Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15916

Agent Notifications should be auditable.

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5.1, 6.5.2.2, 7.0.0
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
      None
    • Support Ticket IDs:

      Description

      There is no way to debug notifications in AM sent from without monitoring the wire or the servlet / API debug. That will fill up logs pretty quickly if turned on, but it is not really a solution if you are wanting to see a notification change in the past.

      Previously with PLL, the notification could be at least visible as to what was changed, for auditing reasons (e.g if an agent profile attribute was changed on the agent profile) it is hard to consolidate. With WebSockets, debugging is quite messy e.g in the Agent debug, I have to diff the config change to tell what was actually updated. For session notifications, there is only really the cache reference.

      Currently AM only logs WebSocket failures on INFO, this is fine if you are trying to debug frame problems (e.g no ping/pong), but if you are wanting to just to consolidate a notification, there isn't much of an easier avenue.

      Adding notification events to audit so a customer can configure it to output to splunk or similar would probably be ideal in this case (as logging it will just be too noisy).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jeremy.cocks Jeremy Cocks
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: