mWy6f2_4FEHamySlUIi3ItUHhCFj3fb9XsLju2bgeRhRjE8vK97WTnpgl5GROT86GtCO6KjZ7_d4SJxQ2l_FkVK2BcW4T8HFJe1RRVNzXqTq5I3fqqPRzLBeMOHszFTYiNcKCu5Db7XZTn9DdvE2SLc8awTuhbmyJpUuIJ1pvSYR2h8ubxL9PL3dVx63dvqnYRkTIzPcez3g7ZWsofxIWshy38XEDkcbiWYGlRNxmmbFir_s722MrT7kI78A-BcIy1fSaQNe9mFnl8dReNyxPzVasA0X__cVjGpeL4lg"}},"response":{"status":"ALLOWED"},"_id":"ec9509ca-3c21-466f-b5d7-47965ab1b985-6535"}

      Notice that the user is demo

      Now observe the sys log

      Expected behaviour
      Should have a reference to the userna"me - demo 
      
      Current behaviour. Notice that the user entry is missing
      inputname: imudp rawmsg: '<174>1 2020-01-10T06:44:47Z openam.internal.example.com OpenAM 1962126726 AM-ACCESS-OUTCOME [access.OpenAM@36733 transactionId="aa4221a8-c09f-57f8-588b-3579be19d799"
      
       userId=""   <======= 
      
      trackingIds="[\"ec9509ca-3c21-466f-b5d7-47965ab1b985-5363\"\]" server.ip="172.28.1.112" server.port="8000" client.ip="172.28.1.37" client.port="" request.protocol="http" request.operation="" request.detail="" http.request.secure="false" http.request.method="GET" http.request.path="/" http.request.queryParameters="" http.request.headers="" http.request.cookies="am-auth-jwt=eyJ0eXAiOiJKV1QiLCJraWQiOiJiL082T3ZWdjEreStXZ3JINVVpOVdUaW9MdDA9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJkZW1vIiwiYXVkaXRUcmFja2luZ0lkIjoiZWM5NTA5Y2EtM2MyMS00NjZmLWI1ZDctNDc5NjVhYjFiOTg1LTUzNjMiLCJpc3MiOiJodHRwOi8vb3BlbmFtLmludGVybmFsLmV4YW1wbGUuY29tOjgwODAvb3BlbmFtL29hdXRoMiIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwibm9uY2UiOiJBRTY0OEM0MEM3MkFBRDNFOEIzMUY2MkQwNzNFQzU2QyIsImF1ZCI6IndlYmFnZW50IiwiYWNyIjoiMCIsInNfaGFzaCI6ImxiZ0psOGFvQVd5enk3UzJiSkozZ2ciLCJhenAiOiJ3ZWJhZ2VudCIsImF1dGhfdGltZSI6MTU3ODYzODIyNywiZm9yZ2Vyb2NrIjp7InNzb3Rva2VuIjoiZVZqVjg3QUhVemJpOGo1Sk1LeDRnbEY3NldjLipBQUpUU1FBQ01ERUFBbE5MQUJ4TFRVNXpia3BPVHpobFdXZFBSV2t5WkdGVVozQkVlVEpVV2pROUFBUjBlWEJsQUFORFZGTUFBbE14QUFBLioiLCJzdWlkIjoiZWM5NTA5Y2EtM2MyMS00NjZmLWI1ZDctNDc5NjVhYjFiOTg1LTUzMTAifSwicmVhbG0iOiIvIiwiZXhwIjoxNTc4NjQ1NDI3LCJ0b2tlblR5cGUiOiJKV1RUb2tlbiIsImlhdCI6MTU3ODYzODIyNywiYWdlbnRfcmVhbG0iOiIvIn0.SBiCSjcoToif6GnmDlV4_wPGrV_oMIMISlE0P_4R9mrfo_mWy6f2_4FEHamySlUIi3ItUHhCFj3fb9XsLju2bgeRhRjE8vK97WTnpgl5GROT86GtCO6KjZ7_d4SJxQ2l_FkVK2BcW4T8HFJe1RRVNzXqTq5I3fqqPRzLBeMOHszFTYiNcKCu5Db7XZTn9DdvE2SLc8awTuhbmyJpUuIJ1pvSYR2h8ubxL9PL3dVx63dvqnYRkTIzPcez3g7ZWsofxIWshy38XEDkcbiWYGlRNxmmbFir_s722MrT7kI78A-BcIy1fSaQNe9mFnl8dReNyxPzVasA0X__cVjGpeL4lg" http.response.headers="" response.status="ALLOWED" response.statusCode="" response.detail="" response.elapsedTime="" response.elapsedTimeUnits="" component="Web Policy Agent" realm="/"]'
      

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              sam.phua Sam Phua
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: