Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16061

authLevel is not correctly logged for successful authentication

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 14.1.2.5, 14.1.2.11
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
      None
    • Environment:
      Oracle JDK 1.8.0_201-b09
      Apache Tomcat 9.0.8
      AM 6.5.2.3

      Description

      Bug description

      incorrect value for 'authLevel' is logged in authentication.audit.json

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure AM
      2. Create auth-chain with LDAP auth-module
      3. Set auth-level of 'LDAP' auth instance to '12'
      4. Perform successful authentication using that auth-chain with 'demo' user
      Expected behaviour

      The following should be logged in authentication.audit.json

      {"realm":"/","transactionId":"7598c270-4462-47f7-8271-dc1300fd5611-139387","component":"Authentication","eventName":"AM-LOGIN-MODULE-COMPLETED","result":"SUCCESSFUL","entries":[{"moduleId":"LDAP","info":{"authControlFlag":"REQUIRED","moduleClass":"LDAP","ipAddress":"127.0.0.1","authLevel":"12"}}],"principal":["uid=demo,ou=people,dc=openam,dc=forgerock,dc=org"],"timestamp":"2020-03-25T11:11:25.151Z","trackingIds":["7598c270-4462-47f7-8271-dc1300fd5611-139363"],"_id":"7598c270-4462-47f7-8271-dc1300fd5611-139408"}
      
      Current behaviour

      The following is logged in authentication.audit.json

      {"realm":"/","transactionId":"7598c270-4462-47f7-8271-dc1300fd5611-139387","component":"Authentication","eventName":"AM-LOGIN-MODULE-COMPLETED","result":"SUCCESSFUL","entries":[{"moduleId":"LDAP","info":{"authControlFlag":"REQUIRED","moduleClass":"LDAP","ipAddress":"127.0.0.1","authLevel":"0"}}],"principal":["uid=demo,ou=people,dc=openam,dc=forgerock,dc=org"],"timestamp":"2020-03-25T11:11:25.151Z","trackingIds":["7598c270-4462-47f7-8271-dc1300fd5611-139363"],"_id":"7598c270-4462-47f7-8271-dc1300fd5611-139408"}
      

      Difference extracted for brevity

      "authLevel":"12"
      

      vs

      "authLevel":"0"
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: